Автор: Douglas W. Hubbard, Richard Seiersen
Издательство: Wiley
Год: 2023
Страниц: 366
Язык: английский
Формат: pdf (true), epub
Размер: 11.98 MB
A start-to-finish guide for realistically measuring cybersecurity risk.
In the newly revised How to Measure Anything in Cybersecurity Risk, Second Edition , a pioneering information security professional and a leader in quantitative analysis methods delivers yet another eye-opening text applying the quantitative language of risk analysis to cybersecurity. In the book, the authors demonstrate how to quantify uncertainty and shed light on how to measure seemingly intangible goals. It's a practical guide to improving risk assessment with a straightforward and simple framework.
Advanced methods and detailed advice for a variety of use cases round out the book, which also includes:
A new “Rapid Risk Audit” for a first quick quantitative risk assessment.
New research on the real impact of reputation damage
New Bayesian examples for assessing risk with little data
New material on simple measurement and estimation, pseudo-random number generators, and advice on combining expert opinion
Dispelling long-held beliefs and myths about information security, How to Measure Anything in Cybersecurity Risk is an essential roadmap for IT security managers, CFOs, risk and compliance professionals, and even statisticians looking for novel new ways to apply quantitative techniques to cybersecurity.
We don't expect our readers to be risk management experts or cybersecurity experts. The methods we apply to security can be applied to many other areas. Of course, we do hope it will make those who work in the field of cybersecurity better defenders and strategists. We also hope it will make the larger set of leaders more conscious of security risks in the process of becoming better decision makers.
If you really want to be sure this book is for you, here are the specific personas we are targeting:
• You are a decision maker looking to improve—that is, measurably improve—your high‐stakes decision making.
• You are a security professional looking to become more strategic in your fight against the bad guys.
• You are neither of the above. Instead, you have an interest in understanding more about cybersecurity and/or risk management using readily accessible quantitative techniques.
• If you are a hard‐core quant, consider skipping the purely quant parts. If you are a hard‐core hacker, consider skipping the purely security parts. That said, we will often have a novel perspective, or “epiphanies of the obvious,” on topics you already know well. Read as you see fit.
Скачать How to Measure Anything in Cybersecurity Risk, 2nd Edition