Verfügbarkeit: How to measure anything in cybersecurity risk

How to measure anything in cybersecurity risk:

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Hubbard, Douglas W. 1962- (VerfasserIn), Seiersen, Richard 1967- (VerfasserIn)
Format:	Elektronisch E-Book
Sprache:	English
Veröffentlicht:	Hoboken, New Jersey Wiley [2023]
Ausgabe:	second edition
Schlagworte:	Risikomanagement Sicherheit Cyberspace Quantitative Methode
Online-Zugang:	FWS01 FWS02 HWR01
Beschreibung:	Description based on publisher supplied metadata and other sources
Beschreibung:	1 Online-Ressource (xvii, 345 Seiten)
ISBN:	9781119892335 9781119892311 9781119892328

Internformat

MARC


LEADER	00000nmm a2200000zc 4500
001	BV048921814
003	DE-604
005	20240209
007	cr\|uuu---uuuuu
008	230502s2023 \|\|\|\| o\|\|u\| \|\|\|\|\|\|eng d
020			\|a 9781119892335 \|c obook \|9 978-1-119-89233-5
020			\|a 9781119892311 \|c ePub \|9 978-1-119-89231-1
020			\|a 9781119892328 \|c ePDF \|9 978-1-119-89232-8
035			\|a (ZDB-30-PQE)EBC7234983
035			\|a (ZDB-30-PAD)EBC7234983
035			\|a (ZDB-89-EBL)EBL7234983
035			\|a (OCoLC)1375438384
035			\|a (DE-599)BVBBV048921814
040			\|a DE-604 \|b ger \|e rda
041	0		\|a eng
049			\|a DE-2070s \|a DE-863 \|a DE-862
082	0		\|a 658.478
100	1		\|a Hubbard, Douglas W. \|d 1962- \|e Verfasser \|0 (DE-588)173955398 \|4 aut
245	1	0	\|a How to measure anything in cybersecurity risk \|c Douglas W. Hubbard, Richard Seiersen
250			\|a second edition
264		1	\|a Hoboken, New Jersey \|b Wiley \|c [2023]
264		4	\|c ©2023
300			\|a 1 Online-Ressource (xvii, 345 Seiten)
336			\|b txt \|2 rdacontent
337			\|b c \|2 rdamedia
338			\|b cr \|2 rdacarrier
500			\|a Description based on publisher supplied metadata and other sources
505	8		\|a Cover -- Title Page -- Copyright Page -- Contents -- Foreword for the Second Edition -- Acknowledgments -- Preface -- How to Measure Anything in Cybersecurity Risk -- Introduction -- Why We Chose This Topic -- What Is This Book About? -- We Need More Than Technology -- Part I Why Cybersecurity Needs Better Measurements for Risk -- Chapter 1 The One Patch Most Needed in Cybersecurity -- Insurance: A Canary in the Coal Mine -- The Global Attack Surface -- The Cyber Threat Response -- A Proposal for Cybersecurity Risk Management -- Notes -- Chapter 2 A Measurement Primer for Cybersecurity -- The Concept of Measurement -- A Taxonomy of Measurement Scales -- The Object of Measurement -- The Methods of Measurement -- Notes -- Chapter 3 The Rapid Risk Audit: Starting With a Simple Quantitative Risk Model -- The Setup and Terminology -- The Rapid Audit Steps -- Some Initial Sources of Data -- The Expert as the Instrument -- Supporting the Decision: Return on Controls -- Doing "Uncertainty Math" -- Visualizing Risk With a Loss Exceedance Curve -- Where to Go from Here -- Notes -- Chapter 4 The Single Most Important Measurement in Cybersecurity -- The Analysis Placebo: Why We Can't Trust Opinion Alone -- How You Have More Data than You Think -- When Algorithms Beat Experts -- Tools for Improving the Human Component -- Summary and Next Steps -- Notes -- Chapter 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk -- Scanning the Landscape: A Survey of Cybersecurity Professionals -- What Color Is Your Risk? The Ubiquitous-and Risky-Risk Matrix -- Exsupero Ursus and Other Fallacies -- Communication and Consensus Objections -- Conclusion -- Notes -- Part II Evolving the Model of Cybersecurity Risk -- Chapter 6 Decompose It: Unpacking the Details -- Decomposing the Simple One-for-One Substitution Model
505	8		\|a More Decomposition Guidelines: Clear, Observable, Useful -- A Hard Decomposition: Reputation Damage -- Conclusion -- Notes -- Chapter 7 Calibrated Estimates: How Much Do You Know Now? -- Introduction to Subjective Probability -- Calibration Exercise -- More Hints for Controlling Overconfidence -- Conceptual Obstacles to Calibration -- The Effects of Calibration -- Beyond Initial Calibration Training: More Methods for Improving Subjective Judgment -- Notes -- Answers to Trivia Questions for Calibration Exercise -- Chapter 8 Reducing Uncertainty with Bayesian Methods -- A Brief Introduction to Bayes and Probability Theory -- An Example from Little Data: Does Multifactor Authentication Work? -- Other Ways Bayes Applies -- Notes -- Chapter 9 Some Powerful Methods Based on Bayes -- Computing Frequencies with (Very) Few Data Points: The Beta Distribution -- Decomposing Probabilities with Many Conditions -- Reducing Uncertainty Further and When to Do It -- More Advanced Modeling Considerations -- Wrapping Up Bayes -- Notes -- Part III Cybersecurity Risk Management for the Enterprise -- Chapter 10 Toward Security Metrics Maturity -- Introduction: Operational Security Metrics Maturity Model -- Sparse Data Analytics -- Functional Security Metrics -- Functional Security Metrics Applied: BOOM! -- Wait-Time Baselines -- Security Data Marts -- Prescriptive Analytics -- Notes -- Chapter 11 How Well Are My Security Investments Working Together? -- Security Metrics with the Modern Data Stack -- Modeling for Security Business Intelligence -- Addressing BI Concerns -- Just the Facts: What Is Dimensional Modeling, and Why Do I Need It? -- Dimensional Modeling Use Case: Advanced Data Stealing Threats -- Modeling People Processes -- Conclusion -- Notes -- Chapter 12 A Call to Action: How to Roll Out Cybersecurity Risk Management -- Establishing the CSRM Strategic Charter
505	8		\|a Organizational Roles and Responsibilities for CSRM -- Getting Audit to Audit -- What the Cybersecurity Ecosystem Must Do to Support You -- Integrating CSRM with the Rest of the Enterprise -- Can We Avoid the Big One? -- Appendix A Selected Distributions -- Distribution Name: Triangular -- Distribution Name: Binary -- Distribution Name: Normal -- Distribution Name: Lognormal -- Distribution Name: Beta -- Distribution Name: Power Law -- Appendix B Guest Contributors -- Decision Analysis to Support Ransomware Cybersecurity Risk Management -- Bayesian Networks: One Solution for Specific Challenges in Building ML Systems in Cybersecurity -- The Flaw of Averages in Cyber Security -- Botnets -- Password Hacking -- How Catastrophe Modeling Can Be Applied to Cyber Risk -- Notes -- Index -- EULA.
650	0	7	\|a Risikomanagement \|0 (DE-588)4121590-4 \|2 gnd \|9 rswk-swf
650	0	7	\|a Sicherheit \|0 (DE-588)4054790-5 \|2 gnd \|9 rswk-swf
650	0	7	\|a Cyberspace \|0 (DE-588)4266146-8 \|2 gnd \|9 rswk-swf
650	0	7	\|a Quantitative Methode \|0 (DE-588)4232139-6 \|2 gnd \|9 rswk-swf
689	0	0	\|a Cyberspace \|0 (DE-588)4266146-8 \|D s
689	0	1	\|a Sicherheit \|0 (DE-588)4054790-5 \|D s
689	0	2	\|a Risikomanagement \|0 (DE-588)4121590-4 \|D s
689	0	3	\|a Quantitative Methode \|0 (DE-588)4232139-6 \|D s
689	0		\|5 DE-604
700	1		\|a Seiersen, Richard \|d 1967- \|e Verfasser \|0 (DE-588)1246094789 \|4 aut
776	0	8	\|i Erscheint auch als \|n Druck-Ausgabe \|z 9781119892304 \|a Hubbard, Douglas W. \|t How to Measure Anything in Cybersecurity Risk \|d Hoboken, New Jersey : John Wiley & Sons, Incorporated,c2023
912			\|a ZDB-30-PQE \|a ZDB-35-WIC
999			\|a oai:aleph.bib-bvb.de:BVB01-034185905
966	e		\|u https://onlinelibrary.wiley.com/doi/book/10.1002/9781119892335 \|l FWS01 \|p ZDB-35-WIC \|x Verlag \|3 Volltext
966	e		\|u https://onlinelibrary.wiley.com/doi/book/10.1002/9781119892335 \|l FWS02 \|p ZDB-35-WIC \|x Verlag \|3 Volltext
966	e		\|u https://ebookcentral.proquest.com/lib/hwr/detail.action?docID=7234983 \|l HWR01 \|p ZDB-30-PQE \|q HWR_PDA_PQE \|x Aggregator \|3 Volltext

Datensatz im Suchindex

DE-BY-FWS_katkey	1062358
_version_	1806175528603877376
adam_txt
any_adam_object
any_adam_object_boolean
author	Hubbard, Douglas W. 1962- Seiersen, Richard 1967-
author_GND	(DE-588)173955398 (DE-588)1246094789
author_facet	Hubbard, Douglas W. 1962- Seiersen, Richard 1967-
author_role	aut aut
author_sort	Hubbard, Douglas W. 1962-
author_variant	d w h dw dwh r s rs
building	Verbundindex
bvnumber	BV048921814
collection	ZDB-30-PQE ZDB-35-WIC
contents	Cover -- Title Page -- Copyright Page -- Contents -- Foreword for the Second Edition -- Acknowledgments -- Preface -- How to Measure Anything in Cybersecurity Risk -- Introduction -- Why We Chose This Topic -- What Is This Book About? -- We Need More Than Technology -- Part I Why Cybersecurity Needs Better Measurements for Risk -- Chapter 1 The One Patch Most Needed in Cybersecurity -- Insurance: A Canary in the Coal Mine -- The Global Attack Surface -- The Cyber Threat Response -- A Proposal for Cybersecurity Risk Management -- Notes -- Chapter 2 A Measurement Primer for Cybersecurity -- The Concept of Measurement -- A Taxonomy of Measurement Scales -- The Object of Measurement -- The Methods of Measurement -- Notes -- Chapter 3 The Rapid Risk Audit: Starting With a Simple Quantitative Risk Model -- The Setup and Terminology -- The Rapid Audit Steps -- Some Initial Sources of Data -- The Expert as the Instrument -- Supporting the Decision: Return on Controls -- Doing "Uncertainty Math" -- Visualizing Risk With a Loss Exceedance Curve -- Where to Go from Here -- Notes -- Chapter 4 The Single Most Important Measurement in Cybersecurity -- The Analysis Placebo: Why We Can't Trust Opinion Alone -- How You Have More Data than You Think -- When Algorithms Beat Experts -- Tools for Improving the Human Component -- Summary and Next Steps -- Notes -- Chapter 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk -- Scanning the Landscape: A Survey of Cybersecurity Professionals -- What Color Is Your Risk? The Ubiquitous-and Risky-Risk Matrix -- Exsupero Ursus and Other Fallacies -- Communication and Consensus Objections -- Conclusion -- Notes -- Part II Evolving the Model of Cybersecurity Risk -- Chapter 6 Decompose It: Unpacking the Details -- Decomposing the Simple One-for-One Substitution Model More Decomposition Guidelines: Clear, Observable, Useful -- A Hard Decomposition: Reputation Damage -- Conclusion -- Notes -- Chapter 7 Calibrated Estimates: How Much Do You Know Now? -- Introduction to Subjective Probability -- Calibration Exercise -- More Hints for Controlling Overconfidence -- Conceptual Obstacles to Calibration -- The Effects of Calibration -- Beyond Initial Calibration Training: More Methods for Improving Subjective Judgment -- Notes -- Answers to Trivia Questions for Calibration Exercise -- Chapter 8 Reducing Uncertainty with Bayesian Methods -- A Brief Introduction to Bayes and Probability Theory -- An Example from Little Data: Does Multifactor Authentication Work? -- Other Ways Bayes Applies -- Notes -- Chapter 9 Some Powerful Methods Based on Bayes -- Computing Frequencies with (Very) Few Data Points: The Beta Distribution -- Decomposing Probabilities with Many Conditions -- Reducing Uncertainty Further and When to Do It -- More Advanced Modeling Considerations -- Wrapping Up Bayes -- Notes -- Part III Cybersecurity Risk Management for the Enterprise -- Chapter 10 Toward Security Metrics Maturity -- Introduction: Operational Security Metrics Maturity Model -- Sparse Data Analytics -- Functional Security Metrics -- Functional Security Metrics Applied: BOOM! -- Wait-Time Baselines -- Security Data Marts -- Prescriptive Analytics -- Notes -- Chapter 11 How Well Are My Security Investments Working Together? -- Security Metrics with the Modern Data Stack -- Modeling for Security Business Intelligence -- Addressing BI Concerns -- Just the Facts: What Is Dimensional Modeling, and Why Do I Need It? -- Dimensional Modeling Use Case: Advanced Data Stealing Threats -- Modeling People Processes -- Conclusion -- Notes -- Chapter 12 A Call to Action: How to Roll Out Cybersecurity Risk Management -- Establishing the CSRM Strategic Charter Organizational Roles and Responsibilities for CSRM -- Getting Audit to Audit -- What the Cybersecurity Ecosystem Must Do to Support You -- Integrating CSRM with the Rest of the Enterprise -- Can We Avoid the Big One? -- Appendix A Selected Distributions -- Distribution Name: Triangular -- Distribution Name: Binary -- Distribution Name: Normal -- Distribution Name: Lognormal -- Distribution Name: Beta -- Distribution Name: Power Law -- Appendix B Guest Contributors -- Decision Analysis to Support Ransomware Cybersecurity Risk Management -- Bayesian Networks: One Solution for Specific Challenges in Building ML Systems in Cybersecurity -- The Flaw of Averages in Cyber Security -- Botnets -- Password Hacking -- How Catastrophe Modeling Can Be Applied to Cyber Risk -- Notes -- Index -- EULA.
ctrlnum	(ZDB-30-PQE)EBC7234983 (ZDB-30-PAD)EBC7234983 (ZDB-89-EBL)EBL7234983 (OCoLC)1375438384 (DE-599)BVBBV048921814
dewey-full	658.478
dewey-hundreds	600 - Technology (Applied sciences)
dewey-ones	658 - General management
dewey-raw	658.478
dewey-search	658.478
dewey-sort	3658.478
dewey-tens	650 - Management and auxiliary services
discipline	Wirtschaftswissenschaften
discipline_str_mv	Wirtschaftswissenschaften
edition	second edition
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>07041nmm a2200577zc 4500</leader><controlfield tag="001">BV048921814</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20240209 </controlfield><controlfield tag="007">cr\|uuu---uuuuu</controlfield><controlfield tag="008">230502s2023 \|\|\|\| o\|\|u\| \|\|\|\|\|\|eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781119892335</subfield><subfield code="c">obook</subfield><subfield code="9">978-1-119-89233-5</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781119892311</subfield><subfield code="c">ePub</subfield><subfield code="9">978-1-119-89231-1</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781119892328</subfield><subfield code="c">ePDF</subfield><subfield code="9">978-1-119-89232-8</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PQE)EBC7234983</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PAD)EBC7234983</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-89-EBL)EBL7234983</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1375438384</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV048921814</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-2070s</subfield><subfield code="a">DE-863</subfield><subfield code="a">DE-862</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">658.478</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Hubbard, Douglas W.</subfield><subfield code="d">1962-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)173955398</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">How to measure anything in cybersecurity risk</subfield><subfield code="c">Douglas W. Hubbard, Richard Seiersen</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">second edition</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Hoboken, New Jersey</subfield><subfield code="b">Wiley</subfield><subfield code="c">[2023]</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2023</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (xvii, 345 Seiten)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Description based on publisher supplied metadata and other sources</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Cover -- Title Page -- Copyright Page -- Contents -- Foreword for the Second Edition -- Acknowledgments -- Preface -- How to Measure Anything in Cybersecurity Risk -- Introduction -- Why We Chose This Topic -- What Is This Book About? -- We Need More Than Technology -- Part I Why Cybersecurity Needs Better Measurements for Risk -- Chapter 1 The One Patch Most Needed in Cybersecurity -- Insurance: A Canary in the Coal Mine -- The Global Attack Surface -- The Cyber Threat Response -- A Proposal for Cybersecurity Risk Management -- Notes -- Chapter 2 A Measurement Primer for Cybersecurity -- The Concept of Measurement -- A Taxonomy of Measurement Scales -- The Object of Measurement -- The Methods of Measurement -- Notes -- Chapter 3 The Rapid Risk Audit: Starting With a Simple Quantitative Risk Model -- The Setup and Terminology -- The Rapid Audit Steps -- Some Initial Sources of Data -- The Expert as the Instrument -- Supporting the Decision: Return on Controls -- Doing "Uncertainty Math" -- Visualizing Risk With a Loss Exceedance Curve -- Where to Go from Here -- Notes -- Chapter 4 The Single Most Important Measurement in Cybersecurity -- The Analysis Placebo: Why We Can't Trust Opinion Alone -- How You Have More Data than You Think -- When Algorithms Beat Experts -- Tools for Improving the Human Component -- Summary and Next Steps -- Notes -- Chapter 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk -- Scanning the Landscape: A Survey of Cybersecurity Professionals -- What Color Is Your Risk? The Ubiquitous-and Risky-Risk Matrix -- Exsupero Ursus and Other Fallacies -- Communication and Consensus Objections -- Conclusion -- Notes -- Part II Evolving the Model of Cybersecurity Risk -- Chapter 6 Decompose It: Unpacking the Details -- Decomposing the Simple One-for-One Substitution Model</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">More Decomposition Guidelines: Clear, Observable, Useful -- A Hard Decomposition: Reputation Damage -- Conclusion -- Notes -- Chapter 7 Calibrated Estimates: How Much Do You Know Now? -- Introduction to Subjective Probability -- Calibration Exercise -- More Hints for Controlling Overconfidence -- Conceptual Obstacles to Calibration -- The Effects of Calibration -- Beyond Initial Calibration Training: More Methods for Improving Subjective Judgment -- Notes -- Answers to Trivia Questions for Calibration Exercise -- Chapter 8 Reducing Uncertainty with Bayesian Methods -- A Brief Introduction to Bayes and Probability Theory -- An Example from Little Data: Does Multifactor Authentication Work? -- Other Ways Bayes Applies -- Notes -- Chapter 9 Some Powerful Methods Based on Bayes -- Computing Frequencies with (Very) Few Data Points: The Beta Distribution -- Decomposing Probabilities with Many Conditions -- Reducing Uncertainty Further and When to Do It -- More Advanced Modeling Considerations -- Wrapping Up Bayes -- Notes -- Part III Cybersecurity Risk Management for the Enterprise -- Chapter 10 Toward Security Metrics Maturity -- Introduction: Operational Security Metrics Maturity Model -- Sparse Data Analytics -- Functional Security Metrics -- Functional Security Metrics Applied: BOOM! -- Wait-Time Baselines -- Security Data Marts -- Prescriptive Analytics -- Notes -- Chapter 11 How Well Are My Security Investments Working Together? -- Security Metrics with the Modern Data Stack -- Modeling for Security Business Intelligence -- Addressing BI Concerns -- Just the Facts: What Is Dimensional Modeling, and Why Do I Need It? -- Dimensional Modeling Use Case: Advanced Data Stealing Threats -- Modeling People Processes -- Conclusion -- Notes -- Chapter 12 A Call to Action: How to Roll Out Cybersecurity Risk Management -- Establishing the CSRM Strategic Charter</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Organizational Roles and Responsibilities for CSRM -- Getting Audit to Audit -- What the Cybersecurity Ecosystem Must Do to Support You -- Integrating CSRM with the Rest of the Enterprise -- Can We Avoid the Big One? -- Appendix A Selected Distributions -- Distribution Name: Triangular -- Distribution Name: Binary -- Distribution Name: Normal -- Distribution Name: Lognormal -- Distribution Name: Beta -- Distribution Name: Power Law -- Appendix B Guest Contributors -- Decision Analysis to Support Ransomware Cybersecurity Risk Management -- Bayesian Networks: One Solution for Specific Challenges in Building ML Systems in Cybersecurity -- The Flaw of Averages in Cyber Security -- Botnets -- Password Hacking -- How Catastrophe Modeling Can Be Applied to Cyber Risk -- Notes -- Index -- EULA.</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Risikomanagement</subfield><subfield code="0">(DE-588)4121590-4</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Sicherheit</subfield><subfield code="0">(DE-588)4054790-5</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Cyberspace</subfield><subfield code="0">(DE-588)4266146-8</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Quantitative Methode</subfield><subfield code="0">(DE-588)4232139-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Cyberspace</subfield><subfield code="0">(DE-588)4266146-8</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Sicherheit</subfield><subfield code="0">(DE-588)4054790-5</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Risikomanagement</subfield><subfield code="0">(DE-588)4121590-4</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="3"><subfield code="a">Quantitative Methode</subfield><subfield code="0">(DE-588)4232139-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Seiersen, Richard</subfield><subfield code="d">1967-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1246094789</subfield><subfield code="4">aut</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="z">9781119892304</subfield><subfield code="a">Hubbard, Douglas W.</subfield><subfield code="t">How to Measure Anything in Cybersecurity Risk</subfield><subfield code="d">Hoboken, New Jersey : John Wiley & Sons, Incorporated,c2023</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-PQE</subfield><subfield code="a">ZDB-35-WIC</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-034185905</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://onlinelibrary.wiley.com/doi/book/10.1002/9781119892335</subfield><subfield code="l">FWS01</subfield><subfield code="p">ZDB-35-WIC</subfield><subfield code="x">Verlag</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://onlinelibrary.wiley.com/doi/book/10.1002/9781119892335</subfield><subfield code="l">FWS02</subfield><subfield code="p">ZDB-35-WIC</subfield><subfield code="x">Verlag</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://ebookcentral.proquest.com/lib/hwr/detail.action?docID=7234983</subfield><subfield code="l">HWR01</subfield><subfield code="p">ZDB-30-PQE</subfield><subfield code="q">HWR_PDA_PQE</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection>
id	DE-604.BV048921814
illustrated	Not Illustrated
index_date	2024-07-03T21:55:17Z
indexdate	2024-08-01T11:06:51Z
institution	BVB
isbn	9781119892335 9781119892311 9781119892328
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-034185905
oclc_num	1375438384
open_access_boolean
owner	DE-2070s DE-863 DE-BY-FWS DE-862 DE-BY-FWS
owner_facet	DE-2070s DE-863 DE-BY-FWS DE-862 DE-BY-FWS
physical	1 Online-Ressource (xvii, 345 Seiten)
psigel	ZDB-30-PQE ZDB-35-WIC ZDB-30-PQE HWR_PDA_PQE
publishDate	2023
publishDateSearch	2023
publishDateSort	2023
publisher	Wiley
record_format	marc
spellingShingle	Hubbard, Douglas W. 1962- Seiersen, Richard 1967- How to measure anything in cybersecurity risk Cover -- Title Page -- Copyright Page -- Contents -- Foreword for the Second Edition -- Acknowledgments -- Preface -- How to Measure Anything in Cybersecurity Risk -- Introduction -- Why We Chose This Topic -- What Is This Book About? -- We Need More Than Technology -- Part I Why Cybersecurity Needs Better Measurements for Risk -- Chapter 1 The One Patch Most Needed in Cybersecurity -- Insurance: A Canary in the Coal Mine -- The Global Attack Surface -- The Cyber Threat Response -- A Proposal for Cybersecurity Risk Management -- Notes -- Chapter 2 A Measurement Primer for Cybersecurity -- The Concept of Measurement -- A Taxonomy of Measurement Scales -- The Object of Measurement -- The Methods of Measurement -- Notes -- Chapter 3 The Rapid Risk Audit: Starting With a Simple Quantitative Risk Model -- The Setup and Terminology -- The Rapid Audit Steps -- Some Initial Sources of Data -- The Expert as the Instrument -- Supporting the Decision: Return on Controls -- Doing "Uncertainty Math" -- Visualizing Risk With a Loss Exceedance Curve -- Where to Go from Here -- Notes -- Chapter 4 The Single Most Important Measurement in Cybersecurity -- The Analysis Placebo: Why We Can't Trust Opinion Alone -- How You Have More Data than You Think -- When Algorithms Beat Experts -- Tools for Improving the Human Component -- Summary and Next Steps -- Notes -- Chapter 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk -- Scanning the Landscape: A Survey of Cybersecurity Professionals -- What Color Is Your Risk? The Ubiquitous-and Risky-Risk Matrix -- Exsupero Ursus and Other Fallacies -- Communication and Consensus Objections -- Conclusion -- Notes -- Part II Evolving the Model of Cybersecurity Risk -- Chapter 6 Decompose It: Unpacking the Details -- Decomposing the Simple One-for-One Substitution Model More Decomposition Guidelines: Clear, Observable, Useful -- A Hard Decomposition: Reputation Damage -- Conclusion -- Notes -- Chapter 7 Calibrated Estimates: How Much Do You Know Now? -- Introduction to Subjective Probability -- Calibration Exercise -- More Hints for Controlling Overconfidence -- Conceptual Obstacles to Calibration -- The Effects of Calibration -- Beyond Initial Calibration Training: More Methods for Improving Subjective Judgment -- Notes -- Answers to Trivia Questions for Calibration Exercise -- Chapter 8 Reducing Uncertainty with Bayesian Methods -- A Brief Introduction to Bayes and Probability Theory -- An Example from Little Data: Does Multifactor Authentication Work? -- Other Ways Bayes Applies -- Notes -- Chapter 9 Some Powerful Methods Based on Bayes -- Computing Frequencies with (Very) Few Data Points: The Beta Distribution -- Decomposing Probabilities with Many Conditions -- Reducing Uncertainty Further and When to Do It -- More Advanced Modeling Considerations -- Wrapping Up Bayes -- Notes -- Part III Cybersecurity Risk Management for the Enterprise -- Chapter 10 Toward Security Metrics Maturity -- Introduction: Operational Security Metrics Maturity Model -- Sparse Data Analytics -- Functional Security Metrics -- Functional Security Metrics Applied: BOOM! -- Wait-Time Baselines -- Security Data Marts -- Prescriptive Analytics -- Notes -- Chapter 11 How Well Are My Security Investments Working Together? -- Security Metrics with the Modern Data Stack -- Modeling for Security Business Intelligence -- Addressing BI Concerns -- Just the Facts: What Is Dimensional Modeling, and Why Do I Need It? -- Dimensional Modeling Use Case: Advanced Data Stealing Threats -- Modeling People Processes -- Conclusion -- Notes -- Chapter 12 A Call to Action: How to Roll Out Cybersecurity Risk Management -- Establishing the CSRM Strategic Charter Organizational Roles and Responsibilities for CSRM -- Getting Audit to Audit -- What the Cybersecurity Ecosystem Must Do to Support You -- Integrating CSRM with the Rest of the Enterprise -- Can We Avoid the Big One? -- Appendix A Selected Distributions -- Distribution Name: Triangular -- Distribution Name: Binary -- Distribution Name: Normal -- Distribution Name: Lognormal -- Distribution Name: Beta -- Distribution Name: Power Law -- Appendix B Guest Contributors -- Decision Analysis to Support Ransomware Cybersecurity Risk Management -- Bayesian Networks: One Solution for Specific Challenges in Building ML Systems in Cybersecurity -- The Flaw of Averages in Cyber Security -- Botnets -- Password Hacking -- How Catastrophe Modeling Can Be Applied to Cyber Risk -- Notes -- Index -- EULA. Risikomanagement (DE-588)4121590-4 gnd Sicherheit (DE-588)4054790-5 gnd Cyberspace (DE-588)4266146-8 gnd Quantitative Methode (DE-588)4232139-6 gnd
subject_GND	(DE-588)4121590-4 (DE-588)4054790-5 (DE-588)4266146-8 (DE-588)4232139-6
title	How to measure anything in cybersecurity risk
title_auth	How to measure anything in cybersecurity risk
title_exact_search	How to measure anything in cybersecurity risk
title_exact_search_txtP	How to measure anything in cybersecurity risk
title_full	How to measure anything in cybersecurity risk Douglas W. Hubbard, Richard Seiersen
title_fullStr	How to measure anything in cybersecurity risk Douglas W. Hubbard, Richard Seiersen
title_full_unstemmed	How to measure anything in cybersecurity risk Douglas W. Hubbard, Richard Seiersen
title_short	How to measure anything in cybersecurity risk
title_sort	how to measure anything in cybersecurity risk
topic	Risikomanagement (DE-588)4121590-4 gnd Sicherheit (DE-588)4054790-5 gnd Cyberspace (DE-588)4266146-8 gnd Quantitative Methode (DE-588)4232139-6 gnd
topic_facet	Risikomanagement Sicherheit Cyberspace Quantitative Methode
work_keys_str_mv	AT hubbarddouglasw howtomeasureanythingincybersecurityrisk AT seiersenrichard howtomeasureanythingincybersecurityrisk

Verfügbarkeit

Volltext öffnen

MARC

Datensatz im Suchindex

Ähnliche Einträge