Statistical Analysis of Texas Hold’em
I just came across an interesting paper by application security consultants Cigital that tries to determine whether poker is a mainly game of skill or chance. Their conclusion is that it's mainly a game of skill. Here's how the executive summary of this paper describes what they found:
The effect of luck (i.e., the dealing of the cards) in Texas Hold’Em is a subject of much debate in the legal community. This study seeks to establish clear numbers derived from a significant sample of actual play. This study does not quantify the effect that luck has on Texas Hold’Em, but it provides compelling statistics about the way that the outcomes of games are largely determined by players’ decisions rather than chance.
Cigital examined 103 million hands of Texas Hold’Em poker played at PokerStars. In the majority of cases, 75.7% of the time, the game’s outcome is determined with no player seeing more than his/her own cards and some or all of the community cards. In these games all players fold to a single remaining player who wins the pot. In the 24.3% of cases that see a showdown (where cards are revealed to determine a winner), only 50.3% of showdowns are won by the player who could make the best 5-card hand. The other roughly half of the showdowns are won by someone with an inferior 5-card hand because the player with the best 5-card hand folded prior to showdown.
Much like poker, information security also deals with making decisions in the face of uncertainty, so a reasonable question to ask is: Is luck or skill more important in information security? Is it possible to make 75.7% of hackers not even try to attack your systems because they think that it's a waste of time because your security would be too tough for them to crack? And if that's possible, exactly how would you do it?