Efnisyfirlit

• Cover
• Title Page
• Copyright
• Dedication
• Foreword for the Second Edition
• Acknowledgments
• Preface
• Introduction
• Why We Chose This Topic
• What Is This Book About?
• We Need More Than Technology
• PART I: Why Cybersecurity Needs Better Measurements for Risk
• CHAPTER 1: The One Patch Most Needed in Cybersecurity
• Insurance: A Canary in the Coal Mine
• The Global Attack Surface
• The Cyber Threat Response
• A Proposal for Cybersecurity Risk Management
• Notes
• CHAPTER 2: A Measurement Primer for Cybersecurity
• The Concept of Measurement
• A Taxonomy of Measurement Scales
• The Object of Measurement
• The Methods of Measurement
• Notes
• CHAPTER 3: The Rapid Risk Audit
• The Setup and Terminology
• The Rapid Audit Steps
• Some Initial Sources of Data
• The Expert as the Instrument
• Supporting the Decision: Return on Controls
• Doing “Uncertainty Math”
• Visualizing Risk With a Loss Exceedance Curve
• Where to Go from Here
• Notes
• CHAPTER 4: The Single Most Important Measurement in Cybersecurity
• The Analysis Placebo: Why We Can’t Trust Opinion Alone
• How You Have More Data than You Think
• When Algorithms Beat Experts
• Tools for Improving the Human Component
• Summary and Next Steps
• Notes
• CHAPTER 5: Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk
• Scanning the Landscape: A Survey of Cybersecurity Professionals
• What Color Is Your Risk? The Ubiquitous—and Risky—Risk Matrix
• Exsupero Ursus and Other Fallacies
• Communication and Consensus Objections
• Conclusion
• Notes
• PART II: Evolving the Model of Cybersecurity Risk
• CHAPTER 6: Decompose It
• Decomposing the Simple One‐for‐One Substitution Model
• More Decomposition Guidelines: Clear, Observable, Useful
• A Hard Decomposition: Reputation Damage
• Conclusion
• Notes
• CHAPTER 7: Calibrated Estimates
• Introduction to Subjective Probability
• Calibration Exercise
• More Hints for Controlling Overconfidence
• Conceptual Obstacles to Calibration
• The Effects of Calibration
• Beyond Initial Calibration Training: More Methods for Improving Subjective Judgment
• Notes
• Answers to Trivia Questions for Calibration Exercise
• CHAPTER 8: Reducing Uncertainty with Bayesian Methods
• A Brief Introduction to Bayes and Probability Theory
• An Example from Little Data: Does Multifactor Authentication Work?
• Other Ways Bayes Applies
• Notes
• CHAPTER 9: Some Powerful Methods Based on Bayes
• Computing Frequencies with (Very) Few Data Points: The Beta Distribution
• Decomposing Probabilities with Many Conditions
• Reducing Uncertainty Further and When to Do It
• More Advanced Modeling Considerations
• Wrapping Up Bayes
• Notes
• PART III: Cybersecurity Risk Management for the Enterprise
• CHAPTER 10: Toward Security Metrics Maturity
• Introduction: Operational Security Metrics Maturity Model
• Sparse Data Analytics
• Functional Security Metrics
• Functional Security Metrics Applied: BOOM!
• Wait‐Time Baselines
• Security Data Marts
• Prescriptive Analytics
• Notes
• CHAPTER 11: How Well Are My Security Investments Working Together?
• Security Metrics with the Modern Data Stack
• Modeling for Security Business Intelligence
• Addressing BI Concerns
• Just the Facts: What Is Dimensional Modeling, and Why Do I Need It?
• Dimensional Modeling Use Case: Advanced Data Stealing Threats
• Modeling People Processes
• Conclusion
• Notes
• CHAPTER 12: A Call to Action
• Establishing the CSRM Strategic Charter
• Organizational Roles and Responsibilities for CSRM
• Getting Audit to Audit
• What the Cybersecurity Ecosystem Must Do to Support You
• Integrating CSRM with the Rest of the Enterprise
• Can We Avoid the Big One?
• APPENDIX A: Selected Distributions
• Distribution Name: Triangular
• Distribution Name: Binary
• Distribution Name: Normal
• Distribution Name: Lognormal
• Distribution Name: Beta
• Distribution Name: Power Law
• APPENDIX B: Guest Contributors
• Appendix B Contents
• Decision Analysis to Support Ransomware Cybersecurity Risk Management
• Bayesian Networks: One Solution for Specific Challenges in Building ML Systems in Cybersecurity
• The Flaw of Averages in Cyber Security
• Password Hacking
• How Catastrophe Modeling Can Be Applied to Cyber Risk
• Index
• End User License Agreement