We are now in possession of proven theorems and masses of worked-out numerical examples. As a result, the superiority of Bayesian methods is now a thoroughly demonstrated fact in a hundred different areas.

—E. T. Jaynes, Quantum Physicist and Outspoken Bayesian Proponent, in Probability Theory: The Logic of Science: Principles and Elementary Applications

The previous chapter showed how the performance of subjective probabilities are objectively measurable—and they have been measured thoroughly in published scientific literature. These subjective “prior probabilities” (“priors” for short) are the starting point of all of our analyses. This is the best way to both preserve the special knowledge and experience of the cybersecurity expert and produce results that are mathematically meaningful and useful in simulations. Stating our current uncertainty in a quantitative manner allows us to update our probabilities with new observations using some powerful mathematical methods.

The tools we are introducing in this chapter are part of Bayesian methods in probability and statistics, named after the original eighteenth-century developer of the idea, Reverend Thomas Bayes. It has multiple advantages that are particularly well suited to the problems the cybersecurity expert faces. First, it exploits existing knowledge of experts. This is in contrast to conventional methods the reader may have been exposed to in first-semester statistics, ...