I was reading this article in the ISSA Journal from December 2005 that talks about Bayes’ Theorem and its application in security posture analysis. I love math and was very interested in what the article has to say. However, when I reached the end, I was not quite sure what I learned and why Bayes would help me to do any analysis. The examples given in the article are very poor. If department A has a 90% of all the faults, it probably needs a reorganisation. I don’t need any mathematician to tell me that, not even Bayes.

Sometimes people are blinded by math. Just because it’s a nice theorem, don’t abuse it. In the entire article, the probabilities are never discussed. They are **completely** random. There is no guidance in choosing them. Making the entire analysis completely useless! The outcome from all the math and complexity is extremely logical. Again, there is no added value in using Bayes for this.

Maybe I am missing the point of the article, but I did not learn anything. Maybe I should retake statistics…

December 27, 2005

## Bayes’ Theorem in Security Posture Analysis

#### 3 Comments
**»**

RSS feed for comments on this post. | TrackBack URI

Try this on:

http://www.riskmanagementinsight.com/media/docs/FAIR%20introduction%20DRAFT%20v20.pdf

Comment by alex huttonutton — December 27, 2005 @ 11:18 am

That is quite an interesting article alex_huttonnutton, there are definatly some thought provoking topics in that pdf. I wonder though how it will stand up in practice? any thoughts? I mean it sounds great on paper.

Comment by Jennifer Wells — January 11, 2006 @ 5:48 pm

Bayes theoram has potentially extensive application in artificial intelligence. That doesn’t sound realistics to many others like you. However I can give you one fine example that would help understand the concept in the first place.

Suppose you come up to me and told that a rare even occured, say 10/10,000 I would not necessarily give it an ear because that’s rare. But if I know the witness (you) speak truth 80/100 times that there is a strong likelyhood that you that even happened is actually rare. That is the basic concept behind Bayes’ theoram. It estimates on the basis of conditional probability.

But then there are few argument which are worth considering. e.g what an 18th century scholar could give to 21st century?

Comment by Ejaz — June 6, 2007 @ 11:55 pm