Efnisyfirlit

• Foreword
• Note
• Foreword
• Acknowledgments
• About the Authors
• Introduction
• Why This Book, Why Now?
• What Is This Book About?
• What to Expect
• Is This Book for Me?
• We Need More Than Technology
• New Tools for Decision Makers
• Our Path Forward
• PART I: Why Cybersecurity Needs Better Measurements for Risk
• Chapter 1: The One Patch Most Needed in Cybersecurity
• The Global Attack Surface
• The Cyber Threat Response
• A Proposal for Cybersecurity Risk Management
• Notes
• Chapter 2: A Measurement Primer for Cybersecurity
• The Concept of Measurement
• The Object of Measurement
• The Methods of Measurement
• Notes
• Chapter 3: Model Now!: An Introduction to Practical Quantitative Methods for Cybersecurity
• A Simple One-for-One Substitution
• The Expert as the Instrument
• Doing “Uncertainty Math”
• Visualizing Risk
• Supporting the Decision: A Return on Mitigation
• Where to Go from Here
• Notes
• Chapter 4: The Single Most Important Measurement in Cybersecurity
• The Analysis Placebo: Why We Can’t Trust Opinion Alone
• How You Have More Data Than You Think
• When Algorithms Beat Experts
• Tools for Improving the Human Component
• Summary and Next Steps
• Notes
• Chapter 5: Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk
• Scanning the Landscape: A Survey of Cybersecurity Professionals
• What Color Is Your Risk? The Ubiquitous—and Risky—Risk Matrix
• Exsupero Ursus and Other Fallacies
• Conclusion
• Notes
• PART II: Evolving the Model of Cybersecurity Risk
• Chapter 6: Decompose It: Unpacking the Details
• Decomposing the Simple One-for-One Substitution Model
• More Decomposition Guidelines: Clear, Observable, Useful
• A Hard Decomposition: Reputation Damage
• Conclusion
• Notes
• Chapter 7: Calibrated Estimates: How Much Do You Know Now?
• Introduction to Subjective Probability
• Calibration Exercise
• Further Improvements on Calibration
• Conceptual Obstacles to Calibration
• The Effects of Calibration
• Notes
• Answers to Trivia Questions for Calibration Exercise
• Chapter 8: Reducing Uncertainty with Bayesian Methods
• A Major Data Breach Example
• A Brief Introduction to Bayes and Probability Theory
• Bayes Applied to the Cloud Breach Use Case
• Note
• Chapter 9: Some Powerful Methods Based on Bayes
• Computing Frequencies with (Very) Few Data Points: The Beta Distribution
• Decomposing Probabilities with Many Conditions
• Reducing Uncertainty Further and When To Do It
• Leveraging Existing Resources to Reduce Uncertainty
• Wrapping Up Bayes
• Notes
• PART III: Cybersecurity Risk Management for the Enterprise
• Chapter 10: Toward Security Metrics Maturity
• Introduction: Operational Security Metrics Maturity Model
• Sparse Data Analytics
• Functional Security Metrics
• Security Data Marts
• Prescriptive Analytics
• Notes
• Chapter 11: How Well Are My Security Investments Working Together?
• Addressing BI Concerns
• Just the Facts: What Is Dimensional Modeling and Why Do I Need It?
• Dimensional Modeling Use Case: Advanced Data Stealing Threats
• Modeling People Processes
• Chapter 12: A Call to Action: How to Roll Out Cybersecurity Risk Management
• Establishing the CSRM Strategic Charter
• Organizational Roles and Responsibilities for CSRM
• Getting Audit to Audit
• What the Cybersecurity Ecosystem Must Do to Support You
• Can We Avoid the Big One?
• Appendix A: Selected Distributions
• Distribution Name: Triangular
• Distribution Name: Binary
• Distribution Name: Normal
• Distribution Name: Lognormal
• Distribution Name: Beta
• Distribution Name: Power Law
• Distribution Name: Truncated Power Law
• Appendix B: Guest Contributors
• Appendix B Contents
• Aggregating Data Sources for Cyber Insights
• Forecasting—and Reducing—Occurrence of Espionage Attacks
• Skyrocketing Breaches?
• Financial Impact of Breaches
• The Flaw of Averages in Cyber Security
• Botnets
• Password Hacking
• Cyber-CI
• How Catastrophe Modeling Can Be Applied to Cyber Risk
• Notes
• Index
• EULA