How to measure anyting in cybersecurity risk

In this book the authors describe a model that could be used to preform risk-management in a quantifiable way instead of the traditional qualitative way.

They start out by describing the shortcomings of traditional risk-management going on how things can be improved by calibrating estimates and using bayesian methods to calculate the level of risk.

They describe a way of determining metrics to be used in cybersecurity risk-management. In 2023 a second edition of this book has been published.