6 Theories of Probability and 6 Reasons Why They Matter to ISRA

Propensity Theory of Probability: There is a universal tendency among bachelors to be unmarried. Therefore, the probability of an unmarried bachelor is 100%.

Personal Theory of Probability: My degree of belief that there is an unmarried bachelor is 100%.

Intersubjective Theory of Probability: Our degree of belief that there is an unmarried bachelor is 100%.

Why These Theories Matter to ISRA

Why does this philosophical distinction between objective and subjective theories of probability matter to security specialists?

(1) The theories provide  much-needed clarification of the meaning of “probability.” At risk of stating the obvious, one reason these distinctions matter is because they get at the heart of what we mean by “probability.” For example, consider a system administrator who has not applied the latest security patches to his servers as quickly as the security engineer would like. Let Pr(C | ~P) represent the probability of system compromise, conditional upon not having applied the patches. The system administrator’s estimate of Pr(C | ~P) may well be lower than the security engineer’s  estimate. According to the personal theory of probability, each individual is simply measuring their individual degree of belief in C conditional upon not P. Thus, the two individuals do not strictly disagree with each other.

If this seems counterintuitive, imagine two people talking about their favorite flavor of ice cream. Suppose that both of them use a personal theory of preference to describe their favorite flavor. The first person says that chocolate is their favorite flavor, while the second person prefers vanilla. The statement, “I, person A, prefer chocolate,” and the statement, “I, person B, prefer vanilla,” do not contradict each other. According to the personal theory of preference, there could only be a disagreement if the first said, “I, person A, prefer chocolate,” and then the second person, “No, person A, you prefer vanilla.”


  1. Russell Thomas Sep 8, 2010 at 10:23 am | Permalink

    Great post, Jeff.

    One thing I’ll add is to counter the criticism that ISRA relies on *predictions* of the future, which is another way of saying “knowledge about the future”. Most InfoSec people, in their gut, feel that such knowledge is unattainable or infeasable.

    But ISRA is really not about predicting the future or having highly certain knowledge about the future. Instead, it’s benefit is to help us ORGANIZE OUR UNCERTAINTY. It’s the systematic treatment of uncertainty and ignorance in all it’s forms, with a goal of promoting continuous learning and adaptation.

    Russell Cameron Thomas

  2. Jeff Lowder Sep 8, 2010 at 2:10 pm | Permalink

    Thanks, Russell. I’m glad you liked the post!

    Regarding the issue of ‘predicting’ the future, I think I agree with your point, but I would word it in a slightly different way. I would say that risk analyses do make ‘predictions’ about the future, but these predictions are hedged in various ways. For example, personal probabilities and intersubjective probabilities represent our degrees of belief (and, accordingly, our uncertainty) regarding various information security-related hazards. Additionally, as my discussion of single-case probabilities hopefully makes clear, frequency probabilities typically don’t make a prediction about a single event. On the other hand, estimated relative frequencies do … estimate the actual relative frequency in the real world, and hence the corresponding ‘actual’ frequency probability. Thus, for example, an ISRA may not provide an inductively correct argument for concluding that this web server will be attacked at this time, but it may be able to show that some system will be attacked at some time during a given time span. In that sense, I would say that ISRA does make predictions. This does not deny what I think is your point, however, that the criticism of ISRA falsely assumes that ISRA is committed to making a series of predictions about single events.


Post a Comment

Your email is never published nor shared. Required fields are marked *