Augusto Paes de Barros blog on many things cybersecurity.
Friday, May 1, 2009
Numbers, numbers, numbers
The last Verizon reports brought a lot of very good numbers to the Information Security space, so much in need for reliable data. There is always the risk of people using numbers in a wrong way, falling into the famous "base rate fallacy" class of mistakes.Check Pete Lindstrom commentsonit, they perfectly illustrate how easy is to get wrong conclusions from those numbers. For me it's just another reason to believe that risk calculations are not as useful as we believe.