Reading Recommendations

The following books were writen in part or in whole by Douglas W. Hubbard, President and CEO of Hubbard Decision Research.

How to Measure Anything in Cybersecurity Risk

What if your single biggest cybersecurity risk was the risk assessment method itself? Even if your approach to assessing this critical risk makes you feel more confident about your decisions, you may actually be making things worse. How to Measure Anything in Cybersecurity Risk presents real solutions by skillfully applying the quantitative language of risk analysis to information security.

As with his previous How to Measure Anything books, measurement expert Douglas Hubbard simplifies the complexity of quantifying uncertainty and sheds light on matters with little data or seemingly intangible goals—and here he taps cybersecurity influencer Richard Seiersen to dispel long-held beliefs about cybersecurity practices and provide authoritative guidance to solving problems by measuring risk. Together, they debunk popular risk scores and risk matrices and replace them with scientifically proven, yet practical, quantitative methods.

Immediately useful, this practical guide offers an easy path to better risk assessment by describing a very simple quantitative solution, building on it with more advanced methods, and providing detailed advice for choosing the one for your needs. Regardless of your current understanding of cybersecurity or statistics, everything inside is fully accessible and equips you with a potent collection of strategies and tools from today’s top experts in cybersecurity and risk assessment. This complete resource gets you there start to finish by:

• Debunking the most common arguments against using quantitative methods in cybersecurity
• Modeling risk with a variety of simple and advanced techniques for enhancing the usefulness of data in times of great uncertainty using free, downloadable spreadsheets
• Detailing a dependable, organization-wide security metrics maturity model for continuous and measurable improvement

The thought process that goes into making informed decisions with sparse data points, using the described “Lens” method to reduce estimation errors, along with the many other techniques inside, will advance how you run cybersecurity as well as how you measurably improve other types of high-stakes decisions. How to Measure Anything in Cybersecurity Risk shows you nothing is immeasurable—including your peace of mind.

How to Measure Anything: Finding the Value of Intangibles in Business – 3rd Edition

Anything can be measured. This bold assertion is the key to solving many problems in business and life in general. The myth that certain things can’t be measured is a significant drain on our nation’s economy, public welfare, the environment, and even national security. In fact, the chances are good that some part of your life or your professional responsibilities is greatly harmed by a lack of measurement – by you, your firm, or even your government. Regardless of your role in business, understanding the power of measurement will make you, those around you, and your organization more efficient and productive.

Using simple concepts to illustrate the hands-on application of advanced statistical techniques, How to Measure Anything, Third Edition reveals the power of measurement in our understanding of business and the world at large. This insightful and engaging book shows you how to measure those things in your business that you may have previously considered immeasurable, including: customer satisfaction, organizational flexibility, technology ROI, and technology risk. Offering examples that will get you to attempt measurements—even when it seems impossible—this book provides you with the underlying knowledge and the necessary steps for measuring anything, especially uncertainty and risk. This revised third edition provides even deeper insights into the fascinating practice of measuring intangibles, with a special emphasis on risk management and customer satisfaction. New and updated chapters also include:

• A philosophical discussion of different approaches to probabilities, including what is known as the “Bayesian” vs. “frequentist” interpretations of probability
• Information compiled from other popular works and compelling articles from Douglas W. Hubbard
• Enlightening new examples of where seemingly impossible measurements were resolved with surprisingly simple methods
• More measurement myths and other perceived obstacles to measurement debunked

A complete and updated resource with real-world case studies and an easy-to-follow format, How to Measure Anything, Third Edition illustrates how author Douglas Hubbard—creator of Applied Information Economics—has successfully applied his approach across various industries. You’ll learn how any problem, no matter how difficult, ill-defined, or uncertain, can lend itself to measurement using proven methods. Straightforward and accessible, this is the resource you’ll turn to again and again to measure the seemingly immeasurable.

The Failure of Risk Management: Why It’s Broken and How to Fix It

The 2008 credit crisis, terrorism, Katrina, computer hackers, and air travel disasters all have something in common-the methods used to assess and manage these risks are fundamentally flawed. If risks cannot be properly evaluated, risk management itself becomes the biggest risk. The Failure of Risk Management shows you how to identify and fix these hidden problems in risk management.

Ineffective risk management methods, often touted as “best practices,” are passed from company to company like a bad virus with a long incubation period: there are no early indicators of ill effects until it’s too late and catastrophe strikes. Exploring why risk management fails—the failure to measure and validate methods as a whole or in part; the use of components known not to work; and not using components that are known to work—The Failure of Risk Management shows you how to measure the performance of risk management in a meaningful way, identify where risk management is broken, and fix it.

Respected expert and bestselling author Douglas Hubbard-creator of the critically praised Applied Information Economics (AIE)—uses real-world examples to reveal the serious problems in our current approaches to risk analysis. Hubbard skillfully illustrates how to use a calibrated risk analyses approach, and the many benefits that go along with it, along with checklists and practice examples to get you started.

One of the first resources to apply risk management across all industries, The Failure of Risk Management provides you with the tools you need to hit the ground running with radically better risk management solutions.

Here, you’ll discover:

• The diversity of approaches to assess and mitigate risks
• Why many influential methods-both qualitative and quantitative don’t work
• Why we shouldn’t always trust assessments based on “experience” alone
• The fallacies that stop you from adopting better risk management methods
• How those who develop models of risks justify (in error) excluding the biggest risks
• Adding empirical science to risk management