# What's in a number?

I was amused to read about the latest estimates of the number of intelligent alien civilisations, recently reported in the International Journal of Astrobiology. Apparently the discovery of more than 330 planets outside our solar system in recent years has helped “refine” the number of life forms that are likely to exist. The new research claims that there might be as little as 361 intelligent civilisations in our Galaxy and possibly as many as 37,964.

You have to admire such breathtaking precision. It brings to mind those heavily-flawed estimates we make of risk probabilities: the ones that suggest the likelihood of a risk might be, say, 40%, but without mentioning that the accuracy of the estimate is plus or minus 90%. Such estimates are obviously worthless as a means of prediction, though they’re often useful for building business cases for investment appraisal, or, ironically, to demonstrate prudent corporate governance to an auditor.

More interestingly, numbers can convey subtle degrees of spin, depending on their precision and context. A number with one or two decimal points comes across as well-measured. A round number sounds suspiciously like a guess. The exception is the 80/20 rule which is strangely compelling and plausible, even though most examples quoted are not based on any sound research.

Donn Parker always used to quote a made-up, precise number when discussing security risks. Many people took him seriously, though he was actually making the point that such statistics are nonsense and should not be relied upon. He was absolutely right. Taking figures from external sources is potentially dangerous. Many assumptions do not apply outside their original context. That’s why “Assume context at your peril” is a key Jericho Forum principle.

The other problem is that figures tend to get distorted as they’re passed on from person to person. For example, 37% might quickly become “one in three” or “over 30%” or “around 40%” after just a few exchanges. In fact, research has long indicated that around 70% of the details of a story passed on by word of mouth are lost in the first five or six exchanges.

Douglas Adams hit the nail on the head when he suggested that the answer to life, the universe and everything was 42. Because in security, it’s the question that really counts, not the answer.

## SearchCIO

• ### Replacing vs. maintaining legacy systems

As CIOs embrace more digital technologies, it's important that they determine the current status of their legacy systems and ...

• ### Managing cybersecurity during the pandemic and in the new digital age

Roota Almeida, CISO at Delta Dental of New Jersey and Delta Dental of Connecticut, talks about the cybersecurity threats she's ...

• ### Enterprise architecture has business's ear at Scottish Water

Scottish Water's enterprise architecture team leader discusses how engaging with business leaders and software tools can help ...

## SearchSecurity

• ### 6 SSH best practices to protect networks from attacks

SSH is essential, but default installations can be costly. Auditing and key management are among critical SSH best practices to ...

• ### Companies must train their SOC teams well to prevent breaches

SOC teams can have all the latest and greatest cybersecurity tools, but unless they have the proper training, it won't be enough ...

• ### Risk & Repeat: FBI's web shell removal raises questions

The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in ...

## SearchNetworking

• ### Aruba product integrations advance its SASE strategy

Aruba's latest SASE-related integrations involve the Silver Peak-based SD-WAN, Threat Defense and the ClearPass Policy Manager. ...

• ### Wi-Fi 6 rollout requires careful review of network devices

Wi-Fi 6 is just one part of the overall enterprise network. Organizations need to evaluate several network components to ensure a...

## SearchDataCenter

• ### Programmable processor technology for next-gen data centers

The right processing technology can benefit your data center. Learn about advancements in CPU technologies, recent vendor ...

• ### Data processing units accelerate infrastructure performance

DPUs often run on networking packets to move information in the data center, instead of supporting processing workflows. Get an ...

• ### New Intel Ice Lake processors boost performance, security

Intel launches third-generation Xeon Scalable processors that bolster security, accelerate common data center workloads by 46% on...

## SearchDataManagement

• ### Who belongs on a high-performance data governance team?

Putting together a high-quality data governance team can be a challenge. Explore the necessary team members and best practices ...

• ### Soda launches cloud service to improve data observability

Data quality vendor Soda has had a busy 2021, building out new services and raising funding to help organizations identify and ...

• ### Bigeye raises \$17M Series A funding to boost data quality

The former Uber product manager and current CEO and co-founder of a startup outlines the challenges and opportunities of enabling...

Close