The book How to Measure Anything in Cybersecurity Risk (2nd Edition) by Doug Hubbard and Richard Seiersen is a comprehensive guide that challenges and changes the conventional understanding of cybersecurity risk assessment. The authors, both experts in their fields, combine their knowledge to create a book that is both practical and thought-provoking.
The second edition of this book builds upon the foundation laid by its predecessor, introducing new content such as the “Rapid Risk Audit” for quick quantitative risk assessments, and new research on the impact of reputation damage. It also includes updated Bayesian examples for assessing risk with limited data, and advice on combining expert opinion.
The book is praised for its straightforward and simple framework that helps readers improve their risk assessment processes. It dispels long-held beliefs and myths about information security, providing a clear roadmap for IT security managers, CFOs, risk and compliance professionals, and statisticians.
What sets this book apart is its focus on quantifying uncertainty and measuring intangible goals in cybersecurity. The authors provide advanced methods and detailed advice for a variety of use cases, making it a valuable resource for professionals in the field.
Overall, How to Measure Anything in Cybersecurity Risk (2nd Edition) is an essential read for anyone involved in cybersecurity. It’s not just a book about theories; it’s a practical guide that offers real solutions to the complex problems of measuring and managing cybersecurity risk. With its clear explanations and actionable advice, it’s a book that can truly make a difference in the way organizations approach cybersecurity risk.
Rating: 8,5 / 10