Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Title Page
Copyright
Dedication
Foreword
Note
Foreword
Acknowledgments
About the Authors
Introduction
Why This Book, Why Now?
What Is This Book About?
What to Expect
Is This Book for Me?
We Need More Than Technology
New Tools for Decision Makers
Our Path Forward
PART I: Why Cybersecurity Needs Better Measurements for Risk
Chapter 1: The One Patch Most Needed in Cybersecurity
The Global Attack Surface
The Cyber Threat Response
A Proposal for Cybersecurity Risk Management
Notes
Chapter 2: A Measurement Primer for Cybersecurity
The Concept of Measurement
The Object of Measurement
The Methods of Measurement
Notes
Chapter 3: Model Now!: An Introduction to Practical Quantitative Methods for Cybersecurity
A Simple One-for-One Substitution
The Expert as the Instrument
Doing “Uncertainty Math”
Visualizing Risk
Supporting the Decision: A Return on Mitigation
Where to Go from Here
Notes
Chapter 4: The Single Most Important Measurement in Cybersecurity
The Analysis Placebo: Why We Can’t Trust Opinion Alone
How You Have More Data Than You Think
When Algorithms Beat Experts
Tools for Improving the Human Component
Summary and Next Steps
Notes
Chapter 5: Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk
Scanning the Landscape: A Survey of Cybersecurity Professionals
What Color Is Your Risk? The Ubiquitous—and Risky—Risk Matrix
Exsupero Ursus and Other Fallacies
Conclusion
Notes
PART II: Evolving the Model of Cybersecurity Risk
Chapter 6: Decompose It: Unpacking the Details
Decomposing the Simple One-for-One Substitution Model
More Decomposition Guidelines: Clear, Observable, Useful
A Hard Decomposition: Reputation Damage
Conclusion
Notes
Chapter 7: Calibrated Estimates: How Much Do You Know Now?
Introduction to Subjective Probability
Calibration Exercise
Further Improvements on Calibration
Conceptual Obstacles to Calibration
The Effects of Calibration
Notes
Answers to Trivia Questions for Calibration Exercise
Chapter 8: Reducing Uncertainty with Bayesian Methods
A Major Data Breach Example
A Brief Introduction to Bayes and Probability Theory
Bayes Applied to the Cloud Breach Use Case
Note
Chapter 9: Some Powerful Methods Based on Bayes
Computing Frequencies with (Very) Few Data Points: The Beta Distribution
Decomposing Probabilities with Many Conditions
Reducing Uncertainty Further and When To Do It
Leveraging Existing Resources to Reduce Uncertainty
Wrapping Up Bayes
Notes
PART III: Cybersecurity Risk Management for the Enterprise
Chapter 10: Toward Security Metrics Maturity
Introduction: Operational Security Metrics Maturity Model
Sparse Data Analytics
Functional Security Metrics
Security Data Marts
Prescriptive Analytics
Notes
Chapter 11: How Well Are My Security Investments Working Together?
Addressing BI Concerns
Just the Facts: What Is Dimensional Modeling and Why Do I Need It?
Dimensional Modeling Use Case: Advanced Data Stealing Threats
Modeling People Processes
Chapter 12: A Call to Action: How to Roll Out Cybersecurity Risk Management
Establishing the CSRM Strategic Charter
Organizational Roles and Responsibilities for CSRM
Getting Audit to Audit
What the Cybersecurity Ecosystem Must Do to Support You
Can We Avoid the Big One?
Appendix A: Selected Distributions
Distribution Name: Triangular
Distribution Name: Binary
Distribution Name: Normal
Distribution Name: Lognormal
Distribution Name: Beta
Distribution Name: Power Law
Distribution Name: Truncated Power Law
Appendix B: Guest Contributors
Appendix B Contents
Aggregating Data Sources for Cyber Insights
Forecasting—and Reducing—Occurrence of Espionage Attacks
Skyrocketing Breaches?
Financial Impact of Breaches
The Flaw of Averages in Cyber Security
Botnets
Password Hacking
Cyber-CI
How Catastrophe Modeling Can Be Applied to Cyber Risk
Notes
Index
EULA
← Prev
Back
Next →
← Prev
Back
Next →