PART 2 - Evolving the Model of Cybersecurity Risk
The chapter starts by discussing the Beta Distribution. With the beta distribution, one can do statistical analysis with a relatively small amount of data. They go on to show some calculations with beta and discuss a use case.
They next discuss the Log Odds Ratio (LOR) method. This "method provides a way for an expert to estimate the effects of each condition separately and then add them up to get the probability based on all the conditions." They also detail a nine step procedure for using this method.
The Lens method is the next one covered. "This approach requires that we build a type of statistical model that is based purely on emulating the judgments of the experts--not by using historical data." Using the lens method, they developed the "lens model" by mapping what can be observed externally. Using this in cybersecurity, the authors found, "in each case, the model was at least as good as human experts, and in almost all cases, it was a significant improvement." This method also involves using regression methods.
Further on there is a section on Estimating the Value of Information for Cybersecurity. They note that value of information is covered in more depth in the first book, How to Measure Anything. "In cybersecurity, the value of information will always be related to decisions you could make to reduce this risk." They look at calculations, "based on the probability of an event, the cost of the control, and the cost of an event without the control."
They finish up discussing other modeling considerations. Those dicussed are the Poisson Distribution, the Gamma Distribution and a case example in R.All in all, an interesting chapter. The reader will get more out of it to take the time to look at the accompanying excel spreadsheets on the book's website and examples therein.