Issue No.03 - May/June (2010 vol.8)
Kjell Hole , University of Bergen
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.55
Traditional risk assessment methods underestimate the risks of large-impact, hard-to-predict, and rare events in information systems. An alternative approach extends these methods to better evaluate risks associated with black and gray swans. In an example, the authors define a generic model for centralized identity systems. They use the alternative risk assessment approach to compare the total risk of employing a single nationwide identity system with that of employing multiple diverse systems and determine the solution with the least risk for a major stakeholder.
risk assessment, large-impact, hard-to-predict, and rare events, LHR, black swan, gray swan, identity systems
Kjell Hole, "Toward Risk Assessment of Large-Impact and Rare Events", IEEE Security & Privacy, vol.8, no. 3, pp. 21-27, May/June 2010, doi:10.1109/MSP.2010.55