How to Measure Anything in Cybersecurity Risk

Sold by John Wiley & Sons
2
Free sample

A ground shaking exposé on the failure of popular cyber risk management methods

How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security.

Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely.

  • Discover the shortcomings of cybersecurity's "best practices"
  • Learn which risk management approaches actually create risk
  • Improve your current practices with practical alterations
  • Learn which methods are beyond saving, and worse than doing nothing

Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

Read more

About the author

DOUGLAS W. HUBBARD is the inventor of Applied Information Economics (AIE), an internationally recognized expert in measurement and quantitative decision analysis, and best-selling author of How to Measure Anything, Third Edition, and The Failure of Risk Management.

RICHARD SEIERSEN is general manager of Cyber Security & Privacy at GE Healthcare. He has more than twenty years of experience in such areas as cybersecurity; governance, risk and compliance (GRC); and analytics.

Read more
4.0
2 total
Loading...

Additional Information

Publisher
John Wiley & Sons
Read more
Published on
Jul 25, 2016
Read more
Pages
304
Read more
ISBN
9781119224617
Read more
Language
English
Read more
Genres
Business & Economics / General
Business & Economics / Statistics
Computers / Security / General
Read more
Content Protection
This content is DRM protected.
Read more
Read Aloud
Available on Android devices
Read more

Reading information

Smartphones and Tablets

Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.

Laptops and Computers

You can read books purchased on Google Play using your computer's web browser.

eReaders and other devices

To read on e-ink devices like the Sony eReader or Barnes & Noble Nook, you'll need to download a file and transfer it to your device. Please follow the detailed Help center instructions to transfer the files to supported eReaders.
A thrilling, exclusive expose of the hacker collectives Anonymous and LulzSec.

WE ARE ANONYMOUS is the first full account of how a loosely assembled group of hackers scattered across the globe formed a new kind of insurgency, seized headlines, and tortured the feds-and the ultimate betrayal that would eventually bring them down. Parmy Olson goes behind the headlines and into the world of Anonymous and LulzSec with unprecedented access, drawing upon hundreds of conversations with the hackers themselves, including exclusive interviews with all six core members of LulzSec.

In late 2010, thousands of hacktivists joined a mass digital assault on the websites of VISA, MasterCard, and PayPal to protest their treatment of WikiLeaks. Other targets were wide ranging-the websites of corporations from Sony Entertainment and Fox to the Vatican and the Church of Scientology were hacked, defaced, and embarrassed-and the message was that no one was safe. Thousands of user accounts from pornography websites were released, exposing government employees and military personnel.

Although some attacks were perpetrated by masses of users who were rallied on the message boards of 4Chan, many others were masterminded by a small, tight-knit group of hackers who formed a splinter group of Anonymous called LulzSec. The legend of Anonymous and LulzSec grew in the wake of each ambitious hack. But how were they penetrating intricate corporate security systems? Were they anarchists or activists? Teams or lone wolves? A cabal of skilled hackers or a disorganized bunch of kids?

WE ARE ANONYMOUS delves deep into the internet's underbelly to tell the incredible full story of the global cyber insurgency movement, and its implications for the future of computer security.
“Bruce Schneier’s amazing book is the best overview of privacy and security ever written.”—Clay Shirky

“Bruce Schneier’s amazing book is the best overview of privacy and security ever written.”—Clay Shirky

Your cell phone provider tracks your location and knows who’s with you. Your online and in-store purchasing patterns are recorded, and reveal if you're unemployed, sick, or pregnant. Your e-mails and texts expose your intimate and casual friends. Google knows what you’re thinking because it saves your private searches. Facebook can determine your sexual orientation without you ever mentioning it.

The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we’re offered. Governments use surveillance to discriminate, censor, chill free speech, and put people in danger worldwide. And both sides share this information with each other or, even worse, lose it to cybercriminals in huge data breaches.

Much of this is voluntary: we cooperate with corporate surveillance because it promises us convenience, and we submit to government surveillance because it promises us protection. The result is a mass surveillance society of our own making. But have we given up more than we’ve gained? In Data and Goliath, security expert Bruce Schneier offers another path, one that values both security and privacy. He brings his bestseller up-to-date with a new preface covering the latest developments, and then shows us exactly what we can do to reform government surveillance programs, shake up surveillance-based business models, and protect our individual privacy. You'll never look at your phone, your computer, your credit cards, or even your car in the same way again.

An essential guide to the calibrated risk analysis approach

The Failure of Risk Management takes a close lookat misused and misapplied basic analysis methods and shows how someof the most popular "risk management" methods are no better thanastrology! Using examples from the 2008 credit crisis, naturaldisasters, outsourcing to China, engineering disasters, and more,Hubbard reveals critical flaws in risk management methods–andshows how all of these problems can be fixed. The solutions involvecombinations of scientifically proven and frequently used methodsfrom nuclear power, exploratory oil, and other areas of businessand government. Finally, Hubbard explains how new forms ofcollaboration across all industries and government can improve riskmanagement in every field.

Douglas W. Hubbard (Glen Ellyn, IL) is the inventor ofApplied Information Economics (AIE) and the author of Wiley'sHow to Measure Anything: Finding the Value of Intangibles inBusiness (978-0-470-11012-6), the #1 bestseller in businessmath on Amazon. He has applied innovative risk assessment and riskmanagement methods in government and corporations since 1994.

"Doug Hubbard, a recognized expert among experts in the field ofrisk management, covers the entire spectrum of risk management inthis invaluable guide. There are specific value-added take aways ineach chapter that are sure to enrich all readers including IT,business management, students, and academics alike"
—Peter Julian, former chief-information officer of theNew York Metro Transit Authority. President of Alliance Groupconsulting

"In his trademark style, Doug asks the tough questions on riskmanagement. A must-read not only for analysts, but also for theexecutive who is making critical business decisions."
—Jim Franklin, VP Enterprise Performance Managementand General Manager, Crystal Ball Global Business Unit, OracleCorporation.

A ground shaking exposé on the failure of popular cyber risk management methods

How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security.

Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely.

Discover the shortcomings of cybersecurity's "best practices"Learn which risk management approaches actually create riskImprove your current practices with practical alterationsLearn which methods are beyond saving, and worse than doing nothing

Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

?◆麻省理工學院指定教材,長踞亞馬遜網站商業類暢榜,一生受用的衡量技術!


商業、科學、生活上所有問題的解答

任何需要做分析、決策的人必讀之書


世界上沒有任何事物是不能被衡量的。

所有看似無法量化的難題,

只要能讓你知道得比以前多,就是一項成功的衡量。

本書對於降低決策風險、排除不確定性,大有幫助!


面對個人生活選擇或商業上的決策,我們往往相信直覺或過往經驗,但難免重蹈覆轍。輕者不免聳聳肩自責,上一次當還不能學一次乖;嚴重的話或許是動輒上億元的企業損失,這時再怎麼喚回時光也無法翻轉情勢。然而,若持續對於決策抱持如此輕忽的態度,上述損失恐怕只有不斷重覆的命運。


這本書從簡單的觀念開始,說明了深具實用性、但直覺上又容易應用的統計技巧;同時也顯示出,在我們對企業和世界的了解上,衡量具有多大的力量。作者道格拉斯•哈伯德(Douglas W. Hubbard)為國際公認的決策分析、風險管理專家,在這本具深刻見解且令人著迷的書中,將告訴你如何衡量看似完全無法量化的事物,包括科技的投資報酬率、組織的彈性、消費者滿意度,以及企業風險。這本書提供衡量的重要步驟,讓你能衡量所有的事物,尤其是不確定性和風險。不僅如此,還可利用符合經濟效益的方式完成衡量。


不妨接受作者提出的挑戰:在閱讀本書之前,請寫下你在家庭生活或工作上的一項或多項抉擇難題,然後抱持著「找到衡量它們的方法」這個特定目的來閱讀此書。希望從本書中學習到的衡量知識,能為你個人或專業生涯的改善帶來意想不到的收穫!


閱讀本書,你將了解:

◎看似無法衡量的事物,其實是有辦法予以量化的。

◎表面上不可能的衡量,卻能用意外簡單的方法解決。

◎衡量風險的錯誤方法。

◎軟性事物像是幸福、滿意、品質等等的衡量方法。

◎如何將人類的判斷訓練為強有力、校準的衡量工具。

◎如何將網際網路當作衡量工具使用。


本書分四大部分:

第一部分:說明為什麼任何事物都可以測量,同時輔以例子佐證,以及給出關於衡量的精確定義。

第二部分:開始具體進入如何做衡量──特別是不確定性、風險、資訊的價值。您會學到如何以「校準的機率評估」來衡量自己主觀的不確定性,以及如何用這項資訊去計算風險和做更多衡量的價值。

第三部分:如何利用一些觀察方法以降低不確定性,例如隨機取樣與控制實驗等等。也會談到一些概算(快速評估)的方法;還有若是有新資訊加入,如何重新衡量以降低不確定性(貝氏分析)。這部分會涵蓋一些最初級的統計學。

第四部分:一些比較「軟性」的評估項目,例如偏好、價值、彈性(可變性)、品質等等如何衡量,並且再加入新的衡量工具,包括校準的人的判斷或甚至是網際網路。最後會集合所有的評量知識,來應用在兩個個案研究上。


【本書關鍵字】

資訊經濟學、商業分析、風險、不確定性、費米提問、校準、信賴區間、蒙地卡羅模擬、機率分配、貝氏分析


【專業推薦】

「《如何衡量萬事萬物》是我最喜歡的書(緊接其後的是哈伯德的第二本書The Failure of Risk Management),也是我會主動向同事及學生們推薦的一本書。我身為一個物理學家及經濟學家,將這些技術應用在多種領域上已經有好幾年了。這是第一次有人將這些重要的資訊放在一起,提供給廣大的讀者,也讓專業人士能拿來應用。這本書是分析及決策領域的學生與專家必讀之書。」

──Dr. Johan Braet(任教於安特衛普大學(University of Antwerp),應用經濟、風險管理及創新)


「如何為複雜的專案計畫定義出合理的指標,用來證明是否具有正當性,及用來管理複雜的專案,哈伯德的書提供了絕佳的指導。想要降低資本規劃、投資決策及計劃管理方面風險的所有人,這本書是必讀的。」

──Jim Flyzik(前政府資訊長,白宮科技顧問及資訊長雜誌名人堂入選人)


「我愛這本書,道格拉斯•哈伯德幫我們創造了一條路徑,通達找到幾乎是所有問題的答案,無論是商業上、科學上、生活上。這本書提供的工具,是大多數想做更好的衡量、得到更深刻的理解、做改善以及獲得成效的人所必需的。」

──Peter Tippett, Ph.D, MD.,(Cyber Trust技術長以及第一個防毒軟體的發明人)


「哈伯德的書,有趣且充滿豐富的案例研究和例子,對於日常決策常涉及不確定性的人而言,是一本很有價值的書。這本書可讀性很高且相當具娛樂性,甚至那些自認為對統計避之唯恐不及的人,都會樂在其中。」

──Strategic Finance


「這本書在衡量的應用範圍、與風格的明確方面,十分傑出。每一位曾經說過『當然,那個觀念很重要,但是我們能夠衡量它嗎?』的專業人士,這是必讀的書。」

──Dr. Jack Stenner,(MetaMetrics, Inc.的CEO及共同創辦人)


「哈伯德的生涯致力於為其他人認為不可衡量的事物找出衡量的方法。無論是品質、遠距工作的價值、擴大IT防護的利益、公眾形象,哈伯德認為都是可以衡量的,而且不需耗資龐大。如果你想在投資計畫審查會中進展得更順利,先看看這本書吧。」

──ComputerWorld


「我將這本書列為MIT衡量課程的主要參考書。學生都很喜愛本書,因為它提出的實務建議能應用在各種不同情境(包括航太及國防、醫療、政治等等)。」

──Ricardo Valerdi. Ph.D.(MIT講師)

出版社 經濟新潮社

©2018 GoogleSite Terms of ServicePrivacyDevelopersArtistsAbout Google|Location: United StatesLanguage: English (United States)
By purchasing this item, you are transacting with Google Payments and agreeing to the Google Payments Terms of Service and Privacy Notice.