What Is This Book About?
Even though this book focuses on cybersecurity risk, this book still has a lot in common with the original How to Measure Anything book, including:
- Making better decisions when you are significantly uncertain about the present and future, and
- Reducing that uncertainty even when data seems unavailable or the targets of measurement seem ambiguous and intangible.
This book in particular offers an alternative to a set of deeply rooted risk assessment methods now widely used in cybersecurity but that have no basis in the mathematics of risk or scientific method. We argue that these methods impede decisions about a subject of growing criticality. We also argue that methods based on real evidence of improving decisions are not only practical but already have been applied to a wide variety of equally difficult problems, including cybersecurity itself. We will show that we can start at a simple level and then evolve to whatever level is required while avoiding problems...