How to Measure Anything in Cybersecurity RiskHubbard, D. W., Seiersen, R., Geer, D. E., & McClure, S. (2016). How to measure anything in cybersecurity risk. Wiley.
Read Chapter 3. Model Now!: An Introduction to Practical Quantitative Methods for Cybersecurity
This chapter explores the quantitative methods used in risk assessment.
Read Chapter 10. Toward Security Metrics Maturity
This chapter explores different operational security metrics maturity models.
Read Chapter 12. A Call to Action: How to Roll Out Cybersecurity Risk Management
This chapter discusses cybersecurity as an operational function that should be redefined around quantitative risk management strategically implemented by the organization.