E-Book, Englisch, 286 Seiten
Reihe: Physics and Astronomy
Young Risk and the Theory of Security Risk Assessment
1. Auflage 2020
ISBN: 978-3-030-30600-7
Verlag: Springer Nature Switzerland
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 286 Seiten
Reihe: Physics and Astronomy
ISBN: 978-3-030-30600-7
Verlag: Springer Nature Switzerland
Format: PDF
Kopierschutz: 1 - PDF Watermark
This book provides the conceptual foundation of security risk assessment and thereby enables reasoning about risk from first principles. It presents the underlying theory that is the basis of a rigorous and universally applicable security risk assessment methodology. Furthermore, the book identifies and explores concepts with profound operational implications that have traditionally been sources of ambiguity if not confusion in security risk management. Notably, the text provides a simple quantitative model for complexity, a significant driver of risk that is typically not addressed in security-related contexts. Risk and The Theory of Security Risk Assessment is a primer of security risk assessment pedagogy, but it also provides methods and metrics to actually estimate the magnitude of security risk. Concepts are explained using numerous examples, which are at times both enlightening and entertaining. As a result, the book bridges a longstanding gap between theory and practice, and therefore will be a useful reference to students, academics and security practitioners.
Carl S. Young specializes in applying science to information and physical security risk management. He has held senior positions in the US government, the financial sector, consulting and academia. He is the author of three previous textbooks in addition to numerous technical papers, and has been an adjunct professor at the John Jay College of Criminal Justice (CUNY). Mr. Young earned undergraduate and graduate degrees in mathematics and physics from the Massachusetts Institute of Technology (MIT).
Autoren/Hrsg.
Weitere Infos & Material
1;Foreword;7
2;Preface;8
3;Acknowledgments;10
4;Introduction;12
5;Contents;17
6;About the Author;21
7;Part I: Security Risk Assessment Fundamentals;22
7.1;Chapter 1: Definitions and Basic Concepts;23
7.1.1;1.1 Introduction to Risk and Risk-Relevance;23
7.1.2;1.2 Threat Scenarios and the Components of Risk;29
7.1.3;1.3 The Risk Meter;31
7.1.4;1.4 Introduction to Risk Factors;33
7.1.5;1.5 Threat Incidents and Risk Factor-Related Incidents;36
7.1.6;1.6 Probability v. Potential;37
7.1.7;1.7 The Fundamental Expression of Security Risk;46
7.1.8;1.8 Absolute, Relative and Residual Security Risk;47
7.1.9;1.9 Summary;50
7.2;Chapter 2: Risk Factors;51
7.2.1;2.1 Introduction;51
7.2.2;2.2 Definitions and Examples;52
7.2.3;2.3 Apex Risk Factors;56
7.2.4;2.4 Spatial Risk Factors;59
7.2.5;2.5 Temporal Risk Factors;60
7.2.6;2.6 Behavioral Risk Factors;62
7.2.7;2.7 Complexity Risk Factors;63
7.2.8;2.8 Inter-related Risk Factors;63
7.2.9;2.9 Risk Factor Scale and Stability;64
7.2.10;2.10 Summary;67
7.3;Chapter 3: Threat Scenarios;69
7.3.1;3.1 Introduction;69
7.3.2;3.2 Static Threat Scenarios;71
7.3.3;3.3 Dynamic Threat Scenarios;72
7.3.4;3.4 Behavioral Threat Scenarios;72
7.3.5;3.5 Complex Threat Scenarios;73
7.3.6;3.6 Random Threat Scenarios;73
7.3.7;3.7 Maximum Threat Scenario Risk;74
7.3.8;3.8 General Threat Scenario Phenomena;76
7.3.9;3.9 A Security Risk Assessment Taxonomy;78
7.3.10;3.10 Summary;80
7.4;Chapter 4: Risk, In-Depth;81
7.4.1;4.1 Introduction;81
7.4.2;4.2 Threat Scenario Equivalence and Risk Universality;83
7.4.3;4.3 Direct and Indirect Assessments of Likelihood;89
7.4.4;4.4 Sources of Uncertainty in Estimating Likelihood;91
7.4.5;4.5 Time and Risk;94
7.4.6;4.6 Risk-Relevance;98
7.4.7;4.7 The Confluence of Likelihood Risk Factors;99
7.4.8;4.8 Summary;101
8;Part II: Quantitative Concepts and Methods;103
8.1;Chapter 5: The (Bare) Essentials of Probability and Statistics;104
8.1.1;5.1 Introduction;104
8.1.2;5.2 Probability;106
8.1.3;5.3 Average, Standard Deviation, Variance and Correlation;110
8.1.4;5.4 The Normal and Standard Normal Distributions;112
8.1.5;5.5 The Z-Statistic;117
8.1.6;5.6 Statistical Confidence and the p-value;118
8.1.7;5.7 The Poisson Distribution;125
8.1.8;5.8 Value-at-Risk;127
8.1.9;5.9 Summary;129
8.2;Chapter 6: Identifying and/or Quantifying Risk-Relevance;130
8.2.1;6.1 Introduction;130
8.2.2;6.2 Linearity, Non-linearity and Scale;131
8.2.3;6.3 Density;139
8.2.4;6.4 Trends and Time Series;140
8.2.5;6.5 Histograms;142
8.2.6;6.6 Derivatives and Integrals;144
8.2.7;6.7 Correlation and Correlation Coefficients Revisited;146
8.2.8;6.8 Exponential Growth, Decay and Half-Value;147
8.2.9;6.9 Time and Frequency Domain Measurements;151
8.2.10;6.10 Summary;154
8.3;Chapter 7: Risk Factor Measurements;155
8.3.1;7.1 Introduction;155
8.3.2;7.2 Spatial Risk Factor Measurements;156
8.3.3;7.3 Temporal Risk Factor Measurements;166
8.3.4;7.4 Behavioral Risk Factor Measurements;170
8.3.5;7.5 Multiple Risk Factors and Uncertainty in Security Risk Management;171
8.3.6;7.6 Summary;173
8.4;Chapter 8: Elementary Stochastic Methods and Security Risk;174
8.4.1;8.1 Introduction;174
8.4.2;8.2 Probability Distributions and Uncertainty;177
8.4.3;8.3 Indicative Probability Calculations;180
8.4.4;8.4 The Random Walk;188
8.4.5;8.5 The Probability of Protection;189
8.4.6;8.6 The Markov Process;192
8.4.7;8.7 Time-Correlation Functions and Threat Scenario Stability,;196
8.4.8;8.8 The Convergence of Probability and Potential;202
8.4.9;8.9 Summary;204
9;Part III: Security Risk Assessment and Management;206
9.1;Chapter 9: Threat Scenario Complexity;207
9.1.1;9.1 Introduction to Complexity;207
9.1.2;9.2 Background;208
9.1.3;9.3 Complexity Combinatorics;211
9.1.4;9.4 Information Entropy;216
9.1.5;9.5 Estimates of Threat Scenario Complexity;223
9.1.6;9.6 Complexity Metrics;228
9.1.7;9.7 Temporal Limits on Complexity;231
9.1.8;9.8 Managing Threat Scenario Complexity;232
9.1.9;9.9 Summary;234
9.2;Chapter 10: Systemic Security Risk;236
9.2.1;10.1 Introduction;236
9.2.2;10.2 The Risk-Relevance of Assets and Time;237
9.2.3;10.3 Spatial Distribution of Risk Factors: Concentration and Proliferation;238
9.2.3.1;10.3.1 Concentration;238
9.2.3.2;10.3.2 Proliferation;239
9.2.4;10.4 Temporal History of Risk Factors: Persistence, Transience and Trending;239
9.2.4.1;10.4.1 Persistence;240
9.2.4.2;10.4.2 Transience;241
9.2.4.3;10.4.3 Trending;242
9.2.5;10.5 Summary;243
9.3;Chapter 11: General Theoretical Results;245
9.3.1;11.1 Introduction;245
9.3.2;11.2 Core Principles;246
9.3.3;11.3 Random Threat Scenario Results;248
9.3.4;11.4 Static and Dynamic Threat Scenario Results;248
9.3.5;11.5 Complex Threat Scenario Results;251
9.3.6;11.6 Summary;253
9.4;Chapter 12: The Theory, in Practice;254
9.4.1;12.1 Introduction;254
9.4.2;12.2 The Security Risk Management Process;255
9.4.3;12.3 Applying the Theory (1): Information Security Threat Scenarios;259
9.4.4;12.4 Applying the Theory (2): Password Cracking;264
9.4.5;12.5 A Revised Fundamental Expression of Security Risk;270
9.4.6;12.6 Testing for Encryption;273
9.4.7;12.7 The Security Control/Risk Factor Ratio (C/R);273
9.4.8;12.8 Cost and Constraints in Security Risk Management;274
9.4.9;12.9 Low Likelihood-High Impact Threat Scenarios;275
9.4.10;12.10 Summary;277
10;Epilogue;279
11;Appendices;282
11.1;Appendix 1: Random Walk Mean and Variance;282
11.2;Appendix 2: Time and Ensemble Averages;283
11.3;Appendix 3: Theory of Security Risk Assessment Summary Table;285
