---
product_id: 32672660
title: "How to Measure Anything in Cybersecurity Risk"
price: "HK$26"
currency: HKD
in_stock: false
reviews_count: 13
url: https://www.desertcart.hk/products/32672660-how-to-measure-anything-in-cybersecurity-risk
store_origin: HK
region: Hong Kong
---

# How to Measure Anything in Cybersecurity Risk

**Price:** HK$26
**Availability:** ❌ Out of Stock

## Quick Answers

- **What is this?** How to Measure Anything in Cybersecurity Risk
- **How much does it cost?** HK$26 with free shipping
- **Is it available?** Currently out of stock
- **Where can I buy it?** [www.desertcart.hk](https://www.desertcart.hk/products/32672660-how-to-measure-anything-in-cybersecurity-risk)

## Best For

- Customers looking for quality international products

## Why This Product

- Free international shipping included
- Worldwide delivery with tracking
- 15-day hassle-free returns

## Description

A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything , author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing―as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

Review: Remarkable book for everyone - I was assigned this as one of the texts for a graduate-level seminar in cybersecurity and cyberwarfare economic risk analysis. This book is remarkable in that it presents a clear framework for "non-mathies" to become statistically literate enough to debunk common misconceptions and move beyond the standard qualitative "stoplight chart" style risk matrix charts into true quantifiable probabilities. The authors hold the readers hand each step of the way, beginning with a simple 3-step process to easily replace the standard stoplight risk matrix with actual quantifiable numbers. Fundamental points made by the authors include: - Experts who claim some elements are purely qualitative and cannot be measured are simply wrong and haven't properly defined what they are trying to measure ye. - "We don't have enough information to measure this" is a statement that refutes itself, because it claims there IS some threshold of measurement beyond which it can be "measured" -- implying it can be measured now since it can be compared to that imaginary threshold. - Virtually everything we encounter in any situation has already been measured and has math models for predicting behavior, we just need to figure out what we are trying to measure and find the models for it. - Claiming "there aren't enough samples for statistical significance" shows the person doesn't understand statistics -- a LOT of useful info can be gleamed from very small samples, and all we need to do is REDUCE uncertainty to be useful, not eliminate it. The authors guide the read through the entire process of building a gut-level intuition for basic statistical and probabilistic thinking and modeling, allowing readers to immediately stop using vague "hi/med/low" assessments (that are just as full of errors as any mathematical formulation) and start using quantifiable predictions that can be easily improved as more information becomes available. A great leader once told me that we typically only have about 70% of the information we want to have when the time comes to make a decision. This book helps you increase that number before decision time runs out.
Review: Interesting way of thinking differently about security problems especially during ... - Interesting way of thinking differently about security problems especially during a time where most of the decisions are made without using quantitative analytics or using standard measuring methods that the insurance industry has been using to predict catastrophes and ROI.

## Technical Specifications

| Specification | Value |
|---------------|-------|
| Best Sellers Rank | #402,396 in Books ( See Top 100 in Books ) #85 in Business Statistics #190 in Statistics (Books) |
| Customer Reviews | 4.5 out of 5 stars 338 Reviews |

## Images

![How to Measure Anything in Cybersecurity Risk - Image 1](https://m.media-amazon.com/images/I/717eLWfeDdL.jpg)

## Customer Reviews

### ⭐⭐⭐⭐⭐ Remarkable book for everyone
*by D***E on February 20, 2018*

I was assigned this as one of the texts for a graduate-level seminar in cybersecurity and cyberwarfare economic risk analysis. This book is remarkable in that it presents a clear framework for "non-mathies" to become statistically literate enough to debunk common misconceptions and move beyond the standard qualitative "stoplight chart" style risk matrix charts into true quantifiable probabilities. The authors hold the readers hand each step of the way, beginning with a simple 3-step process to easily replace the standard stoplight risk matrix with actual quantifiable numbers. Fundamental points made by the authors include: - Experts who claim some elements are purely qualitative and cannot be measured are simply wrong and haven't properly defined what they are trying to measure ye. - "We don't have enough information to measure this" is a statement that refutes itself, because it claims there IS some threshold of measurement beyond which it can be "measured" -- implying it can be measured now since it can be compared to that imaginary threshold. - Virtually everything we encounter in any situation has already been measured and has math models for predicting behavior, we just need to figure out what we are trying to measure and find the models for it. - Claiming "there aren't enough samples for statistical significance" shows the person doesn't understand statistics -- a LOT of useful info can be gleamed from very small samples, and all we need to do is REDUCE uncertainty to be useful, not eliminate it. The authors guide the read through the entire process of building a gut-level intuition for basic statistical and probabilistic thinking and modeling, allowing readers to immediately stop using vague "hi/med/low" assessments (that are just as full of errors as any mathematical formulation) and start using quantifiable predictions that can be easily improved as more information becomes available. A great leader once told me that we typically only have about 70% of the information we want to have when the time comes to make a decision. This book helps you increase that number before decision time runs out.

### ⭐⭐⭐⭐ Interesting way of thinking differently about security problems especially during ...
*by P***N on December 1, 2016*

Interesting way of thinking differently about security problems especially during a time where most of the decisions are made without using quantitative analytics or using standard measuring methods that the insurance industry has been using to predict catastrophes and ROI.

### ⭐⭐⭐⭐⭐ Should be on the reading list of both cybersecurity and data protection professionals.
*by A***R on August 3, 2016*

This book is a must-read not only for cybersecurity professionals but also for data privacy professionals. The forward states that "you can't manage something that you cannot measure." The book then goes on to evaluate traditional approaches to measuring cybersecurity risk, proposes improvements to such approaches and introduces more effective approaches and techniques. These approaches and techniques apply not only to "perimeter defense” mechanisms and “access controls" traditionally associated with cybersecurity – they also apply to data use issues associated with data privacy versus cybersecurity. Recent changes in international data protection laws – which encompass both cybersecurity and data privacy – require that data be transformed into a “protect first” mode rather than remaining in "use first" mode where data remains vulnerable while in use. The new EU General Data Protection Regulation (GDPR) which goes into effect in 2018, and which includes fines of up to 4% of global revenues for infractions, calls this “protect first" mode "Data Protection by Default." Data Protection by Default under the GDPR requires that techniques be applied at the earliest opportunity (e.g., by pseudonymizing data at the earliest opportunity) so that data use is limited to the minimum extent and time necessary to support a specific product or service as expressly authorized by a data subject. Data Protection by Default and other “protect first” data protection regimes will require effective measurement of risks so they can be effectively implemented and managed. For these reasons, this book should be on the reading list of both cybersecurity as well as data protection professionals.

## Frequently Bought Together

- How to Measure Anything in Cybersecurity Risk
- Measuring and Managing Information Risk: A FAIR Approach
- How to Measure Anything: Finding the Value of Intangibles in Business

---

## Why Shop on Desertcart?

- 🛒 **Trusted by 1.3+ Million Shoppers** — Serving international shoppers since 2016
- 🌍 **Shop Globally** — Access 737+ million products across 21 categories
- 💰 **No Hidden Fees** — All customs, duties, and taxes included in the price
- 🔄 **15-Day Free Returns** — Hassle-free returns (30 days for PRO members)
- 🔒 **Secure Payments** — Trusted payment options with buyer protection
- ⭐ **TrustPilot Rated 4.5/5** — Based on 8,000+ happy customer reviews

**Shop now:** [https://www.desertcart.hk/products/32672660-how-to-measure-anything-in-cybersecurity-risk](https://www.desertcart.hk/products/32672660-how-to-measure-anything-in-cybersecurity-risk)

---

*Product available on Desertcart Hong Kong*
*Store origin: HK*
*Last updated: 2026-06-09*