Welcome to the website for How to Measure Anything in Cybersecurity Risk. This is where readers can come to download examples mentioned in the book. These downloads include spreadsheet examples of the calculations, “Power Tools” and additional calibration exercises.
Additional Calibration Questions
Additional calibration tests in case the tests in the book weren’t enough to get you fully calibrated.
Ch. 3: Urn of Mystery Simulation, 3rd ed.
This spreadsheet contains a simulation that represents the Urn of Mystery example from Chapter 3, pages 44-46 of the book’s third edition.
Ch. 4: NPV and IRR Examples, 3rd ed.
This spreadsheet shows how to compute the NPV for a stream of cash flows and the IRR for an investment.
Ch. 6: Monte Carlo, Distribution, and Markov Examples, 3rd ed.
- A new spreadsheet with the original Monte Carlo example as shown in both the first and second edition of the book. Also included is an additional Monte Carlo example with the “Contract Loss” risk.
- An original Markov Simulation example is also provided within the spreadsheet.
- The new distributions mentioned are included as well: Triangular, Beta, Power Law, and correlated normal distributions. Each of these new distributions provides an explanation as well as a random number generator for that distribution (which you can copy and paste for other simulations). The correlated normal distributions are two normal distributions that are correlated. The worksheet shows two ways to make a desired correlation happen.
Ch. 7: Information Value Examples, 3rd ed.
This spreadsheet computes the Expected Value of Perfect Information (EVPI) for a simple binary example, an example based on a normal distribution, and one based on a uniform distribution. This improved version separates the uniform from the normal instead of computing them on the same worksheet so that the two different methods are easier to understand.
Ch. 9: Sampling Examples, 3rd ed.
This shows several examples from Chapter 9 where we compute 90% confidence intervals with small samples, population samples with catch & recatch, sampling in experiments and a simple regression model. This includes a correction to the regression example in the 2nd edition.
Ch. 10: Bayesian Inversion Examples, 3rd ed.
This is the detailed calculation for the Bayesian inversion for continuous quantities using the example shown in the book.
White Paper: Applied Information Economics
This is an overview of Applied Information Economics (AIE). It is written primarily for IT managers but the points can apply to anyone. It compares AIE to traditional ROI and weighted scores.