1 / 17

Risk Analysis and the Security Survey 3rd edition

Risk Analysis and the Security Survey 3rd edition. Chapter 3 Risk Measurement. Risk measurement used later to determine the cost of an unfavorable event; Aids in predicting how often an event may occur in a given time period; Two necessities: Quantitative means to express cost;

dorian-raymond
Download Presentation

Risk Analysis and the Security Survey 3rd edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Analysis and the Security Survey 3rd edition Chapter 3 Risk Measurement

  2. Risk measurement used later to determine the cost of an unfavorable event; Aids in predicting how often an event may occur in a given time period; Two necessities: Quantitative means to express cost; Logical expression of frequency of occurrence; Year most logical time period because of budget cycles. Risk MeasurementIntroduction

  3. Unnecessary to make precise statements of impact and probability; Impact and frequency simplified into factors of 10; Cost Valuation & Frequency of Occurrence

  4. If the cost valuation (impact) of the event is: Cost Valuation & Frequency of Occurrence

  5. If the estimated frequency of occurrence is: Cost Valuation & Frequency of Occurrence

  6. Annual loss expectancy (ALE) is the product of impact and frequency. When using the values of f and i derived from the conversion tables, you can approximate the value of ALE by the formula: Cost Valuation & Frequency of Occurrence

  7. ALE=10(f+i-3)/3 i = cost valuation (impact); If $10 value then i=1 to $100,000,000 then i = 8; f = frequency of occurrence; If occurs once in 3,00 years then f = 1 to 100 times/day then f = 8; Cost Valuation & Frequency of Occurrence

  8. Alternate method: Cost Valuation & Frequency of Occurrence

  9. Commonality of events; Access; Natural disasters; Environmental hazards; Facility housing; Work environment; Value. Cost Valuation & Frequency of Occurrence

  10. Risk is the possible happening of an undesirable event; An event is a definable occurrence - described in two ways: In terms of the damage it will present; In terms of the probability of its occurrence. Principals of Probability

  11. A Risk is described in terms of its potential occurrence and its capacity for potential loss. Probability is the study of the possibility of occurrence. Probability based on philosophical proofs. Derived in 1792 by the Marquis de Laplace. Not based on mathematical proofs. 10 principals: Principals of Probability

  12. The goal of security design is to decrease the ratio of unfavorable events to total events. Similar events in different locations – add the ratios of favorable cases where the probabilities are different. Two events that have no relation to each other are considered to be independent. Applies to Principal #3. Probability, Risk, and Security

  13. Examples: Lightning striking twice. Security penetration and simultaneous security system failure. Principle 4 expresses the relation between dependent events (probability of the first event is multiplied by the probability of the second event if the second event). Example: Breaking and entering followed by theft, to produce a burglary. Probability, Risk, and Security

  14. Past events do not affect future events (principal #5). Cannot assume that a security breach will not occur again. Probabilities of events are not guarantees. Principal #6 describes the relation between all causes and probable causes. Example: Circumstantial evidence. Probability, Risk, and Security

  15. Principal 7 involves the basis of confidence limits. Mathematical hope relates the potential gain to the probability of obtaining the gain (principal 8). Allows the utility of a procedure to be expressed in monetary and probabilistic terms. Probability, Risk, and Security

  16. Principle 9 allows for the fact that any solution to a problem introduces risk (i.e., it may fail). Principle 10 relates the amount and potential of risk to the wealth of the protected entity. Solution could be to do nothing. Probability, Risk, and Security

  17. Loss expectancy can be projected with a satisfactory degree of confidence. Must have sufficiently large database or becomes educated guess. Estimating Frequency of Occurrence

More Related