How To Measure Anything in Cybersecurity Risk

What if your single biggest cyber­security risk was the risk assess­ment method itself? Even if your approach to assessing this critical risk makes you feel more confident about your decisions, you may actually be making things worse. How to Measure Anything in Cybersecurity Risk presents real solutions by skill­fully applying the quantitative language of risk analysis to information security.
As with his previous How to Measure Anything books, measurement expert Douglas Hub­bard simplifies the complexity of quantifying uncertainty and sheds light on matters with little data or seemingly intangible goals— and here he taps cybersecurity influencer Richard Seiersen to dispel long-held beliefs about cybersecurity practices and provide authoritative guidance to solving problems by measuring risk. Together, they debunk popular risk scores and risk matrices and replace them with scientifically proven, yet practical, quantitative methods.
Immediately useful, this practical guide offers an easy path to better risk assessment by describing a very simple quantitative solution, building on it with more advanced methods, and providing detailed advice for choosing the one for your needs. Regardless of your current understanding of cybersecurity or statistics, everything inside is fully accessible and equips you with a potent collection of strategies and tools from today’s top experts in cybersecurity and risk assessment. This complete resource gets you there start to finish by:

  • Debunking the most common arguments against using quantitative methods in cybersecurity
  • Modeling risk with a variety of simple and advanced techniques for enhancing the use­fulness of data in times of great uncertainty using free, downloadable spreadsheets
  • Detailing a dependable, organization-wide security metrics maturity model for contin­uous and measurable improvement

The thought process that goes into making informed decisions with sparse data points, using the described “Lens” method to reduce estimation errors, along with the many other techniques inside, will advance how you run cybersecurity as well as how you measurably improve other types of high-stakes decisions. How to Measure Anything in Cybersecurity Risk shows you nothing is immeasurable— including your peace of mind.
Douglas W. Hubbard is the inventor of Applied Information Economics (AIE), an internationally recognized expert in meas­urement and quantitative decision analysis, and best-selling author of How to Measure Anything, Third Edition, and The Failure of Risk Management.
Richard Seiersen is general manager of Cyber Security & Privacy at GE Healthcare. He has more than twenty years of experience in such areas as cybersecurity; governance, risk and compliance (GRC); and analytics.