O'Reilly logo

How to Measure Anything in Cybersecurity Risk by Stuart McClure, Daniel E. Geer Jr., Richard Seiersen, Douglas W. Hubbard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7 Calibrated Estimates: How Much Do You Know Now?

The most important questions of life are indeed, for the most part, really only problems of probability.

—Pierre Simon Laplace, Théorie Analytique des Probabilités, 18121

The method described so far requires the subjective evaluation of quantitative probabilities. For example, the cybersecurity expert will need to assess a probability that an event will occur or how much will be lost if it does. This meets some resistance. Some cybersecurity experts who seem to have no issue with assigning a “medium” or a “2” to a likelihood will often wonder how it is possible to subjectively assess a quantitative probability of an event.

Of course, it is legitimate to ask whether subjective probabilities can be valid. Fortunately, as mentioned in Chapter 5, much research has already been done on this point and two findings are clear: (1) Most people are bad at assigning probabilities, but (2) most people can also be trained to be very good at it.

Yes, the validity of subjective estimates of probability can be and has been objectively measured (ironically, perhaps to some). To deny this is a rejection of scientifically validated facts. A cybersecurity expert can learn how to express his or her uncertainty with a subjective—but quantitative—expression of uncertainty. In this chapter we will introduce the basic idea of using subjective estimates of probabilities. We will also show how your skill at doing this can be measured and improved ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required