Get Your Free Audiobook

How to Measure Anything in Cybersecurity Risk

Narrated by: Patrick Cronin
Length: 10 hrs and 21 mins
Categories: Non-fiction, Technology
5 out of 5 stars (2 ratings)

Non-member price: $34.76

After 30 days, Audible is $16.45/mo. Cancel anytime.

Publisher's Summary

A ground shaking exposé on the failure of popular cyber risk management methods.

How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his best-selling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely.

  • Discover the shortcomings of cybersecurity's "best practices"
  • Learn which risk management approaches actually create risk
  • Improve your current practices with practical alterations
  • Learn which methods are beyond saving, and worse than doing nothing

Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing - as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

PLEASE NOTE: When you purchase this title, the accompanying reference material will be available in your Library section along with the audio.

©2016 John Wiley & Sons, Inc. (P)2016 Audible, Inc.
What members say
Average Customer Ratings
Overall
  • 5 out of 5 stars
  • 5 Stars
    2
  • 4 Stars
    0
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0
Performance
  • 4.5 out of 5 stars
  • 5 Stars
    1
  • 4 Stars
    1
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0
Story
  • 4.5 out of 5 stars
  • 5 Stars
    1
  • 4 Stars
    1
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0

Reviews - Please select the tabs below to change the source of reviews.

No Reviews are Available
Sort by:
Filter by:
  • Overall
    3 out of 5 stars
  • Performance
    3 out of 5 stars
  • Story
    3 out of 5 stars
Profile Image for Andy
  • Andy
  • 28-03-2017

better know math and statistics before diving in

I found this book enjoyable, but most of the math and statistics were way over my head.
Fortunately, I'm a general manager and I can hire folks to do the good things that this book lays out. Before listening to this book, our cybersecurity matrix was green, yellow, red. Now we can move toward continuous measurement, which makes more sense.

5 people found this helpful

  • Overall
    4 out of 5 stars
  • Performance
    3 out of 5 stars
  • Story
    3 out of 5 stars
Profile Image for Wanderer
  • Wanderer
  • 20-01-2017

Not appropriate for audio, buy a hard copy instead

Would you try another book from Douglas W. Hubbard and Richard Seiersen and/or Patrick Cronin?

Yes, it was obvious that they knew their stuff

Any additional comments?

I liked this book, I wish I could return it for a hard copy. This book is well done but really hard to follow as an audio book, which is how I bought it. Audible says I can't return it.

8 people found this helpful

  • Overall
    2 out of 5 stars
  • Performance
    3 out of 5 stars
  • Story
    2 out of 5 stars
Profile Image for Levi J. Hagemann
  • Levi J. Hagemann
  • 01-03-2018

Umm...not for audio

Great subject matter. Good read. Terrible book for audio. Need the hardcopy, otherwise just useless.

2 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for T. Leach
  • T. Leach
  • 04-01-2017

Great book to understand Cybersecurity Risk

Cybersecurity risk needs to adopt a quantitative risk metric driven approach. This book will help you understand why and walk you through some of the methods. It has a very applied hands on approach with links to downloadable spreadsheets.

2 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for Kurt
  • Kurt
  • 01-07-2020

Awesome Risk Analysis Methods

the hard part wad listening to math formulas being read. other than that, great! information.

  • Overall
    1 out of 5 stars
Profile Image for LG
  • LG
  • 04-12-2019

Mixed feelings on this

Useless an audio book. Possibly better on paper.
I'm still curious, however listening to Excel formulas is unbearable and very much yesterday.

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    4 out of 5 stars
Profile Image for C.T.
  • C.T.
  • 24-08-2019

Cybersecurity risk measurement reimagined

Excellent rethinking of how to quantify and calculate real risks in Cybersecurity. This fresh, scientific, math-based approach to measuring and then calculating probabilities will allow realistic risk management of cybersecurity in corporations across all industries.

This is a substantial tome requiring a paper or text-based, electronic version to leverage all its usefulness. The book is split in three sections. First, a high-level explanation of the concepts and a vigorous rallying cry to abandon the ineffective, and often misleading, status quo of cybersecurity risk measurement. Second, a detailed explanation of the theories with many real world research examples to back them up. And, lastly, a deep dive into how to use the provided Microsoft Excel spreadsheet formulae to begin implementing the theory in a actual cybersecurity program.

The Audible version is well done, with the first two sections easy to follow and comprehend with only a few rewinds for grasping the intricacies of the theory. However, the third section is nearly impossible to follow audibly as the reader is required to voice long and complex Excel mathematical formulas. Of course, this is not a fault of the authors or the performance, just a result of the deep subject matter and detailed examples.

  • Overall
    3 out of 5 stars
Profile Image for Cpt. Pat
  • Cpt. Pat
  • 12-07-2019

Yes, that's the problem. But what's the solution?

The author describes the problem well. But not the solution. Human threats defy measurement. To accomplish any kind of estimate, one needs to know the motives and methods of one's adversary. Without mindreading, one can only estimate - but never measure - risk. Patrick Bryant, CISSP, NASA infosec, retired

  • Overall
    3 out of 5 stars
  • Performance
    3 out of 5 stars
  • Story
    3 out of 5 stars
Profile Image for MvD (the Netherlands)
  • MvD (the Netherlands)
  • 21-06-2019

Goossens book, though difficult as Audiobook

This Audiobook is quite difficult to listen to if only used as an Audiobook. Because of the many Excel formulas, it is difficult to follow. nevertheless the topic is one that is highly important and the message is clear.

  • Overall
    2 out of 5 stars
  • Performance
    1 out of 5 stars
  • Story
    2 out of 5 stars
Profile Image for Anonymous User
  • Anonymous User
  • 18-04-2019

Great content; not a great 'Audible' book.

I picked up this book as I'm looking for alternative methodologies to asses third party cyber-risk, and more importantly, something that didn't rely on 'gut feeling.' This book validated my beliefs, with evidence, that ordinal (heatmaps, high/medium/low) scales are not appropriate for serious decisions. It goes to great lengths to show that statistical modeling, while more challenging to perform, is within the bounds of most security experts. The book even directs to downloadable spreadsheets to help solidify the information to the listener.

While I enjoyed the content, my challenge was that I was listening to it, via 'Audible', during my commute. The reader makes several references to undescribed tables and charts. Also, listening to someone read excel spreadsheet formulas and programmatic code makes it difficult to keep up. For example, the simple 'if/then' excel formula "=IF(A1="Test",TRUE,FALSE)", would be read "equals, if, open parenthesis, A1, equals, open quotation, test, close quotation, comma, true, comma, false, close parenthesis."

While the content is valuable, without seeing the examples, I didn't retain very much information. I am planning on purchasing the paper version of the book as the information is valuable, but I don't recommend the 'Audible' version except as a secondary source of study.

Sort by:
Filter by:
  • Overall
    1 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    1 out of 5 stars
Profile Image for Kevin Walker
  • Kevin Walker
  • 11-01-2019

My mistake

Thought this was on cyber security risk but it was on risk prediction.
May I sujest find these people and jail them for one of the most dangerous book on earth for making listeners want to self harm
The nirator must have been drugged to perform this dribble not recommended waste of credit

  • Overall
    2 out of 5 stars
  • Performance
    4 out of 5 stars
  • Story
    1 out of 5 stars
Profile Image for Paul D
  • Paul D
  • 03-01-2019

I don't think this works as an Audible book.

Whilst the high level content recognises that there's a gap in how risk is measured (by that I mean, what do we score the likelihood of attack?), it also includes too much formula for quantive risk calculations and listening to this becomes an overload of information, which didn't work for me. If I was the publisher I would pull this audible book and ask for it to be rewritten with this media in mind.