Cybersecurity first principles: risk assessment.
This is the sixth episode in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners-- be they from the commercial sector, government enterprise, or academic institutions-- using the concept of first principles.
Resources:
- "How to Measure Anything in Cybersecurity Risk,” by Douglas W. Hubbard and Richard Seiersen, Published by Wiley, 25 July 2016.
- “Materiality in a nutshell,” by datamaran.
- "Measuring and Managing Information Risk: A Fair Approach,” by Jack Freund and Jack Jones, Published by Butterworth-Heinemann, January 2014.
- “Metrics and risk: All models are wrong, some are useful,” By Rick Howard, CSO Perspectives, the CyberWire, 30 March 2020.
- "Pundits are regularly outpredicted by people you’ve never heard of. Here’s how to change that,” By Sam Winter-Levy and Jacob Trefethen, The Washington Post, 30 September 2015.
- "Superforecasting: The Art and Science of Prediction,” by Philip E. Tetlock and Dan Gardner, 29 September 2015, Crown.
- "The Cybersecurity Canon – How to Measure Anything: Finding the Value of ‘Intangibles’ in Business,” Book Review by Rick Howard, Cybersecurity Canon Project, Palo Alto Networks, 19 July 2017.
- "The Cybersecurity Canon: How to Measure Anything in Cybersecurity Risk,” Book Review By Steve Winterfeld, Cybersecurity Canon Project, Cybersecurity Canon Hall of Fame Winner, Palo Alto Networks, 2 December 2016.
- "The Cybersecurity Canon: Measuring and Managing Information Risk: A FAIR Approach,” Book Review by Ben Rothke, Cybersecurity Canon Project, Cybersecurity Canon Hall of Fame Winner, Palo Alto Networks, 10 September 2017.
- “The Foundations of Decision Analysis Revisited,” by Ronald Howard, Chapter 3, 060520 V10.
- "Superforecasting: Even You Can Perform High-Precision Risk Assessments,” By Rick Howard, David Caswell, and Richard Seiersen, Edited by Deirdre Beard and Benjamin Collar.
- "Superforecasting: The Art and Science of Prediction,” by Philip E. Tetlock and Dan Gardner, Published by Crown, 29 September 2015.
- “Super Prognostication II: Risk Assessment Prognostication in the 21st Century,” by Rick Howard and Dave Caswell, 2019 RSA Conference, 6 March 2019.