How to measure anything in cybersecurity risk /

Mostrar otras versiones (3)

A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. I...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Hubbard, Douglas W., 1962- (Autor), Seiersen, Richard, 1967- (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Hoboken, New Jersey : Wiley, [2016]
Temas:
Cyberterrorism.
Cyberspace > Security measures.
Risk management.
Risk Management
Cyberterrorisme.
Gestion du risque.
risk management.
BUSINESS & ECONOMICS > Statistics.
COMPUTERS > Security > General.
Cyberspace > Security measures
Cyberterrorism
Risk management
Acceso en línea:Texto completo
Tabla de Contenidos:
  • How to Measure Anything in Cybersecurity Risk; Contents; Foreword; Foreword; Acknowledgments; About the Authors; Introduction; Why This Book, Why Now?; What Is This Book About?; What to Expect; Is This Book for Me?; We Need More Than Technology; New Tools for Decision Makers; Our Path Forward; Part I Why Cybersecurity Needs Better Measurements for Risk; Chapter 1 The One Patch Most Needed in Cybersecurity; The Global Attack Surface; The Cyber Threat Response; A Proposal for Cybersecurity Risk Management; Notes; Chapter 2 A Measurement Primer for Cybersecurity; The Concept of Measurement.
  • A Definition of MeasurementA Taxonomy of Measurement Scales; Bayesian Measurement: A Pragmatic Concept for Decisions; The Object of Measurement; The Methods of Measurement; Statistical Significance: What's the Significance?; Small Samples Tell You More Than You Think; Notes; Chapter 3 Model Now! An Introduction to Practical Quantitative Methods for Cybersecurity; A Simple One-for-One Substitution; The Expert as the Instrument; Doing "Uncertainty Math"; An Introduction to Generating Random Events and Impacts in Excel; Adding Up the Risks; Visualizing Risk.
  • Explaining the Elements of the Loss Exceedance CurveGenerating the Inherent and Residual Loss Exceedance Curves; Where Does the Risk Tolerance Curve Come from?; Supporting the Decision: A Return on Mitigation; Where to Go from Here; Notes; Chapter 4 The Single Most Important Measurement in Cybersecurity; The Analysis Placebo: Why We Can't Trust Opinion Alone; How You Have More Data Than You Think; When Algorithms Beat Experts; Some Research Comparing Experts and Algorithms; Why Does This Happen?; So What? Does This Apply to Cybersecurity?; Tools for Improving the Human Component.
  • The Subjective Probability ComponentThe Expert Consistency Component; The Collaboration Component; The Decomposition Component; Summary and Next Steps; Notes; Chapter 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk; Scanning the Landscape: A Survey of Cybersecurity Professionals; What Color Is Your Risk? The Ubiquitous-and Risky-Risk Matrix; The Psychology of Scales and the Illusion of Communication; How the Risk Matrix Doesn't Add Up; Amplifying Effects: More Studies Against the Risk Matrix (As If We Needed More); Exsupero Ursus and Other Fallacies.
  • Beliefs about the Feasibility of Quantitative Methods: A Hard TruthSame Fallacy: More Forms; The Target Breach as a Counter to Exsupero Ursus; Communication and Consensus Objections; Conclusion; Notes; Part II Evolving the Model of Cybersecurity Risk; Chapter 6 Decompose It Unpacking the Details; Decomposing the Simple One-for-One Substitution Model; Just a Little More Decomposition; A Few Decomposition Strategies to Consider; More Decomposition Guidelines: Clear, Observable, Useful; Decision Analysis: An Overview of How to Think about a Problem; Avoiding "Over-Decomposition."

Ejemplares similares