1 / 20

Terrorism Risk Management

Terrorism Risk Management. Book: Bayesian Networks: Practical Guide Application Edited By : Olivier Pourret Chapter : 14:. Authors of the Paper: David C. Daniels Linwood D.Hudson Kathryn B. Laskey Suzanne M. Mahoney Bryan S. Ware

asha
Télécharger la présentation

Terrorism Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Terrorism Risk Management Book: Bayesian Networks: Practical Guide Application Edited By : Olivier Pourret Chapter : 14: Authors of the Paper: David C. Daniels Linwood D.Hudson Kathryn B. Laskey Suzanne M. Mahoney Bryan S. Ware Edward J. Wright

  2. Introduction • The U.S military defines Antiterrorism as the defensive posture taken against terrorist threats • Antiterrorism includes • Fostering awareness of potential threats, • Deterring aggressors, • Developing security measures, • Planning for future events, • Prohibition of an event in process and • Mitigating and managing the consequences of an event.

  3. A key element of an en effective antiterrorist strategy is evaluating individual sites or assets for terrorist risk • Assessing the threat of a terrorist attack requires combining information from multiple disparate sources involving intrinsic uncertainties • Terrorism Risk Management due to this inherent uncertainty becomes a natural domain for application of Bayesian Networks

  4. Topics Covered • Methodologies that have been applied to Terrorism Risk Management • Strengths and Weaknesses of each methodology • How BN addresses all the weaknesses • Description of Site Profiler Installation Security Planner (ISP) suite for risk managers and security planners to evaluate risk of a terrorist attack • Software Implementation of Risk Influence Network

  5. What is Risk ? • Risk: possibility of suffering from any type of harm or loss to individual, organization or entire society • Risk Management: Identifying and implementing policies to protect against a risk • Degree of Risk: • Measure of Adverse Effect: • Monitory Loss • Non monitory such as death, suffering etc Likelihood of event * Measure of Adverse Effect

  6. Terrorism Risk Management Methodologies • Risk Mnemonics • Algebraic Expressions of Risk • Fault Trees • Simulations Risk= Threat *Vulnerability*Consequence

  7. Risk Mnemonics • CARVER : Criticality , Accessibility, Recognizability, Vulnerability, Effect and Recoverability

  8. Algebraic Expressions of Risk

  9. Other Approaches • Fault Trees: • Assumes a threat baseline and uses decision paths to evaluate the probabilities and outcomes of different outcomes e.g OCTAVE • Simulations: Focus on the consequences of terrorist attack and most are applicable to specific type of assets and threat scenarios

  10. Site Profiler Approach to Terrorism Risk Management • An Asset risk management program that has been designed to evaluate the risk of terrorist attack. • Methodology employs a knowledge-base Bayesian Network construction to combine evidence from analytical models, simulations, historical data and user judgments

  11. Why Site Profiler? • Individuality of Risk Scenarios • Intrinsic Uncertainty • Defensible Methodology • Flexibility • Modifiability, maintainability and Extensibility • Customization • Usability • Portfolio management • Tractability

  12. Why Bayesian Networks ? • Analytical Method for quantitative assessment of risks • Coherent means of combining objective and subjective data • Well suited for complex problem solving involving large number of interrelated uncertain variables • Logically coherent calculus • Tractable algorithms exist for calculating and updating evidential support • BN can combine inputs from diverse sources

  13. Bayesian Networks for Analyzing Risk • Clusters of variables for a particular domain • These clusters are used to define BN fragments • For example: Clusters of variables corresponding to characteristics of valuable asset. Fragment is created corresponding to the concept of an asset • If some uncertain variable is related more than one type of entity we name it relational entity type to representing pairing • Each fragment is Manageable and tested independently

  14. Risk Influence Network • The heart of Site Profiler is Risk Influence Network • It is a Bayesian network constructed on a fly from knowledge base of BN Fragments • Used to assess relative risk of an attack against an asset by a specific threat

  15. Steps Involved • Knowledge Representation (MEBN) MEBN is not a computer language such as Java or C++, or an application such as Netica or Hugin. Rather, it is formal system that instantiates first-order Bayesian logic That is, MEBN provides syntax, a set of model construction and inference processes, and semantics that together provide a means of defining probability distributions over unbounded and possibly infinite numbers of interrelated hypotheses.

  16. Knowledge-base development Concept Definition: • Data Physical and Domain data • MFRagfor seven type of entities • Assets, Threats, Tactics, Weapon systems, Targets, • attacks and Attack Consequences Formal Definition and Analysis Subsection review by Experts Scenario Elicitation and Revision Implementation (cRIN and uRIN) Operational Revision

  17. Software Implementation • Uses Object Oriented Database to manage Mfrag • Mfrag: Like a BN, an MFrag contains nodes, which represent Random Variables, arranged in a directed graph whose edges represent direct dependence relationships. Context Nodes Input Nodes Resident Nodes

  18. RIN • Bayesian Attributes, Objects and Domain Objects • RIN Structure

  19. The Site Profiler domain objects combine to describe risk • Assets and Threats combine to form Targets • When targets created from Threat-Asset pair an instance of RIN is created • Mfrag for Assets: how critical the asset is to the organization, how desirable to enemy and how soft accessible it is • Mfrag for Threats: how plausible the tactic and weapon are, intent of an actor to target, the asset types most likely to target • These Risk Elements combine to form the key Nodes for Target: Likelihood of an event, Susceptibility of an asset to an event, the consequences of the event and ultimately risk of the event

  20. Conclusion • Site Profiler Knowledge-base is essential decision support for assessing terrorist threats • BN approaches not found to be selling point • Many people ask wrong questions • Power of BN comes from ability to ask: What are the factors that make risk high or low?

More Related