relating decision science to the measurement of risk in information security.
Decomposing security risk into scenarios
Ryan McGeehan

I highly recommend this book, or as a more general primer to address the knee-jerk reaction of “we can’t measure that, we don’t have (enough|actuarial|etc.) data”, check How To Measure Anything, Hubbard’s first book with more examples from various industries.

Show your support

Clapping shows how much you appreciated John T. Hoffoss’s story.