290 likes | 446 Views
Security and Technology (WM0823TU) Lecture 12: Wrapup and Preparation for the Exam. Jan van den Berg. Email: j.vandenberg@tudelft.nl. Home page: http://www.tbm.tudelft.nl/live/pagina.jsp?id=352a81e9-563c-4098-8a54-d424dbc1e41b&lang=en.
E N D
Security and Technology (WM0823TU) Lecture 12: Wrapup and Preparation for the Exam Jan van den Berg Email: j.vandenberg@tudelft.nl Home page:http://www.tbm.tudelft.nl/live/pagina.jsp?id=352a81e9-563c-4098-8a54-d424dbc1e41b&lang=en Faculty of Technology, Policy and Management
Agenda • Wrapup • Why?: we live in a Society at Risk • What?: we like to realize a Risk Society • How?: we need appropriate methodologies • Main results/conclusions • Preparation for the Exam
Our Society and its Risks • Society is based on complex (critical) infrastructures that often apply sophisticated technology: • (inter)national water andenergy supply - • production factories - • (inter)national supply chain + • public transport services - • healthcare system - • Internet and other ICT services + • financial services + • river and sea flooding defense system + • first aid services: fire brigade, police, ambulance + • … • Infrastructures are often highly interdependent
Earth physical: road, water physical: mechanical physical: electricity physical: hardware virtual: software Infrastructures, example • Strongly interweaved • Many SPOFs (single points of failure)
Society at risk • Due to unintentional threats or hazards like natural disasters, human errors, technical failures, …, our society has safety problems: safety awareness already exists for many years • Due to intentional threats like terrorism, smuggle, theft, fraud, …, our society has security problems: security awareness got a strong wakeup call on Sept 11, 2001 (9/11) • in short, our society is (and will be) at risk =our society is in a permanent state of risk, also as a consequence of a long modernization process • our preparedness on dealing with security risks is less developed than that on safety risks
Agenda • Wrapup • Why?: we live in a Society at Risk • What?: we like to realize a Risk Society • How?: we need appropriate methodologies • Main results/conclusions • Preparation for the Exam
Risk Society • A Risk Society [Beck, 1992] is a society organized in response to risk: “it is a society that, unlike any preceding culture, lives in the future rather than the past” [http://en.wikipedia.org/wiki/Risk_society] • Assumption: despite all kinds of activities, our current society has not achieved that state; the following incidents support this claim: • world-wide financial crises still occur at regular moments in time … • idem, floodings often occur: New Orleans, Pakistan, Eastern Europe, … • idem, information security breaches: Internet was not designed having risk in mind and we experiencing a lot of trouble at daily basis… • idem, unexpected high-impact security incidents sometimes occur like 9/11, suicidal bombing attacks in air planes and on crowed markets, … • idem, sometimes energy supply is in danger: oil crisis in the 70ies, electricity power failures, …
Our focus: risks in infrastructures • (Technical) infrastructures (that strongly depend on technology), specifically those related to • financial services: market and credit risk (lectures 2 and 3) • Internet as part of the real life: human values’ risks (lecture 4) • general information services: CIAA risks (lecture 5 and 6) • information quality risks for first aid agencies (lecture 8) • S&S risks in the supply chain (lecture 9) • risks related to flooding/water defense infrastructures (lecture 10 and 11) • In addition there was a Masterclass (lecture 7) on safety science focusing on human, machine, context • Ourmain concern:risks and appropriate countermeasures • NOT: which measures are cost-effective?(for example: we ignored the important ROI question of ‘return on SSJ-investments’…, which concerns an additional concern and topic of research!)
What’s the problem?, 1st conceptualization • We all strongly depend on many resources including other people, nature, devices, services, money, … at all kinds of scales (in your house, city, province, land, continent, world, …) • Sometimes, the word capabilities is used instead referring to human capabilities, economic forces (capital, labor, nature, information), ... valuable resource or capability • Threats or hazards like… may menace these resources/capabilities (you name it!) • Vulnerabilities (in the defense) of a resource let the threats result (with a certain probability) in incidents having a certain impact: there is a RISK!! • Due to the risk certain, possibly overlapping, measures are taken (concerns the how): preventative, detective and corrective threats measures
Agenda • Wrapup • Why?: we live in a Society at Risk • What?: we like to realize a Risk Society • How?: we need appropriate methodologies • Main results/conclusions • Preparation for the Exam
Methodologies, basic steps • We need first to analyse risks of the SSJ problem at stake • If they are unacceptably high, we need to design and implementcountermeasures • Here the (not-discussed) problem of ROI becomes important (!): e.g., recent insights in future sea water heights should result into a new Deltaplan for the NLs? • Source of figure 7
Analysing risks • To assess risks (which do have an uncertainty component), probabilistic models are the standard approach: • Fault trees include probabilities: collapse of dikes, nuclear power stations, working failure of a surge barrier, … • Event trees include probabilities: possible consequences of a big train accident, nuclear bomb, oil pipe burst, poisoned mud distribution, eruption of a vulcano, … • Market risk in finance: portfolio optimization (e.g., efficient frontier line) • Idem credit risks (and operational risks) • Idem flooding risks: Monte Carlo simulation • Idem … • Nota bene: probabilistic models need data to induce statistical conclusions • To analyse models’ robustness, additional sensitivity analysis is crucial
Risk calculation and bow-tie model • Risk = Expected Loss = ipix li • Reducing pi concerns all measures of lowering the probability of the occurrence of a critical event/security incident i • So, reducing pi concerns the left part in bow-tie model (!) • fault-tree analysis:this concerns a deductive reasoning scheme based on a tree with and and or gates • In deductive reasoning,a conclusion necessarilyfollows from its premises
Risk calculation and bow-tie model, cont. • Risk = Expected Loss = ipix li • Reducing li concerns all measures of lowering the impacts/consequences of an occurring critical event/security incident i • So, reducing li concerns the right part in bow-tie model (!) • event tree: this concerns an (often probabilistic !! ) inductive decomposition of possible consequences, againstwhich certain measures are taken • In inductive reasoning, the conclusion may follow from its premises (but this is not sure)
Modeling risk, cont. • In a world of infinity possible losses where we define a loss distribution f (l ) of all possible losses l, then the risk = expected loss is given by risk = ∫ f (l ) l dl • There exist other definitions of risks like volatility and VAR • Not all risks can (easily) be quantified, especially risks related to human capabilities and/or assets w.r.t. human values (privacy breaches, reputation loss, loss of democratic and other human rights, …)
Risks in business • An enterprise architecture approach may help to identify the most relevant risks • An example concerns the estimation of the impact of information security breaches (CIAA) • Understanding the dependence of crucial business processes on certain business information assets is key
Dealing with risk • If risks are considered to be too high, they should be managed risk management • Risk/Security management roughly concerns the (often dynamic) process of • acceptable risk definition: defining what is an acceptable level of risk in a given environment • risk analysis: analyzing the expected impact of all possible incidents in that environment • countermeasures’ design: taking measures to reduce the risk to the defined/decided acceptable level
Dealing with risk: taking measures • Measures are organisational (80%) and technical (20%) • Finding appropriate (technical and organisational) measures (to deal with the risk in infrastructures) concerns design science, the science of creating an (organisational or technical) artefact • Artefacts include frameworks, best practices, technological structures/infrastructures/innovations, … • Design science differs from classical science where truth finding is the main goal • The seven guidelines (according to Hevner et al., 2004)for designing an artifact are(1) problem relevance, (2) research rigor, (3) design as a search process, (4) design as an artifact, (5) design evaluation, (6) research contributions, and (7) research communication
Taking countermeasures, examples • Appropriate countermeasures of often consist of (regularly updated) best (engineering) practices: • Waterwork infrastructures like Deltaworks, barrages, locks • Polder-boards (waterschappen) use centuries-old experience • BS7799, a set of best practices for information security • Basel Committee of Banking Supervision: buffer capital requirements a.o. • ROBECO engineers for financial assets management • Integrated ICT-solutions for adequate information supply • …
Agenda • Wrapup • Why?: we live in a Society at Risk • What?: we like to realize a Risk Society • How?: we need appropriate methodologies • Main results/conclusions • Preparation for the Exam
S&S research • Safety science has a long history • Security science (due to partially new, dynamically changing, technology-based intentional threats) is a relatively new topic of research • SSJ topics in the technology domain are fundamentally multidisciplinary solving them concerns the science of truly integrating views from different disciplines (which is no sinecure!!!: look at the content of this course) • Multiactor analysis (not much covered here) is often essential
Agenda • Wrapup • Why?: we live in a Society at Risk • What?: we like to realize a Risk Society • How?: we need appropriate methodologies • Main results/conclusions • Preparation for the Exam
How to study • PPT presentations, with references to underlying material like articles, wikipedia, reports, theses; • Understanding the concepts is key, not the skills to perform sophisticated calculations…
Example questions at the exam Dit vraagstuk betreft risico-aspecten in de financiële wereld: a) Soms wordt risk in de financiële wereld gelijkgesteld aan volatility. Wat houdt het begrip volatility in en wat is het risico-karakter ervan? b) Leg uit wat het begrip ‘value-at-risk’ inhoudt. Geef ook een voorbeeld. c) Leg uit wat het begrip ‘operational risk’ inhoudt. Geef ook een voorbeeld d) Wat houdt de ‘efficiënte markt hypothese’ in en welke beleggingsstrategie wordt gekozen door iemand die er wel, respectievelijk niet, in gelooft?
Example questions at the exam, cont. Onderstaande vragen gaan over risico-aspecten rond data en informatie. • a) Wat zijn binnen het vakgebied van de ‘information security’ de meest gehanteerde basale risicoaspecten? Leg ook van elk aspect uit wat de betekenis ervan is. • b) Licht kort de security services ‘identification’, ‘authentication’ en ‘access control’ toe. • c) Noem 4 security mechanismes om authenticatie mee te implementeren • d) Welke risicoaspecten kent de ICT-infrastructuur genaamd ‘Internet’ naast de aspecten die bij vraag 2a) zijn bedoeld?
Example questions at the exam, cont. • Other questions may concern methodological aspects and concepts related to • Bow-tie model • Monte Carlo simulations • Best (engineering) practices
To finalize • Hopefully you enjoyed it! • Good luck with • the exam • your carrier (in SSJ) • your life in general…!