From Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification
暫譯: 從熱圖到直方圖:網路風險量化實用指南

Martin-Vegue, Tony

From Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification
  • 出版商: Apress
  • 出版日期: 2026-03-19
  • 售價: $1,540
  • 貴賓價: 9.8$1,509
  • 語言: 英文
  • 頁數: 436
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 9798868822995
  • ISBN-13: 9798868822995
  • 相關分類: 科技科普 Technology

    • 海外代購書籍(需單獨結帳)

商品描述

Cyber risk quantification (CRQ) is the practice of measuring cybersecurity risk using numbers --not colors or guesswork. Instead of labeling risks "high," "medium," or "low," CRQ uses probabilities, ranges, and impact estimates to help organizations make better, data-informed decisions about risk.

In a world where ransomware gangs operate like small businesses, every core function of an organization is digital, and Boards and regulators are demanding meaningful, defensible risk metrics, CRQ has never been more relevant than now. And thanks to AI, it's about to scale fast.

At the same time, CRQ is often misunderstood as expensive, technical, or just "voodoo math." People assume you need a stats degree, six-figure software, or a room full of analysts. This book is here to prove otherwise.

From Heatmaps to Histograms is a hands-on, plain-English guide written by a seasoned practitioner who's built CRQ programs at top global companies. It's packed with step-by-step instructions, practical tips, templates, shortcuts, AI prompts, and plenty of myth-busting to take you from CRQ skeptic to CRQ champion--even if you've never cracked open a statistics book.

All techniques in this book can be performed in Excel or Google Sheets--no coding required. But for readers who want to go further, you'll find dozens of GenAI prompts that help you generate risk scenarios, clean messy data, or even "vibe-code" your way through a Monte Carlo simulation in Python or R. You'll also get guidance on when to not use AI, how to spot hallucinations, and how to integrate it responsibly into your risk practice.

CRQ is no longer optional. This is your roadmap for making it work--cheaply, ethically, and effectively.

What You Will Learn:

  • A beginner-friendly introduction to the statistical foundations of CRQ, including Monte Carlo simulations, credible intervals, Bayesian reasoning, and simple methods for summarizing uncertainty--without requiring a math or coding background.
  • How to gather, vet, and work with data--even when it's scarce, messy, or missing.
  • How to perform full end-to-end quantitative risk assessments using only Excel or Google Sheets.
  • How to harness the power of generative AI to supercharge risk analysis workflows.
  • How to apply CRQ and GenAI responsibly and ethically, with clear guidance on common pitfalls, misuse scenarios, and how to ensure transparency, fairness, and trustworthiness in your analysis and reporting.

Who This Book is for:

Beginner/Intermediate in the cyber/technology risk management field

商品描述(中文翻譯)

網路風險量化(Cyber risk quantification, CRQ)是使用數字來衡量網路安全風險的實踐——而不是顏色或猜測。CRQ不會將風險標記為「高」、「中」或「低」,而是使用概率、範圍和影響估算來幫助組織做出更好的、以數據為依據的風險決策。

在勒索病毒團夥像小型企業一樣運作的世界中,每個組織的核心功能都是數位化的,而董事會和監管機構則要求有意義且可辯護的風險指標,CRQ的相關性比以往任何時候都更高。多虧了人工智慧,它即將快速擴展。

同時,CRQ常常被誤解為昂貴、技術性強或僅僅是「巫術數學」。人們認為你需要統計學學位、六位數的軟體或一間滿是分析師的房間。本書旨在證明這一點並非如此。

《從熱圖到直方圖》是一本實用的、通俗易懂的指南,由一位經驗豐富的從業者撰寫,他在全球頂尖公司建立了CRQ計劃。本書充滿了逐步指導、實用技巧、範本、捷徑、AI提示,以及大量的迷思破解,幫助你從CRQ懷疑者變成CRQ擁護者——即使你從未翻開過一本統計書。

本書中的所有技術都可以在Excel或Google Sheets中執行——不需要編碼。但對於想要更深入的讀者,你會發現數十個生成式AI提示,幫助你生成風險情境、清理混亂數據,甚至在Python或R中進行蒙地卡羅模擬的「氛圍編碼」。你還將獲得何時使用AI的指導、如何識別幻覺,以及如何負責任地將其整合到你的風險實踐中。

CRQ不再是可選的。這是你實現其運作的路線圖——以低成本、道德和有效的方式。

你將學到的內容:


  • 對CRQ統計基礎的初學者友好介紹,包括蒙地卡羅模擬、可信區間、貝葉斯推理,以及總結不確定性的簡單方法——無需數學或編碼背景。

  • 如何收集、審核和處理數據——即使數據稀缺、混亂或缺失。

  • 如何僅使用Excel或Google Sheets執行完整的端到端定量風險評估。

  • 如何利用生成式AI的力量來加速風險分析工作流程。

  • 如何負責任和道德地應用CRQ和生成式AI,並提供有關常見陷阱、誤用情境的明確指導,以及如何確保分析和報告的透明度、公平性和可信度。

本書適合誰:
對網路/技術風險管理領域的初學者/中級者。

作者簡介

Tony Martin-Vegue is a cybersecurity and technology risk expert with over 25 years of experience helping Fortune 500 companies build and scale quantitative risk programs. He writes and speaks prolifically on the topic of risk and decision science, and is known for his new ways of thinking about old problems.

A hands-on practitioner as much as a leader, Tony has performed an estimated 1,000 quantitative risk assessments across domains including cyber, fraud, operations, and enterprise risk. He's a frequent speaker at FAIRcon, SIRAcon, RSA, various Security BSides, and ISACA events. He also chairs the San Francisco Chapter of the FAIR Institute, a global organization dedicated to advancing risk quantification practices, and was honored with the FAIR Ambassador Award in 2020. He has been published in numerous publications such as the ISACA journal, Risk.net, and regularly blogs at tonym-v.com on the topics of risk, quantification, and security economics.

Tony lives with his family on an island in the San Francisco Bay (not Alcatraz)--though he has swum from Alcatraz to San Francisco ten times.

作者簡介(中文翻譯)

Tony Martin-Vegue 是一位網路安全與技術風險專家,擁有超過 25 年的經驗,幫助《財富》500 強公司建立和擴展量化風險計畫。他在風險與決策科學的主題上撰寫和演講頻繁,以其對舊問題的新思維方式而聞名。

作為一位實踐者和領導者,Tony 在網路、詐騙、運營和企業風險等領域進行了約 1,000 次量化風險評估。他經常在 FAIRcon、SIRAcon、RSA、各種 Security BSides 和 ISACA 活動中演講。他還擔任 FAIR Institute 的舊金山分會主席,這是一個致力於推進風險量化實踐的全球組織,並於 2020 年獲得 FAIR 大使獎。他的文章發表在多個出版物上,如 ISACA 雜誌、Risk.net,並定期在 tonym-v.com 上撰寫有關風險、量化和安全經濟學的博客。

Tony 與家人住在舊金山灣的一個島嶼上(不是阿爾卡特拉斯島)——儘管他 曾經 十次從阿爾卡特拉斯島游泳到舊金山。

類似商品