# Accuracy Of Statistical Analysis In Risk Management

Before providing security suggestions and performing risk management, our team need to gather enough campaign statistical data. In order to prove the accuracy of statistical analysis. We will analyze the accuracy of the statistic result in this chapter.

I - Completing Test and Sampling

Completing Test

For a certain test target, if we can test every member of that target. It is called complete testing. For the complete test, the test accuracy is 100% but cannot be referred to a bigger scope. Also, for most situation, because of the cost and the real situation, it is difficult to test every member of the target. For University XYZ, if we just want to perform phishing campaign for one department. We can use completing test.

*…show more content…*

Thus, we should analyze the accuracy of sampling method here.

At the first, we should determine use which sampling method. There are four sampling types listed below :

Simple Sampling: It uses a random selection of sample from the population. For example, if we want to select 20 random employees as the sample from the IT department University XYZ: we should use a random-number generator to generate 20 numbers between 1 and 40 and select 20 staffs who belong to these numbers.

Systematic (Interval) Sampling: It uses a systematic approach to select the sample from the population. Systematic sampling is similar with random sampling if the order of the population do not have other meaning. Within this method, the examiner just need to choose an interval and pick accordingly test targets. Using the same example as, if the interval is 1 and we need to pick up 20 staffs of 40 popluation. We just need to pick the staff whose number is 1, 3, 5...39 as the test

*…show more content…*

So, we must test at least 36 staff to get a confidence result (according to the seventh line of the table). It means that, in one phishing campaign case, in order to get the accuracy result with 95% confidence level, we should test 36 staffs of total 40 staffs. If there were 9 people do not pass the phishing campaign test. Because error rate here is 5%. So, we can make a conclusion that there are about 20%-30% (9/36 5%) staffs cannot pass the phishing test. The dis-acceptance rate (20%-30%) is conformed to the 95% populations.

III – Summary (Normal Reader can view this part only)

If we just want to analyze our sponsor’s department. We can test all staffs of them within completing test. In this method, the result will have 100% confidence and do not need other dispose. However, our sponsor want to apply our test result to a larger size such as all staffs in the University XYZ, the sampling test should be used. In the sampling test, in order to make sure that the result is scientifically, 30 test samples only can refer to 35 staffs. Specific to our test result, based on the test result