1. HiG
  2. Studiehåndbok
  3. Studiehåndbøker
  4. 2008-2009
  5. Emner
  6. Avdeling for informatikk og medieteknikk
  7. IMT4771 Foundations of Risk Analysis

Foundations of Risk Analysis
2008-2009 - IMT4771 - 5sp

Forventet læringsutbytte

After the course the students should have:
- advanced level of understanding of assumptions and models on which risk analysis methods are based.
- deep understanding of how different assumptions/models influence outcomes of different risk analysis methods

Emnets temaer

1. Adversary models

2. Uncertainty

3. Game theory

4. Methods for risk assessment

Pedagogiske metoder

Forelesninger
Oppgaveløsning

Vurderingsformer

Annet

Vurderingsformer

  • Written exam (alternatively oral exam): 51%
  • Projects: 49%.
  • Both parts must be passed.

Karakterskala

Bokstavkarakterer, A (best) - F (ikke bestått)

Sensorordning

Evaluated by external examiner.

Utsatt eksamen (tidl. kontinuasjon)

The whole subject must be repeated.

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

Approved calculator

Obligatoriske arbeidskrav

None

Læremidler

Books:

Selected chapters from the following or similar books:

[1] Douglas J. Landoll. The security Risk Assessment Handbook. Auerbach Publications,

2006.

[2] Joseph Y. Halpern. Reasoning about uncertainty. The MIT Press, 2005.

[3] Drew Fudenberg and Jean Tirole. Game Theory. The MIT Press, 1991.

[4] Terje Aven. Foundations of Risk Analysis. Wiley, 2003.

[5] Tim Bedford and Roger Cooke. Probabilistic Risk Analysis - Foundations and methods. Cambridge University Press, 2006

Selected articles, e.g a subset of

[6] J. A. Adams. 'Richter scale for risk'? Scientifiic management of uncertainty versus

management of scientificc uncertainty. Interdiscip Sci Rev, 23:146-155, 1998.

[7] Ross Anderson and Tyler Moore. The economics of information security. Science, pages 610-613, October 2006.

[8] D. J. Bodeau. A conceptual model for computer security risk analysis. In Proceedings

of the Eighth Annual Computer Security Applications Conference, pages 56-63, San Antonio, TX, USA, 1992. IEEE Press

[9] H. Campbell. Risk assessment: subjective or objective? Engineering science and education journal, 7:57 -63, 1998.

[10] Philip L. Campbell and Jason E. Stamp. A classification scheme for risk assessment methods. Technical Report SAND2004-4233, Sandia National Laboratories1, 2004

[11] Lawrence A. Gordon and Martin P. Loeb. The economics of information security

investment. ACM Trans. Inf. Syst. Secur., 5(4):438-457, 2002.

[12] Yacov Y. Haimes. Total risk management. Risk Analysis, 11(2), 1991.

[13] Kjell Hausken. Probabilistic risk analysis and game theory. Risk Analysis, 22(1):17-27, 2002.

[14] Peng Liu, Wanyu Zang, and Meng Yu. Incentive-based modeling and inference of

attacker intent, objectives, and strategies. ACM Trans. Inf. Syst. Secur., 8(1):78-118,

2005.

[15] Yu Liu, Cristina Comaniciu, and Hong Man. A bayesian game approach for intrusion

detection in wireless ad hoc networks. In GameNets '06: Proceeding from the 2006

workshop on Game theory for communications and networks, page 4, New York, NY,

USA, 2006. ACM Press.

[16] Kong-wei Lye and Jeanette Wing. Game strategies in network security. Technical

Report CMU-CS-02-136, School of computer Science, Carnegie Mellon University,

2002.

[17] NIST. Draft special publication 800-53a, guide for assessing the security controls in

federal information systems, 2006.

[18] Felix Redmill. Risk analysis - a subjective process. Engineering Management Journal

(IEE), 12(2), April 2002.

[19] Emily M. Smith. Designing for sabotage. Mechanical engineering online, september 2002.

Supplerende opplysninger

There is room for 50 students for the course.