1 / 5

Unit Outline Quantitative Risk Analysis

Unit Outline Quantitative Risk Analysis. Module 1: Quantitative Risk Analysis and ALE Module 2: Case Study Module 3: Cost Benefit Analysis and Regression Testing Module 4: Modeling Uncertainties  Module 5: Summary. Summary Quantitative Risk Analysis. Risk Exposure

jaxon
Télécharger la présentation

Unit Outline Quantitative Risk Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Unit OutlineQuantitative Risk Analysis Module 1: Quantitative Risk Analysis and ALE Module 2:Case Study Module 3: Cost Benefit Analysis and Regression Testing Module 4: Modeling Uncertainties  Module 5: Summary

  2. SummaryQuantitative Risk Analysis • Risk Exposure • RISK EXPOSURE = RISK IMPACT x RISK PROBABILITY • Annual Loss Expectancy (ALE) • Identify and determine the value of assets • Determine vulnerabilities • Estimate likelihood of exploitation • Compute ALE • Survey applicable controls and their costs • Perform a cost-benefit analysis

  3. SummaryQualitative Risk Analysis • Risk Aggregation: • Optimization • simple formulation • Cost Benefit Analysis • LEVERAGE = (RISK EXPOSUREbefore reduction – RISK EXPOSUREafter reduction) ________________________________________________ COST OF REDUCTION • Decision Tree • Graphical method for cost-benefit analysis • Monte Carlo Simulation • 1)Develop risk model, 2) Define the shape and parameters, 3)Run simulation, 4)Build histogram, 5)Compute summary statistics, 6)Perform sensitivity analysis, 7)Analyze potential dependency relationship

  4. Suggested ReadingQuantitative Risk Analysis • Alberts, C., & Dorofee, A. (2003). Managing Information Security Risks: The OCTAVESM Approach. New York, NY: Addison-Wesley. • Barber, B. and Davey, J. (1992). The use of the CCTA risk analysis and management methodology CRAMM. Proc. MEDINFO92, North Holland, 1589 –1593. • Stolen, K., den Braber, F. & Dimitrakos T. (2002). Model-based Risk Assessment – The CORAS Approach.

  5. AcknowledgementsGrants and Personnel • Support for this work has been provided through grants from the following agencies • National Science Foundation (NSF 0210379) • Department of Education (FIPSE) • Damira Pon, from the Center of Information Forensics and Assurance contributed extensively by reviewing and editing the material • Robert Bangert-Drowns from the School of Education reviewed the material from a pedagogical view. • Melissa Dark & Ting Zhuang from Purdue University provided a critique of the material and facilitated creation of a distance delivery version of the course.

More Related