How to Measure Anything in Cybersecurity Risk
Douglas W. Hubbard, Richard Seiersen
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
How to Measure Anything in Cybersecurity Risk
Douglas W. Hubbard, Richard Seiersen
Ă propos de ce livre
A ground shaking exposé on the failure of popular cyber risk management methods
How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security.
Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely.
- Discover the shortcomings of cybersecurity's "best practices"
- Learn which risk management approaches actually create risk
- Improve your current practices with practical alterations
- Learn which methods are beyond saving, and worse than doing nothing
Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thingâas long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.
Foire aux questions
Informations
PART I
Why Cybersecurity Needs Better Measurements for Risk
Chapter 1
The One Patch Most Needed in Cybersecurity
There is nothing more deceptive than an obvious fact.âSherlock Holmes
. . .we anticipate that in the future, resources devoted to cyber-based threats will equal or even eclipse the resources devoted to non-cyber based terrorist threats.âFBI director James B. Comey, November 14, 20132
- How to measure risk assessment methods themselves.
- How to measure reduction in risk from a given defense, control, mitigation, or strategy (using some of the better-performing methods as identified in the first bullet).
- How to continuously and measurably improve on the implemented methods, using more advanced methods that the reader may employ as he or she feels ready.
The Global Attack Surface
When we consider the amount of effort dedicated over the past two years to furthering the security readiness of federal systems and the nationâs overall security posture, our hope was to see an obvious step forward. The data shows that, in fact, we have taken a step back.â(ISC)2 on the announcement of the GISWS, 20153
- The increasing number of persons on the Internet. Internet users worldwide grew by a factor of 6 from 2001 to 2014 (half a billion to 3 billion). It may not be obvious that the number of users is a dimension in some attack surfaces, but some measures of attack surface also include the value of a target, which would be partly a function of number of users (e.g., gaining access to more personal records)10 Also, on a global scale, it acts as an important multiplier on the following dimensions.
- The number of uses per person for online resources. The varied uses of the Internet, total time spent on the Internet, use of credit cards, and various services that require the storage of personal data-automated transactions are growing. Per person. Worldwide. For example, since 2001 the number of websites alone has grown at a rate five times faster than the number of usersâa billion total by 2014. Connected devices constitute another potential way for an individual to use the Internet even without their active involvement. One forecast regarding the âInternet of Thingsâ (IoT) was made by Gartner, Inc: â4.9 billion connected things will be in use in 2015, up 30 percent from 2014, and will reach 25 billion by 2020.â11 A key concern here is the lack of consistent security in designs. The National Security Telecommunications Advisory Committee determined that âthere is a smallâand rapidly closi...