Table of Contents
Foreword for the Second Edition
Jack Jones ix
Acknowledgments xiii
Preface xv
Introduction 1
Part I Why Cybersecurity Needs Better Measurements for Risk 5
Chapter 1 The One Patch Most Needed in Cybersecurity 7
Chapter 2 A Measurement Primer for Cybersecurity 21
Chapter 3 The Rapid Risk Audit: Starting With a Simple Quantitative Risk Model 43
Chapter 4 The Single Most Important Measurement in Cybersecurity 73
Chapter 5 Risk Matrices, Lie Factors, Misconceptions, and Other Obstacles to Measuring Risk 101
Part II Evolving the Model of Cybersecurity Risk 133
Chapter 6 Decompose It: Unpacking the Details 135
Chapter 7 Calibrated Estimates: How Much Do You Know Now? 155
Chapter 8 Reducing Uncertainty with Bayesian Methods 183
Chapter 9 Some Powerful Methods Based on Bayes 193
Part III Cybersecurity Risk Management for the Enterprise 231
Chapter 10 Toward Security Metrics Maturity 233
Chapter 11 How Well Are My Security Investments Working Together? 257
Chapter 12 A Call to Action: How to Roll Out Cybersecurity Risk Management 277
Appendix A Selected Distributions 289
Appendix B Guest Contributors 297
Index 327