This book tackles the problem of complexity within IT environments, i.e., Cybercomplexity, which is generally recognized as a principal source of cybersecurity risk. The book first defines complexity and simplifies its analysis by assuming a probabilistic approach to security risk management. It then proposes a simple model of cybercomplexity that is based on Shannon entropy, a basic concept in information theory. The key drivers of cybercomplexity emerge from this model, where these drivers reveal the scale-dependence of cybersecurity risk and explain why macroscopic security controls are required to address cybersecurity risk on an enterprise scale. The significant operational implications of cybercomplexity are also discussed, thereby providing both a theoretical framework and a practical guide to addressing this longstanding problem in cybersecurity risk management.
Carl S. Young has held senior security-related positions in the US government, the financial sector, consulting, and academia. He is the author of four previous reference books on science applied to security risk management as well as numerous technical papers. He has been an adjunct professor at the John Jay College of Criminal Justice and is the co-founder of Consilience 360, a security risk consulting firm located in New York City. Mr. Young earned undergraduate and graduate degrees in mathematics and physics from the Massachusetts Institute of Technology (MIT).
Carl S. Young在美國政府、金融業、諮詢和學術界擔任過高級安全相關職位。他是四本以科學應用於安全風險管理為主題的參考書籍的作者，並發表過許多技術論文。他曾任教於約翰傑伊刑事司法學院，並是位於紐約市的安全風險諮詢公司Consilience 360的共同創辦人。Young先生在麻省理工學院（MIT）獲得了數學和物理學的學士和碩士學位。