1 / 14

Unit Outline Quantitative Risk Analysis

Unit Outline Quantitative Risk Analysis. Module 1: Quantitative Risk Analysis and ALE Module 2: Case Study Module 3: Cost Benefit Analysis and Regression Testing  Module 4: Modeling Uncertainties Module 5: Summary. Module 4 Modeling Uncertainties.

jed
Download Presentation

Unit Outline Quantitative Risk Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unit OutlineQuantitative Risk Analysis Module 1: Quantitative Risk Analysis and ALE Module 2:Case Study Module 3: Cost Benefit Analysis and Regression Testing  Module 4: Modeling Uncertainties Module 5: Summary

  2. Module 4Modeling Uncertainties

  3. Modeling UncertaintiesLearning Objectives • Students should be able to: • Identify ways to model uncertainty in risk. • Understand the Monte Carlo Simulation approach. • Recognize how to model valuation of assets, frequency of threats, impact of threats, controls, and distribution of risk exposure. • Understand how to perform a sensitivity analysis for risk exposure

  4. Modeling UncertaintiesModeling Uncertainties • Uncertainty exists regarding value that should be assumed by one or more independent variables in the Risk Model. • Contributions to the model’s uncertainty • Lack of knowledge about particular values • Knowledge that some values might always vary • If it cannot be determined with certainty what value one or more input variables in a model will assume, this uncertainty is naturally reflected on the outcome of the dependent variable(s). • The risk metric is: • not determined by the value of its independent variables (asset values and vulnerabilities, frequency and impact of threats) • a function of the probability distribution of each of these random variables • A good approach to dealing with uncertainty >> simulation

  5. Modeling Uncertainties Monte Carlo Simulation: Approach • The approach follows the following steps: • Develop risk model • Define the shape and parameters of probability distributions of each input variable • Run Monte Carlo simulation • Build histogram for dependent variables in the model (risk and updated risk) • Compute summary statistics for dependent variables in model • Perform sensitivity analysis to detect variability sources • Analyze potential dependency relationships among variables in model

  6. Modeling Uncertainties Monte Carlo Simulation: Value of Assets Truncated Normal Distribution(mean = 50) • Asset values here are samples and do not represent collected data • In real cases real assets of the organization need to be identified • Value needs to be assigned to the assets

  7. Modeling Uncertainties Monte Carlo Simulation: Frequency of Threats • Annualized frequency of threats is required to compute the annualized loss expectancy. • This data can be collected from several sources • Tracking and collecting data from Internal logs • Report from agencies such as CERT

  8. Modeling Uncertainties Monte Carlo Simulation: Impact of Threats Triangular distribution (mode, max=1, min=0)

  9. Modeling UncertaintiesMonte Carlo Simulation: Controls Triangular distribution( mode, max=1, min=0)

  10. Histogram of Exposure Risk Modeling Uncertainties Monte Carlo Simulation: Risk Exposure Distribution Cumulative Distribution

  11. Histogram of Reduced Exposure Risk Modeling Uncertainties Monte Carlo Simulation: Reduced Risk Exposure Cumulative Distribution

  12. Modeling UncertaintiesMonte Carlo Simulation: Sensitivity Analysis

  13. Modeling UncertaintiesAssignment • Using the data provided in the case study, or your own risk analysis, use Monte Carlo Simulation to provide a graphical display.

  14. Modeling UncertaintiesSummary • Uncertainty exists in the analysis due to unknown or inaccurate values from data collected. • Simulation can be used to counteract uncertainty in the analysis. • First, a risk model and parameters and shape of probability distributions of each input variable should be defined. Then a Monte Carlo simulation should be run, a histogram built and summary statistics computed for the dependent variables. A sensitivity analysis should then be performed to detect sources of variability.

More Related