Your audiobook is waiting…

How to Measure Anything in Cybersecurity Risk

Narrated by: Patrick Cronin
Length: 10 hrs and 21 mins
4 out of 5 stars (73 ratings)

Regular price: $24.95

$14.95/month after 30 days. Cancel anytime.

Publisher's Summary

A ground shaking exposé on the failure of popular cyber risk management methods.

How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his best-selling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely.

  • Discover the shortcomings of cybersecurity's "best practices"
  • Learn which risk management approaches actually create risk
  • Improve your current practices with practical alterations
  • Learn which methods are beyond saving, and worse than doing nothing

Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing - as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

©2016 John Wiley & Sons, Inc. (P)2016 Audible, Inc.

What members say

Average Customer Ratings

Overall

  • 4 out of 5 stars
  • 5 Stars
    29
  • 4 Stars
    23
  • 3 Stars
    14
  • 2 Stars
    5
  • 1 Stars
    2

Performance

  • 4 out of 5 stars
  • 5 Stars
    27
  • 4 Stars
    19
  • 3 Stars
    14
  • 2 Stars
    5
  • 1 Stars
    4

Story

  • 4 out of 5 stars
  • 5 Stars
    28
  • 4 Stars
    17
  • 3 Stars
    12
  • 2 Stars
    9
  • 1 Stars
    2
Sort by:
  • Overall
    4 out of 5 stars
  • Performance
    3 out of 5 stars
  • Story
    3 out of 5 stars

Not appropriate for audio, buy a hard copy instead

Would you try another book from Douglas W. Hubbard and Richard Seiersen and/or Patrick Cronin?

Yes, it was obvious that they knew their stuff

Any additional comments?

I liked this book, I wish I could return it for a hard copy. This book is well done but really hard to follow as an audio book, which is how I bought it. Audible says I can't return it.

6 of 6 people found this review helpful

  • Overall
    3 out of 5 stars
  • Performance
    3 out of 5 stars
  • Story
    3 out of 5 stars
  • Andy
  • Westport, CT, United States
  • 03-28-17

better know math and statistics before diving in

I found this book enjoyable, but most of the math and statistics were way over my head.
Fortunately, I'm a general manager and I can hire folks to do the good things that this book lays out. Before listening to this book, our cybersecurity matrix was green, yellow, red. Now we can move toward continuous measurement, which makes more sense.

4 of 4 people found this review helpful

  • Overall
    2 out of 5 stars
  • Performance
    3 out of 5 stars
  • Story
    2 out of 5 stars

Umm...not for audio

Great subject matter. Good read. Terrible book for audio. Need the hardcopy, otherwise just useless.

1 of 1 people found this review helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

Great book to understand Cybersecurity Risk

Cybersecurity risk needs to adopt a quantitative risk metric driven approach. This book will help you understand why and walk you through some of the methods. It has a very applied hands on approach with links to downloadable spreadsheets.

2 of 3 people found this review helpful

  • Overall
    3 out of 5 stars
  • Performance
    3 out of 5 stars
  • Story
    2 out of 5 stars

Great content; not a great 'Audible' book.

I picked up this book as I'm looking for alternative methodologies to asses third party cyber-risk, and more importantly, something that didn't rely on 'gut feeling.' This book validated my beliefs, with evidence, that ordinal (heatmaps, high/medium/low) scales are not appropriate for serious decisions. It goes to great lengths to show that statistical modeling, while more challenging to perform, is within the bounds of most security experts. The book even directs to downloadable spreadsheets to help solidify the information to the listener.

While I enjoyed the content, my challenge was that I was listening to it, via 'Audible', during my commute. The reader makes several references to undescribed tables and charts. Also, listening to someone read excel spreadsheet formulas and programmatic code makes it difficult to keep up. For example, the simple 'if/then' excel formula "=IF(A1="Test",TRUE,FALSE)", would be read "equals, if, open parenthesis, A1, equals, open quotation, test, close quotation, comma, true, comma, false, close parenthesis."

While the content is valuable, without seeing the examples, I didn't retain very much information. I am planning on purchasing the paper version of the book as the information is valuable, but I don't recommend the 'Audible' version except as a secondary source of study.

  • Overall
    2 out of 5 stars
  • Performance
    2 out of 5 stars
  • Story
    2 out of 5 stars

Not good at all for an Audio book

If you like the content, buy the hard copy. It is wast of money to buy this as an audiobook. After the first chapter that is very general then the rest is not understandable as an audiobook.

  • Overall
    5 out of 5 stars
  • Performance
    4 out of 5 stars
  • Story
    4 out of 5 stars

Masterful book, not ideal for audio

This book is an absolute must read for anyone responsible for cybersecurity risk. Hubbard makes complex concepts clear and understandable. I already had a copy on my Kindle and added the audio book so I could listen during my commute. I'm glad I did but found that I skipped through some parts that relied on a good look at the page. Formulas for statistical and probability calculations don't lend themselves to narration and I rely on the written copy for that. Nearly all of the audio book was captivating but for the few parts that have to be read, I'd suggest that another copy is needed to fully appreciate it.

  • Overall
    3 out of 5 stars
  • Performance
    3 out of 5 stars
  • Story
    3 out of 5 stars

Not for Audible

This book is not really suited for Audible. Listening to the narrator say excel formulae is not really great. I think the authors do have some good information, so the book is worth reading. BUY the physical or kindle book rather.

Amazon should consider an option to allow users to exchange an Audible book for a real version in this scenario.

  • Overall
    4 out of 5 stars
  • Performance
    4 out of 5 stars
  • Story
    4 out of 5 stars

Great book

This was a great book to help put a lot of things into perspective for measuring risk. As someone who only listens to audio books while driving in the car, the math heavy chapters where of slightly less value as an audio book. That said, the content was solid enough that I will most likely be purchasing this book on Kindle to read again and make more use of the actual math side of it.

  • Overall
    4 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    4 out of 5 stars

Informative

the data presented is relevant,but the lack of graphics makes keeping up difficult for someone not familiar with statistics and risk Management.

Sort by:
  • Overall
    1 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    1 out of 5 stars
  • Kevin Walker
  • 01-11-19

My mistake

Thought this was on cyber security risk but it was on risk prediction.
May I sujest find these people and jail them for one of the most dangerous book on earth for making listeners want to self harm
The nirator must have been drugged to perform this dribble not recommended waste of credit

  • Overall
    2 out of 5 stars
  • Performance
    4 out of 5 stars
  • Story
    1 out of 5 stars
  • Paul D
  • 01-03-19

I don't think this works as an Audible book.

Whilst the high level content recognises that there's a gap in how risk is measured (by that I mean, what do we score the likelihood of attack?), it also includes too much formula for quantive risk calculations and listening to this becomes an overload of information, which didn't work for me. If I was the publisher I would pull this audible book and ask for it to be rewritten with this media in mind.