How to measure anything in cybersecurity risk /

Mostrar otras versiones (3)

A start-to-finish guide for realistically measuring cybersecurity risk In the newly revised How to Measure Anything in Cybersecurity Risk, Second Edition, a pioneering information security professional and a leader in quantitative analysis methods delivers yet another eye-opening text applying the q...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Hubbard, Douglas W., 1962- (Autor), Seiersen, Richard, 1967- (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Hoboken, New Jersey : Wiley, [2023]
Edición:Second edition.
Temas:
Cyberterrorism.
Cyberspace > Security measures.
Risk management.
Risk Management
Cyberterrorisme.
Gestion du risque.
risk management.
BUSINESS & ECONOMICS > Statistics.
COMPUTERS > Security > General.
Cyberspace > Security measures
Cyberterrorism
Risk management
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • Contents
  • Foreword for the Second Edition
  • Acknowledgments
  • Preface
  • How to Measure Anything in Cybersecurity Risk
  • Introduction
  • Why We Chose This Topic
  • What Is This Book About?
  • We Need More Than Technology
  • Part I Why Cybersecurity Needs Better Measurements for Risk
  • Chapter 1 The One Patch Most Needed in Cybersecurity
  • Insurance: A Canary in the Coal Mine
  • The Global Attack Surface
  • The Cyber Threat Response
  • A Proposal for Cybersecurity Risk Management
  • Notes
  • Chapter 2 A Measurement Primer for Cybersecurity
  • The Concept of Measurement
  • A Taxonomy of Measurement Scales
  • The Object of Measurement
  • The Methods of Measurement
  • Notes
  • Chapter 3 The Rapid Risk Audit: Starting With a Simple Quantitative Risk Model
  • The Setup and Terminology
  • The Rapid Audit Steps
  • Some Initial Sources of Data
  • The Expert as the Instrument
  • Supporting the Decision: Return on Controls
  • Doing "Uncertainty Math"
  • Visualizing Risk With a Loss Exceedance Curve
  • Where to Go from Here
  • Notes
  • Chapter 4 The Single Most Important Measurement in Cybersecurity
  • The Analysis Placebo: Why We Can't Trust Opinion Alone
  • How You Have More Data than You Think
  • When Algorithms Beat Experts
  • Tools for Improving the Human Component
  • Summary and Next Steps
  • Notes
  • Chapter 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk
  • Scanning the Landscape: A Survey of Cybersecurity Professionals
  • What Color Is Your Risk? The Ubiquitous-and Risky-Risk Matrix
  • Exsupero Ursus and Other Fallacies
  • Communication and Consensus Objections
  • Conclusion
  • Notes
  • Part II Evolving the Model of Cybersecurity Risk
  • Chapter 6 Decompose It: Unpacking the Details
  • Decomposing the Simple One-for-One Substitution Model
  • More Decomposition Guidelines: Clear, Observable, Useful
  • A Hard Decomposition: Reputation Damage
  • Conclusion
  • Notes
  • Chapter 7 Calibrated Estimates: How Much Do You Know Now?
  • Introduction to Subjective Probability
  • Calibration Exercise
  • More Hints for Controlling Overconfidence
  • Conceptual Obstacles to Calibration
  • The Effects of Calibration
  • Beyond Initial Calibration Training: More Methods for Improving Subjective Judgment
  • Notes
  • Answers to Trivia Questions for Calibration Exercise
  • Chapter 8 Reducing Uncertainty with Bayesian Methods
  • A Brief Introduction to Bayes and Probability Theory
  • An Example from Little Data: Does Multifactor Authentication Work?
  • Other Ways Bayes Applies
  • Notes
  • Chapter 9 Some Powerful Methods Based on Bayes
  • Computing Frequencies with (Very) Few Data Points: The Beta Distribution
  • Decomposing Probabilities with Many Conditions
  • Reducing Uncertainty Further and When to Do It
  • More Advanced Modeling Considerations
  • Wrapping Up Bayes
  • Notes

Ejemplares similares