Risk and the Theory of Security Risk Assessment (eBook)
XXIII, 274 Seiten
Springer International Publishing (Verlag)
978-3-030-30600-7 (ISBN)
This book provides the conceptual foundation of security risk assessment and thereby enables reasoning about risk from first principles. It presents the underlying theory that is the basis of a rigorous and universally applicable security risk assessment methodology. Furthermore, the book identifies and explores concepts with profound operational implications that have traditionally been sources of ambiguity if not confusion in security risk management. Notably, the text provides a simple quantitative model for complexity, a significant driver of risk that is typically not addressed in security-related contexts.
Risk and The Theory of Security Risk Assessment is a primer of security risk assessment pedagogy, but it also provides methods and metrics to actually estimate the magnitude of security risk. Concepts are explained using numerous examples, which are at times both enlightening and entertaining. As a result, the book bridges a longstanding gap between theory and practice, and therefore will be a useful reference to students, academics and security practitioners.
Carl S. Young specializes in applying science to information and physical security risk management. He has held senior positions in the US government, the financial sector, consulting and academia. He is the author of three previous textbooks in addition to numerous technical papers, and has been an adjunct professor at the John Jay College of Criminal Justice (CUNY). Mr. Young earned undergraduate and graduate degrees in mathematics and physics from the Massachusetts Institute of Technology (MIT).
Foreword 7
Preface 8
Acknowledgments 10
Introduction 12
Contents 17
About the Author 21
Part I: Security Risk Assessment Fundamentals 22
Chapter 1: Definitions and Basic Concepts 23
1.1 Introduction to Risk and Risk-Relevance 23
1.2 Threat Scenarios and the Components of Risk 29
1.3 The Risk Meter 31
1.4 Introduction to Risk Factors 33
1.5 Threat Incidents and Risk Factor-Related Incidents 36
1.6 Probability v. Potential 37
1.7 The Fundamental Expression of Security Risk 46
1.8 Absolute, Relative and Residual Security Risk 47
1.9 Summary 50
Chapter 2: Risk Factors 51
2.1 Introduction 51
2.2 Definitions and Examples 52
2.3 Apex Risk Factors 56
2.4 Spatial Risk Factors 59
2.5 Temporal Risk Factors 60
2.6 Behavioral Risk Factors 62
2.7 Complexity Risk Factors 63
2.8 Inter-related Risk Factors 63
2.9 Risk Factor Scale and Stability 64
2.10 Summary 67
Chapter 3: Threat Scenarios 69
3.1 Introduction 69
3.2 Static Threat Scenarios 71
3.3 Dynamic Threat Scenarios 72
3.4 Behavioral Threat Scenarios 72
3.5 Complex Threat Scenarios 73
3.6 Random Threat Scenarios 73
3.7 Maximum Threat Scenario Risk 74
3.8 General Threat Scenario Phenomena 76
3.9 A Security Risk Assessment Taxonomy 78
3.10 Summary 80
Chapter 4: Risk, In-Depth 81
4.1 Introduction 81
4.2 Threat Scenario Equivalence and Risk Universality 83
4.3 Direct and Indirect Assessments of Likelihood 89
4.4 Sources of Uncertainty in Estimating Likelihood 91
4.5 Time and Risk 94
4.6 Risk-Relevance 98
4.7 The Confluence of Likelihood Risk Factors 99
4.8 Summary 101
Part II: Quantitative Concepts and Methods 103
Chapter 5: The (Bare) Essentials of Probability and Statistics 104
5.1 Introduction 104
5.2 Probability 106
5.3 Average, Standard Deviation, Variance and Correlation 110
5.4 The Normal and Standard Normal Distributions 112
5.5 The Z-Statistic 117
5.6 Statistical Confidence and the p-value 118
5.7 The Poisson Distribution 125
5.8 Value-at-Risk 127
5.9 Summary 129
Chapter 6: Identifying and/or Quantifying Risk-Relevance 130
6.1 Introduction 130
6.2 Linearity, Non-linearity and Scale 131
6.3 Density 139
6.4 Trends and Time Series 140
6.5 Histograms 142
6.6 Derivatives and Integrals 144
6.7 Correlation and Correlation Coefficients Revisited 146
6.8 Exponential Growth, Decay and Half-Value 147
6.9 Time and Frequency Domain Measurements 151
6.10 Summary 154
Chapter 7: Risk Factor Measurements 155
7.1 Introduction 155
7.2 Spatial Risk Factor Measurements 156
7.3 Temporal Risk Factor Measurements 166
7.4 Behavioral Risk Factor Measurements 170
7.5 Multiple Risk Factors and Uncertainty in Security Risk Management 171
7.6 Summary 173
Chapter 8: Elementary Stochastic Methods and Security Risk 174
8.1 Introduction 174
8.2 Probability Distributions and Uncertainty 177
8.3 Indicative Probability Calculations 180
8.4 The Random Walk 188
8.5 The Probability of Protection 189
8.6 The Markov Process 192
8.7 Time-Correlation Functions and Threat Scenario Stability, 196
8.8 The Convergence of Probability and Potential 202
8.9 Summary 204
Part III: Security Risk Assessment and Management 206
Chapter 9: Threat Scenario Complexity 207
9.1 Introduction to Complexity 207
9.2 Background 208
9.3 Complexity Combinatorics 211
9.4 Information Entropy 216
9.5 Estimates of Threat Scenario Complexity 223
9.6 Complexity Metrics 228
9.7 Temporal Limits on Complexity 231
9.8 Managing Threat Scenario Complexity 232
9.9 Summary 234
Chapter 10: Systemic Security Risk 236
10.1 Introduction 236
10.2 The Risk-Relevance of Assets and Time 237
10.3 Spatial Distribution of Risk Factors: Concentration and Proliferation 238
10.3.1 Concentration 238
10.3.2 Proliferation 239
10.4 Temporal History of Risk Factors: Persistence, Transience and Trending 239
10.4.1 Persistence 240
10.4.2 Transience 241
10.4.3 Trending 242
10.5 Summary 243
Chapter 11: General Theoretical Results 245
11.1 Introduction 245
11.2 Core Principles 246
11.3 Random Threat Scenario Results 248
11.4 Static and Dynamic Threat Scenario Results 248
11.5 Complex Threat Scenario Results 251
11.6 Summary 253
Chapter 12: The Theory, in Practice 254
12.1 Introduction 254
12.2 The Security Risk Management Process 255
12.3 Applying the Theory (1): Information Security Threat Scenarios 259
12.4 Applying the Theory (2): Password Cracking 264
12.5 A Revised Fundamental Expression of Security Risk 270
12.6 Testing for Encryption 273
12.7 The Security Control/Risk Factor Ratio (C/R) 273
12.8 Cost and Constraints in Security Risk Management 274
12.9 Low Likelihood-High Impact Threat Scenarios 275
12.10 Summary 277
Epilogue 279
Appendices 282
Appendix 1: Random Walk Mean and Variance 282
Appendix 2: Time and Ensemble Averages 283
Appendix 3: Theory of Security Risk Assessment Summary Table 285
Erscheint lt. Verlag | 28.1.2020 |
---|---|
Reihe/Serie | Advanced Sciences and Technologies for Security Applications | Advanced Sciences and Technologies for Security Applications |
Zusatzinfo | XXIII, 274 p. 81 illus. |
Sprache | englisch |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Mathematik / Informatik ► Mathematik ► Statistik | |
Naturwissenschaften ► Physik / Astronomie | |
Technik | |
Wirtschaft ► Betriebswirtschaft / Management | |
Schlagworte | Information Security • Physical Security • Quantitative assessments of risks • Security and complexity • security risk assessment • Security risk measurements • Security risk metrics • Security risk models |
ISBN-10 | 3-030-30600-3 / 3030306003 |
ISBN-13 | 978-3-030-30600-7 / 9783030306007 |
Haben Sie eine Frage zum Produkt? |
Größe: 5,7 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich