Upload
nguyennhu
View
215
Download
2
Embed Size (px)
Citation preview
Course Wrapup
Tyler Moore
Computer Science & Engineering Department, SMU, Dallas, TX
Last lecture (before project presentations)
Big ideas from the coursePolicy options for improving security
Final exam review
Big ideas from the course
1 Computer science alone can’t fix information security
2 The best level of security is often not the most you can afford
3 Information security risk can be managed if (1) it can bemeasured and (2) responsibility for failures clearly assigned
4 Most “hard” security problems arise by failing to meet one orboth of these conditions
3 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
CS alone can’t fix security
Attackers and defenders operate strategically
As security engineers, we must design systems that follow thelaws of human natureProfit-motivated adversaries can break systems in waysdesigners don’t considerDefenders don’t make decisions based on what will maximizesecurity; instead they consider costs and their own interests
4 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
War story: why CS alone can’t fix security
5 / 31
Notes
Notes
Notes
Notes
Big ideas from the coursePolicy options for improving security
Final exam review
The best level of security is not always the most securityyou can afford
Security investment usually has decreasing marginal returns
0
λv
Security investment c
v
S(c , v)
EBIS
c1
∆c
∆EBIS1
c2
∆c
∆EBIS2
6 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
The best level of security is not always the most securityyou can afford
Opportunity costs are chronically underestimated by securityengineers
“the true cost of something is what you give up to get it”(The Economist A-Z of Economics)
What’s the opportunity cost of requiring annual passwordchanges?
What’s the benefit of requiring annual password changes?
Is what we’re giving up worth the expected benefit?
7 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Conditions for managing information security risks
1 Can the cost and probability of incidents be measuredaccurately?
Are there information asymmetries?Do victims have an incentive to report?Does anyone have an incentive to hype threats?
2 Is responsibility for failures clearly assigned?
When things go wrong, is the insecure party the only oneaffected?Is fault shared across many parties, and if so, who decides whopays?
8 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Policy options for information security
If the reasons why security fails are not purely technical, itstands to reason that solutions must not be limited to thetechnical
Market failures (e.g., information asymmetries, externalities)motivate policy interventions
Options for intervention1 Ex ante safety regulation2 Ex post liability3 Information disclosure4 Intermediary liability
10 / 31
Notes
Notes
Notes
Notes
Big ideas from the coursePolicy options for improving security
Final exam review
Traditional regulatory intervention
Ex ante safety regulation
Compliance regimes designed to prevent harmOne way of dealing with difficulty of measuring outcomes
Ex post liability
Assign responsibility when something goes wrongHistorically a non-starter in software industry
Both approaches have significant drawbacks
Failed Cybersecurity Act of 2012 includes weak ex anteregulation coupled with liability exemptions for cooperation
11 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
What about prosecuting cybercriminals?
Law enforcement efforts could be increased to catch morecriminals
But there are fundamental reasons why this will remain animperfect solution
Internationalization of crimeAttackers already shift to more favorable jurisdictionsProliferation of high-volume, low-margin automated crimesSignificant damage can be caused prior to arrest (high indirectcosts)
12 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Information disclosure
Louis Brandeis: “sunlight is saidto be the best of disinfectants”
Information security incidentsare often hidden from publicview, so one light-touchintervention is to mandatedisclosure
13 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Data breach legislation
California Civil Code 1798.82 (2002):
“Any person or business that conducts business
in California, and that owns or licenses
computerized data that includes personal
information, shall disclose any breach of the
security of the system following discovery or
notification of the breach in the security of the
data to any resident of California whose
unencrypted personal information was, or is
reasonably believed to have been, acquired by
an unauthorized person.”
Deirdre Mulligan
14 / 31
Notes
Notes
Notes
Notes
Big ideas from the coursePolicy options for improving security
Final exam review
Many high-profile breaches came to light
15 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Many high-profile breaches came to light
16 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Effect of data breach legislation
Recall big ideas 3 and 4:
Information security risk can be managed if (1) it can bemeasured and (2) responsibility for failures clearly assignedMost “hard” security problems arise by failing to meet one orboth of these conditions
Data breaches used to be a “hard” problem, but theinformation disclosure legislation corrected the limitations
17 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Indirect intermediary liability
Liability isnt always placed on the party responsible for harm
If bad actors beyond reach of law, and a 3rd party is in goodposition to detect/prevent bad acts, then indirect intermediaryliability attractive
18 / 31
Notes
Notes
Notes
Notes
Big ideas from the coursePolicy options for improving security
Final exam review
Intermediary liability and the Internet
Believe it or not, Congress has a history of intervening to stopInternet wickedness
CDA Sec. 230 exempts ISPs from liability for objectionablecontent posted by users, but also offered protection forvoluntary cleanup
DMCA obliges ISPs to remove copyrighted material posted byusers, grants exemption from liability in exchange
UIGEA obliges payment processors to block payment toInternet gambling sites
SOPA/PIPA tried and failed to compel intermediaries to cutoff entire websites deemed to be dedicated to copyrightinfringement
19 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
In sum: policy options for improving security
Information security risk can be managed if (1) it can bemeasured and (2) responsibility for failures clearly assigned
Policies that make measurement easier (e.g., data breachlegislation laws) and clarify responsibility for failures (e.g.,intermediary liability assignment) could substantially improvesecurity
More prescriptive ex ante safety regulation carries risk ofcreating perverse incentives while fixing known incentivefailures
20 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Final exam
Takes place on Saturday December 14, 8-11am
Exam is comprehensive
You are allowed one page of hand-written notes on one side ofa sheet of letter-sized paper, otherwise closed-book,closed-notes, closed-Internet
Single-purpose calculators (i.e., not smartphone apps) areallowed
While you won’t be expected to write R code, you may beasked to interpret R output for the statistical tests covered inclass (similar to how you were asked to do so in Q1 of HW4)
Similarly you may be asked to interpret plots that werecovered in class (e.g., CDFs and survival plots)
You don’t need to memorize the equations used in theGordon-Loeb model
22 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Final exam: topics
1 Introduction
2 Security metrics and investment
3 Measuring cybercrime
4 Security games
Review your past homework assignments and the midterm
23 / 31
Notes
Notes
Notes
Notes
Big ideas from the coursePolicy options for improving security
Final exam review
Sample topics: introduction
Sample economics question
Q1a: Your computer is infected with malware and startssending email spam advertising Viagra. State which marketfailure characterizes this situation.
Q1b: Absent any policy intervention to address the marketfailure, will people under-invest or over-invest in antivirussoftware designed to block such malware from being installed?
24 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Sample topics: security metrics and investment
Q2: If your computer is hacked, then you suffer a loss of $500.Suppose that absent security investment, there is a 10%chance that your computer will be hacked. If you buy antivirussoftware for $30, then the probability is reduced to 5%.
a. What is the expected loss if you don’t buy the AV software(ALE0)?
b. What is the expected loss if you do buy AV software (ALES)?c. What is the expected net benefit of security (ENBIS)?d. Would you buy the AV software for $30? Why or why not?e. What is the most you would pay for AV software?
Q3: The Gordon-Loeb model assumes that there aredecreasing marginal returns to security investment. Give aplausible real-world example where this assumption is justified.
25 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Sample topics: cybercrime
0 50 100 150 200
0.2
0.4
0.6
0.8
1.0
Survival function for search results (TLD)
t days source infection remains in search results
S(t
)
all95% CI.COM.ORG.EDU.NETother
Q4a: The figure plots the survivalprobability for infected websitesthat redirect to illicit pharmacies.Roughly what percentage ofinfected .EDU websites remaininfected after 150 days?
Q4b: Roughly what percentage of“other” (ie blue dotted line)domains are cleaned up within 50days?
26 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Sample topics: cybercrime
0 50 100 150 200
0.2
0.4
0.6
0.8
1.0
Survival function for search results (TLD)
t days source infection remains in search results
S(t
)
all95% CI.COM.ORG.EDU.NETother
Q4a: The figure plots the survivalprobability for infected websitesthat redirect to illicit pharmacies.Roughly what percentage ofinfected .EDU websites remaininfected after 150 days?
Q4b: Roughly what percentage of“other” (ie blue dotted line)domains are cleaned up within 50days?
27 / 31
Notes
Notes
Notes
Notes
Big ideas from the coursePolicy options for improving security
Final exam review
Q5: Identify whether each variable is categorical ornumerical
Data format:Date Search Engine Search Term Pos. URL Domain Redirects? TLD
2011-11-03 Google 20 mg ambien overdose 1 http://products.sanofi.us/ambien/ambien.pdf sanofi.us False other2011-11-03 Google 20 mg ambien overdose 2 http://swift.sonoma.edu/education/newton/newtonsLaws/?20-mg-ambien-overdose sonoma.edu False .EDU2011-11-03 Google 20 mg ambien overdose 3 http://ambienoverdose.org/about-2/ ambienoverdose.org False .ORG2011-11-03 Google 20 mg ambien overdose 4 http://answers.yahoo.com/question/index?qid=20090712025803AA10g8Z yahoo.com False .COM2011-11-03 Google 20 mg ambien overdose 5 http://en.wikipedia.org/wiki/Zolpidem wikipedia.org False .ORG2011-11-03 Google 20 mg ambien overdose 6 http://blocsonic.com/blog blocsonic.com False .COM2011-11-03 Google 20 mg ambien overdose 7 http://dinarvets.com/forums/index.php?/user/39154-ambien-side-effects/page dinarvets.com False .COM2011-11-03 Google 20 mg ambien overdose 8 http://nemo.mwd.hartford.edu/mwd08/images/?20-mg-ambien-overdose hartford.edu True .EDU2011-11-03 Google 20 mg ambien overdose 9 http://www.formspring.me/AmbienCheapOn formspring.me False other2011-11-03 Google 20 mg ambien overdose 11 http://www.drugs.com/pro/zolpidem.html drugs.com False .COM2011-11-03 Google 20 mg ambien overdose 12 http://www.engineer.tamuk.edu/departments/ieen/images/ambien.html tamuk.edu False .EDU2011-11-03 Bing 20 mg ambien overdose 1 http://answers.yahoo.com/question/index?qid=20090712025803AA10g8Z yahoo.com False .COM2011-11-03 Bing 20 mg ambien overdose 2 http://www.healthcentral.com/sleep-disorders/h/20-mg-ambien-overdose.html healthcentral.com False .COM2011-11-03 Bing 20 mg ambien overdose 3 http://ambien20mg.com/ ambien20mg.com False .COM2011-11-03 bing 20 mg ambien overdose 4 http://www.chacha.com/question/will-20-mg-of-ambien-cr-get-you-high chacha.com True .COM2011-11-03 bing 20 mg ambien overdose 5 http://www.rxlist.com/ambien-drug.htm rxlist.com True .COM2011-11-03 Bing 20 mg ambien overdose 6 http://www.drugs.com/pro/zolpidem.html drugs.com False .COM2011-11-03 Bing 20 mg ambien overdose 7 http://answers.yahoo.com/question/index?qid=20111024222432AARFvPB yahoo.com False .COM2011-11-03 Bing 20 mg ambien overdose 8 http://en.wikipedia.org/wiki/Zolpidem wikipedia.org False .ORG2011-11-03 Bing 20 mg ambien overdose 9 http://www.thefullwiki.org/Sertraline thefullwiki.org False .ORG2011-11-03 bing 20 mg ambien overdose 10 http://www.rxlist.com/edluar-drug.htm rxlist.com True .COM2011-11-03 Bing 20 mg ambien overdose 11 http://www.formspring.me/ambienpill formspring.me False other2011-11-03 Bing 20 mg ambien overdose 12 http://ambiendosage.net/ ambiendosage.net False .NET
28 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Guide to analyzing data
Type of Data Exploration Statistics RByEx
1 numerical variable
0 2 4 6 8
0.0
0.4
0.8
ecdf(br$logbreach)
x
Fn(
x)
0 2 4 6 8
log(#records breached)
●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●
●●●●●●●●●●
●●●●
●●●●●●●●
●●●●●●●●●
●●●●
●●●●●●
●●●
●●●●●●●●●●●●●
●●●●●●
●●●●
●●●●●●●
●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●
●●●●
●●●
●●●●●
●●●●●●
●●●
●●●●●●●●●●●●
●●●
●●●
●●●●●●
●●●●
●●●●●●●●●●●●●●●●●●●●
●●●●●●
●●●●●
●●●●
●●●●
●●●●●●●●●●●
●●●●●●●●●●
●●●●●
●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●
●●●
●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●
●●●●●
●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●
●●●●●●●●
●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●
●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●
●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●
●●●●●●●●●●
●●●●●●●●●●●●●
●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●
●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●
●●●●●●●
●●●●●
●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●
●●●●●●
●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●
●●●●●●●●●●
●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●
●●●●●●●
●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●
●●●●●●
●●●●●●●●●●●
●●●●●●●●●●
●●●●●●●●●●●
●●●●●●●●●●●●●●●●●
●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●
●●●●●
●●●●●●●●
●●●●●●
●●●●●●●●●●●●●●●●●●
●●●●
●●●●●●●●
●●●●●●
●●●●●
●●●●●●●●●
●●●●●●
●●●●●
●●●●●●
●●●●●●●●●●●●●●●●●
●●●●●●
●●●●
●●●●●●●
●●●●●●●●●●●●●●●●●●●●
●●●●●●
●●●●●●
●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●
●●●●●
●●●●●●
●●●●●●●●●
●●●●●●●
●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●
●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●
Wilcox test 6.3
1 categorical variable
CARD HACK PHYS STAT
040
080
0
– 3.1# categories=2 – prop.test 6.2
1 categorical, 1 numerical
●●
●
●
●
●●
●●●●●
BSF EDU
02
46
8
Organization Type
log(
#rec
ords
bre
ache
d)
0 2 4 6 8
FALS
ET
RU
E
log(#records breached)
Bre
ach
type
●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●
●●●●●●●
●●●●●●●●
●●●●
●●●●●
●●●●●
●●●
●●●●
●●●●●●●●●●●●
●●●●●
●●●●
●●●●●●
●●●●
●●●●●●●●●●●●●●●●●●
●●●
●●●
●●●
●●●●●●●●●●
●●●
●●●●●●●
●●●●●
●●●●●
●●●●●●●●●●●●●●
●●●●●●
●●●●●
●●●
●●●
●●●●●●●●
●●●●●●●●●
●●●●
●●●●●●●●●●●●●●●●
●●●●●●●●●●●
●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●
●●●●●
●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●●●●
●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●
●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●
●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●
●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●●
●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●
●●●●●●
●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●
●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●
●●●●●●●●●●
●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●
●●●●●●
●●●●●●●●●
●●●●●●●●●●
●●●●●●●●●●●
●●●●●●●●●●●●●●●●
●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●
●●●●●
●●●●●●●
●●●●●●
●●●●●●●●●●●●●●●●●
●●●●
●●●●●●●●
●●●●●
●●●●
●●●●●●●●●
●●●●●●
●●●
●●●●●●
●●●●●●●●●●●●●●●
●●●●●
●●●●
●●●●●
●●●●●●●●●●●●●●●●●●
●●●●●●
●●●●●●
●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●
●●●●●
●●●●●●
●●●●●●●●●
●●●●●●
●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●
●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●
●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●●●●●●●●●
●●●●●●●●
●●●●●
●●●●
●●●●●●●●●●●●●●●●●●
●●●●●●●
●●●●●●●●●●●●
●●●●●
●●●●●●●●●●●
●●●●●●●●
●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
●●●●●
●● ●●
– 10# categories=2 – Wilcox test 6.4
2 categorical variables
TOH
BSF BSO BSR EDU GOV MED NGO
CA
RD
DIS
CH
AC
KIN
SD
PH
YS
PO
RT
STA
TU
NK
N
χ2 test 3.2–3.5 29 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Guide to analyzing data
After visual exploration and any descriptive statistics, you maywant to investigate relationships between variables moreclosely
In particular, you can investigate how one or more explanatory(aka independent) variables influences response (akadependent) variables
Statistical Method Response Variable Explanatory Variable
Odds ratios Binary (case/control) Categorical variables (1 at a time)Linear regression Numerical One or more variables (numerical or categorical)Logistic regression Binary One or more variables (numerical or categorical)Survival analysis Time to event One or more variables (numerical or categorical)
30 / 31
Big ideas from the coursePolicy options for improving security
Final exam review
Q6: Game theory (Cyber arms race)
Russiarefrain build
USA refrain (4,4) (1,3)build (3,1) (2,2)
Q6a: Compute any pure Nash equilibria
Q6b: Identify any outcomes that are Pareto efficient
Q6c: Identify any outcomes that are socially optimal
Q6d: Identify any mixed strategy equilibria
31 / 31
Notes
Notes
Notes
Notes