The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May/June (2010 vol.8)
pp: 21-27
Kjell Hole , University of Bergen
Lars-Helge Netland , Netland Bouvet ASA
ABSTRACT
Traditional risk assessment methods underestimate the risks of large-impact, hard-to-predict, and rare events in information systems. An alternative approach extends these methods to better evaluate risks associated with black and gray swans. In an example, the authors define a generic model for centralized identity systems. They use the alternative risk assessment approach to compare the total risk of employing a single nationwide identity system with that of employing multiple diverse systems and determine the solution with the least risk for a major stakeholder.
INDEX TERMS
risk assessment, large-impact, hard-to-predict, and rare events, LHR, black swan, gray swan, identity systems
CITATION
Kjell Hole, Lars-Helge Netland, "Toward Risk Assessment of Large-Impact and Rare Events", IEEE Security & Privacy, vol.8, no. 3, pp. 21-27, May/June 2010, doi:10.1109/MSP.2010.55
REFERENCES
1. N.N. Taleb, The Black Swan: The Impact of the Highly Improbable, Random House, 2007.
2. N.N. Taleb, "The Fourth Quadrant: A Map of the Limits of Statistics," Edge,15 Sept. 2008; www.edge.org/3rd_culture/taleb08taleb08_index.html .
3. N.N. Taleb, "The A Priori Problem of Observed Probabilities," unpublished manuscript; www.fooledbyrandomness.comcentral.pdf.
4. D.W. Hubbard, The Failure of Risk Management, Wiley, 2009.
5. B.J. Garrick, Catastrophic Risk, Academic Press, 2008.
6. D.E. Geer, "Monoculture on the Back of the Envelope," ;login:, vol. 30, no. 6, 2005, pp. 6–8; www.usenix.net/publications/login/2005-12/ openpdfsgeer.pdf.
7. D.E. Geer, "Dan Geer Keynote," Source 2008 Conf., 13 Mar. 2008; http://geer.tinho.netgeer.sourceboston.txt .
8. F. Cohen, "Risk Management: There Are No Black Swans," Fred Cohen & Associates: Analyst Report and Newsletter, no. 4, 2009; www.all.net/Analyst2009-04.pdf.
9. Verizon Business RISK Team, 2009 Data Breach Investigations Report; www.verizonbusiness.com/resources/security/ reports2009_databreach_rp.pdf.
10. T. Aven and J.E. Vinnem, Risk Management, Springer, 2007.
11. S.E. Page, The Difference: How the Power of Diversity Creates Better Groups, Firms, Schools, and Societies, Princeton Univ. Press, 2007.
12. G. Fairtlough, The Three Ways of Getting Things Done, Int'l Ed., Triarchy Press, 2007.
13. The Identity Project—An Assessment of the UK Identity Cards Bill and Its Implications, London School of Economics report, version 1.09, 27 June 2005; www.identityproject.lse.ac.ukidentityreport.pdf .
14. Identity Cards Scheme Cost Report, Home Office: Identity & Passport Service, May 2008.
15. Analysing the Home Office's May 2008 Identity Cards Cost Report, London School of Economics, May 2008; www.identityproject.lse.ac.uks37Response4.pdf .
16. 2008 Annual Study: Cost of a Data Breach, Ponemon Inst., Feb. 2009.
13 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool