![]() ![]() On the contrary, there is evidence these methods add noise and error to the judgment process. A thorough investigation of the research on these methods and decision-making methods in general indicates the following: There is no evidence that the types of scoring and risk matrix methods widely used in cybersecurity improve judgment. ![]() ![]() "So let’s be clear about our position on current methods: They are a failure. It truly challenges the current common practices in use to develop expert opinion-based risk frameworks. ReviewĪs I said, this book reads like an education in quantitative modeling and how to apply the methodology to cybersecurity. This book belongs in the Cybersecurity Canon under Governance Risk and Compliance (GRC). It is grounded in classic quantitative analysis methodologies and provides a good balance of background and practical examples. It is a book anyone who is responsible for measuring risk, developing metrics, or determining return on investment should read. How to Measure Anything in Cybersecurity Risk is a book that reads like a college statistics textbook (but the good kind you highlight a lot). ![]() Hubbard and Richard Seiersenīook review by Steve Winterfeld Executive Summary ![]()
0 Comments
Leave a Reply. |