• N2K CyberWire
  • Search the site
  • Industry Insights
  • Podcasts
  • Briefings
  • Stories
  • Events
  • Glossary
  • N2K Pro
  • CISO Perspectives
  • Podcasts
  • Briefings
  • Pro Academy New
  • Hash Table
  • 1st Principles Course
  • About
  • Our Story
  • Press
  • Team
  • Testimonials
  • Sponsor
  • Partners
  • Dev
  • API
  • Account
  • Profile
  • Logout
Home
Search the site
Industry Insights
Podcasts
Briefings
Stories
Events
Glossary
N2K Pro
CISO Perspectives
Podcasts
Briefings
Pro Academy New
Hash Table
1st Principles Course
Dev
API
About
Our Story
Press
Team
Testimonials
Sponsor
Partners
 
July 11, 2025
Join Pro
LOGIN
Podcasts
CISO Perspectives (public)
Ep 4
CSO Perspectives (public) 5.10.21
Ep 4 | 5.10.21
Share on LinkedInShare on FacebookShare on Twitter

Metrics and risk: all models are wrong, some are useful.

Subscribe
Apple Podcasts icon
Apple Podcasts
Apple Podcasts icon
Apple Podcasts
Spotify icon
Spotify
Overcast icon
Overcast
Overcast icon
Overcast
Castbox icon
Castbox
RSS icon
RSS
Show Notes

Conveying risk to the company leadership, the metrics collection required to do it, how heat maps are generally bad science, and the requirement for precise modeling of the risk environment.

Links to recommended sources:

  • 6 security metrics that matter – and 4 that don’t
  • How to Measure Anything: Finding the Value of "Intangibles" in Business
  • How to Measure Anything in Cybersecurity Risk
  • Measuring and Managing Information Risk: A Fair Approach
  • Security Metrics: Replacing Fear, Uncertainty, and Doubt
  • The Black Swan: The Impact of the Highly Improbable
  • Superforecasting: Even You Can Perform High-Precision Risk Assessments
  • Superforecasting: The Art and Science of Prediction
  • Super Prognostication II: Risk Assessment Prognostication in the 21st Century
CISO Perspectives (public)
Podcast Info
HOST(S):
Kim Jones
Kim Jones is an intelligence, security, and risk management expert with nearly 40 years of experience in information security strategy, governance and compliance, and security operations. He has built, operated, and led security programs across industries, and is the principal architect of one of Arizona State University's cybersecurity education programs. Kim also teaches in SANS' leadership curriculum and UC Berkeley's MICS program. He holds a B.S. in Computer Science from West Point, an M.S. in Information Assurance from Norwich University, and CISM and CISSP certifications.
Follow Kim Jones
Schedule: Tuesdays (in season)
Creator: N2K CyberWire
CISO Perspectives (public)
N2K CyberWire
Privacy
Terms
Sponsorship Terms
Contact Us
©2025 N2K Networks, Inc. All rights reserved. CyberWire® is a registered trademark of N2K Networks, Inc.