Skip to Main Content
Stepping Through Cybersecurity Risk Management
book

Stepping Through Cybersecurity Risk Management

by Jennifer L. Bayuk
March 2024
Beginner content levelBeginner
336 pages
10h 10m
English
Wiley
Content preview from Stepping Through Cybersecurity Risk Management

7Metrics

Measurement is the process of mapping from the empirical world to the formal, relational world. The measure that results characterizes an attribute of some object under scrutiny. A measure is one thing, sometimes called a primitive, that you can report on as a fact. It is the result of holding something like a yardstick against some object. Cybersecurity is not the object of measurement, nor a well‐understood attribute. This means that you are not directly measuring security, you are measuring other things and using them to draw conclusions about cybersecurity.

The history of cybersecurity includes a wide variety of examples of how people use numbers to measure security processes and attributes. However, not all measures use numbers. For example, in Figure 7.1 we have a human being measured by a wall rule, and the ruler’s measurement is somewhere around 5½ feet. This is a single attribute, it is height. It does not fully describe the whole human of course. If you want to describe a human, you have to give more attributes, such as shape, color, sound, intellect. Not all of these measures can be made with numbers, yet they are tangible attributes that help identify the person. Cybersecurity measures are like that but even less tangible. It is more like a measure of weather. You can measure temperature, pressure, and wind direction, and it can help you decide whether it is probable that your raincoat is protective enough and whether your house is high enough over the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Risk Management for Cybersecurity and IT Managers

Risk Management for Cybersecurity and IT Managers

Jason Dion

Publisher Resources

ISBN: 9781394213955Purchase Link