How to measure anything in cybersecurity risk
A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In...
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Hoboken, New Jersey :
Wiley
2016.
|
| Edición: | 1st edition |
| Colección: | THEi Wiley ebooks.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631263406719 |
Tabla de Contenidos:
- How to Measure Anything in Cybersecurity Risk; Contents; Foreword; Foreword; Acknowledgments; About the Authors; Introduction; Why This Book, Why Now?; What Is This Book About?; What to Expect; Is This Book for Me?; We Need More Than Technology; New Tools for Decision Makers; Our Path Forward; Part I Why Cybersecurity Needs Better Measurements for Risk; Chapter 1 The One Patch Most Needed in Cybersecurity; The Global Attack Surface; The Cyber Threat Response; A Proposal for Cybersecurity Risk Management; Notes; Chapter 2 A Measurement Primer for Cybersecurity; The Concept of Measurement
- Explaining the Elements of the Loss Exceedance CurveGenerating the Inherent and Residual Loss Exceedance Curves; Where Does the Risk Tolerance Curve Come from?; Supporting the Decision: A Return on Mitigation; Where to Go from Here; Notes; Chapter 4 The Single Most Important Measurement in Cybersecurity; The Analysis Placebo: Why We Can't Trust Opinion Alone; How You Have More Data Than You Think; When Algorithms Beat Experts; Some Research Comparing Experts and Algorithms; Why Does This Happen?; So What? Does This Apply to Cybersecurity?; Tools for Improving the Human Component
- The Subjective Probability ComponentThe Expert Consistency Component; The Collaboration Component; The Decomposition Component; Summary and Next Steps; Notes; Chapter 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk; Scanning the Landscape: A Survey of Cybersecurity Professionals; What Color Is Your Risk? The Ubiquitous-and Risky-Risk Matrix; The Psychology of Scales and the Illusion of Communication; How the Risk Matrix Doesn't Add Up; Amplifying Effects: More Studies Against the Risk Matrix (As If We Needed More); Exsupero Ursus and Other Fallacies
- Beliefs about the Feasibility of Quantitative Methods: A Hard TruthSame Fallacy: More Forms; The Target Breach as a Counter to Exsupero Ursus; Communication and Consensus Objections; Conclusion; Notes; Part II Evolving the Model of Cybersecurity Risk; Chapter 6 Decompose It Unpacking the Details; Decomposing the Simple One-for-One Substitution Model; Just a Little More Decomposition; A Few Decomposition Strategies to Consider; More Decomposition Guidelines: Clear, Observable, Useful; Decision Analysis: An Overview of How to Think about a Problem; Avoiding "Over-Decomposition"
- A Summary of Some Decomposition Rules
