This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Toward Risk Assessment of Large-Impact and Rare Events
May/June 2010 (vol. 8 no. 3)
pp. 21-27
Kjell Hole, University of Bergen
Lars-Helge Netland, Netland Bouvet ASA
Traditional risk assessment methods underestimate the risks of large-impact, hard-to-predict, and rare events in information systems. An alternative approach extends these methods to better evaluate risks associated with black and gray swans. In an example, the authors define a generic model for centralized identity systems. They use the alternative risk assessment approach to compare the total risk of employing a single nationwide identity system with that of employing multiple diverse systems and determine the solution with the least risk for a major stakeholder.

1. N.N. Taleb, The Black Swan: The Impact of the Highly Improbable, Random House, 2007.
2. N.N. Taleb, "The Fourth Quadrant: A Map of the Limits of Statistics," Edge,15 Sept. 2008; www.edge.org/3rd_culture/taleb08taleb08_index.html .
3. N.N. Taleb, "The A Priori Problem of Observed Probabilities," unpublished manuscript; www.fooledbyrandomness.comcentral.pdf.
4. D.W. Hubbard, The Failure of Risk Management, Wiley, 2009.
5. B.J. Garrick, Catastrophic Risk, Academic Press, 2008.
6. D.E. Geer, "Monoculture on the Back of the Envelope," ;login:, vol. 30, no. 6, 2005, pp. 6–8; www.usenix.net/publications/login/2005-12/ openpdfsgeer.pdf.
7. D.E. Geer, "Dan Geer Keynote," Source 2008 Conf., 13 Mar. 2008; http://geer.tinho.netgeer.sourceboston.txt .
8. F. Cohen, "Risk Management: There Are No Black Swans," Fred Cohen & Associates: Analyst Report and Newsletter, no. 4, 2009; www.all.net/Analyst2009-04.pdf.
9. Verizon Business RISK Team, 2009 Data Breach Investigations Report; www.verizonbusiness.com/resources/security/ reports2009_databreach_rp.pdf.
10. T. Aven and J.E. Vinnem, Risk Management, Springer, 2007.
11. S.E. Page, The Difference: How the Power of Diversity Creates Better Groups, Firms, Schools, and Societies, Princeton Univ. Press, 2007.
12. G. Fairtlough, The Three Ways of Getting Things Done, Int'l Ed., Triarchy Press, 2007.
13. The Identity Project—An Assessment of the UK Identity Cards Bill and Its Implications, London School of Economics report, version 1.09, 27 June 2005; www.identityproject.lse.ac.ukidentityreport.pdf .
14. Identity Cards Scheme Cost Report, Home Office: Identity & Passport Service, May 2008.
15. Analysing the Home Office's May 2008 Identity Cards Cost Report, London School of Economics, May 2008; www.identityproject.lse.ac.uks37Response4.pdf .
16. 2008 Annual Study: Cost of a Data Breach, Ponemon Inst., Feb. 2009.

Index Terms:
risk assessment, large-impact, hard-to-predict, and rare events, LHR, black swan, gray swan, identity systems
Citation:
Kjell Hole, Lars-Helge Netland, "Toward Risk Assessment of Large-Impact and Rare Events," IEEE Security & Privacy, vol. 8, no. 3, pp. 21-27, May-June 2010, doi:10.1109/MSP.2010.55
Usage of this product signifies your acceptance of the Terms of Use.