Issue No. 03 - May/June (2010 vol. 8)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.55
Kjell Hole , University of Bergen
Lars-Helge Netland , Netland Bouvet ASA
Traditional risk assessment methods underestimate the risks of large-impact, hard-to-predict, and rare events in information systems. An alternative approach extends these methods to better evaluate risks associated with black and gray swans. In an example, the authors define a generic model for centralized identity systems. They use the alternative risk assessment approach to compare the total risk of employing a single nationwide identity system with that of employing multiple diverse systems and determine the solution with the least risk for a major stakeholder.
risk assessment, large-impact, hard-to-predict, and rare events, LHR, black swan, gray swan, identity systems
L. Netland and K. Hole, "Toward Risk Assessment of Large-Impact and Rare Events," in IEEE Security & Privacy, vol. 8, no. , pp. 21-27, 2010.