CircleCityCon 5.0 | How to Lie with Statistics, Information Security Edition
CircleCityCon 5.0 | Indianapolis, IN | June 2, 2018
Slides | Video (I was incredibly sick - I sound horrible and it's hard to listen to)
Abstract:
Stiff statistics, prismatic pie charts, and questionable survey results drown the Information Security space in a sea of never-ending numbers that can be difficult to sift through. Have you ever finished reading a research institution’s annual security report and felt your Spidey sense begin to tingle with doubt or disbelief? What you are probably sensing is a manipulation of statistics, an age-old hoodwink that has been occurring as long as numbers have been used to convey information.
This critical subject was first examined over 60 years ago, when Darrell Huff first published the groundbreaking book “How to Lie with Statistics,” over 60 years ago. This presentation takes the foundation Huff created and updates the core concepts for the contemporary Information Security field.
Most people would be shocked to find that data is often manipulated to lead the reader to a particular conclusion. Several areas are examined: bias in vendor-sponsored security reports, data visualization misuse and common security fallacies.
There is a silver lining - once you are aware of the subtle ways data is manipulated, it’s easy to spot. Attendees will walk away with a new understanding of ways to identify and avoid unintentionally using some of the methods described.