Chapter 7
Calibrated Estimates: How Much Do You Know Now?
The most important questions of life are indeed, for the most part, really only problems of probability.
—Pierre Simon Laplace, Théorie Analytique des Probabilités, 18121
The method described so far requires the subjective evaluation of quantitative probabilities. For example, the cybersecurity expert will need to assess a probability that an event will occur or how much will be lost if it does. This meets some resistance. Some cybersecurity experts who seem to have no issue with assigning a “medium” or a “2” to a likelihood will often wonder how it is possible to subjectively assess a quantitative probability of an event.
Of course, it is legitimate to ask whether subjective probabilities can be valid. Fortunately, as mentioned in Chapter 5, much research has already been done on this point and two findings are clear: (1) Most people are bad at assigning probabilities, but (2)...