How to Measure Anything in Cybersecurity Risk, 2nd Edition
by Douglas W. Hubbard, Richard Seiersen
Foreword for the Second Edition
Jack Jones
Chief Risk Scientist at RiskLens
Chairman of the FAIR Institute
I clearly recall my first conversation with Douglas about fifteen years ago. In the midst of trying to build a consulting practice around my Factor Analysis of Information Risk (FAIR) model, I had just read the first edition of his brilliant How to Measure Anything book and wanted to pick his brain. But what stood out most during our conversation wasn't Doug's incredible depth of knowledge—it was his passion for sharing insights with others. Similarly, when I first met Richard at an SIRA conference some years ago, he exhibited the same depth of knowledge and oozed the same passion. And although deep expertise is obviously important for their work, it's their passion for helping others that provides the energy and intestinal fortitude to challenge conventional wisdom and lead our profession to higher ground.
In this book, Doug and Richard continue to apply their passion to the topic of reducing uncertainty and making (much) better decisions in a profoundly complex problem space. As a cybersecurity professional for over thirty‐five years and a CISO for over 10 years, I can attest to how important this is.
Anyone who's been in the cybersecurity trenches for any length of time will be familiar with some of the common measurement‐related challenges we face. “Religious debates” about whether something is “high risk” or “medium risk,” an inability to effectively measure and communicate ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access