Defense trees for economic evaluation of security investments Stefano Bistarelli Fabio Fioravanti Pamela Peretti
|
|
- Anthony Harmon
- 6 years ago
- Views:
Transcription
1 Defense trees for economic evaluation of security investments Stefano Bistarelli Fabio Fioravanti Pamela Peretti Dipartimento di Scienze Università degli Studi G. d Annunzio Pescara, Italy
2 How to protect an organization s asset? What is the problem? Loss of data Diffusion of reserved information Interruption of service
3 Motivation Create a process to identify, describe and analyze the possible vulnerabilities of a system Provide an economic balance between the economic impact of risk and the cost of risk mitigation
4 Agenda Background Qualitative approach Attack trees Quantitative approach Economic indexes Defense trees = Attack tree + countermeasures Defense trees + quantitatives labels Economic evaluation of countermeasures
5 Qualitative approach A relative evaluation of: assets threats and vulnerabilities countermeasures Scenario analysis Attack trees
6 Attack trees An attack tree [Schneier00] is a tree-based structure where: the root is an asset of an IT system the paths from the root to the leaf are the way to achieve this goal the non-leaf nodes can be: and-nodes or-nodes or-nodes and-nodes root
7 Attack trees An attack tree can be transformed to its Disjunctive Normal Form [Mauw05] ((A or B) and C)=(A and C) or (B and C) C A C B C A B
8 Quantitative approach Assigns absolute numeric attribute values to: assets (asset value) threats and vulnerabilities (exposure factor, annualized rate of occurrence) countermeasures (cost, risk mitigated) Economic Indexes
9 Economic Indexes Return on Investment (ROI) a performance measure used to evaluate the efficiency of an investment
10 Agenda Background Qualitative approach Attack trees Quantitative approach Economic indexes Defense trees = Attack tree + countermeasures Defense trees + quantitatives labels
11 Building the defense tree 1. Create an attack tree,
12 Building the defense tree 2. Defense tree = attack tree + countermeasures
13 Building the defense tree 3. Label the defense tree using quantitative indexes and computing the Return on Investment 4. Label the defense tree using quantitative indexes and computing the Return on Attack [Cremonini05]
14 Return On Investment Asset Value (AV) AV=
15 Return On Investment Exposure Factor (EF) AV Asset Value AV= EF=90% EF=93%
16 Return On Investment Single Loss Exposure (SLE=AV EF) AV EF Asset Value Exposure Fact AV= SLE= EF=90% EF=93% SLE=93.000
17 Return On Investment Annualized Rate of Occurrence (ARO) AV EF SLE Asset Value Exposure Fact Single Loss Exposure AV= SLE= EF=90% EF=93% SLE= ARO=0,10 ARO=0,10
18 Return On Investment Annualized Loss Expectancy (ALE=SLE ARO) AV= AV EF SLE Asset Value Exposure Fact Single Loss Exposure ARO Annualized Ra of Occurrence SLE= ALE=9.000 EF=90% ARO=0,10 EF=93% ARO=0,10 SLE= ALE=9.300
19 Return On Investment Risk Mitigated by a countermeasure (RM) SLE= ALE=9.000 EF=90% ARO=0,10 AV= EF=93% ARO=0,10 SLE= ALE=9.300 AV EF SLE Asset Value Exposure Fact Single Loss Exposure ARO Annualized Ra of Occurrence ALE Annualized Los Expectancy RM=70% RM=10% RM=20% RM=10% RM=50% RM=50%
20 Return On Investment Cost of a Security Investment (CSI) SLE= ALE=9.000 EF=90% ARO=0,10 AV= EF=93% ARO=0,10 SLE= ALE=9.300 AV EF SLE Asset Value Exposure Fact Single Loss Exposure ARO Annualized Ra of Occurrence ALE RM Annualized Los Expectancy Risk Mitigated RM=70% RM=10% RM=20% RM=10% SI=1.500 CSI=3.000 CSI=300 CSI=3.000 RM=50% CSI= RM=50% CSI=12.000
21 Return On Investment AV Asset Value EF Exposure Fact SLE Single Loss Exposure AV= ARO Annualized Ra of Occurrence SLE= ALE=9.000 EF=90% ARO=0,10 EF=93% ARO=0,10 SLE= ALE=9.300 ALE RM Annualized Los Expectancy Risk Mitigated CSI Cost Security Investment RM=70% RM=10% RM=20% RM=10% SI=1.500 CSI=3.000 CSI=300 CSI=3.000 ROI=3,20 ROI=-0,70 ROI=5,20 ROI=-0,69 RM=50% CSI= ROI=-0,62 RM=50% CSI= ROI=-0,61
22 Return F.W. On Investment Consider EF as Uncertain variable with values in an interval (70<EF<95) (and similar for RM) Compute ROI/ROA indexes as intervals Study operations between intervals and notions of Optimistic combination Pessimistic combination Robustness (See works by Gervet-Yorke-Smith) AV= AV EF SLE Asset Value Exposure Fact Single Loss Exposure ARO Annualized Ra of Occurrence ALE RM CSI Annualized Los Expectancy Risk Mitigated Cost Security Investment SLE= ALE=9.000 EF=90% ARO=0,10 EF=93% ARO=0,10 SLE= ALE=9.300 RM=70% RM=10% RM=20% RM=10% SI=1.500 CSI=3.000 CSI=300 CSI=3.000 ROI=3,20 ROI=-0,70 ROI=5,20 ROI=-0,69 RM=50% CSI= ROI=-0,62 RM=50% CSI= ROI=-0,61
23 Return On Attack Gain that an attacker expects from an attack GI=30.000
24 Return On Attack Cost of an attack GI expected gain GI= Cost=4.000 Cost=4.200
25 Return On Attack Additional cost (loss) caused by a countermeasure S GI expected gain Cost cost before S GI= Cost=4.000 Cost=4.200 s= Loss=1.000 Loss=200 Loss= Loss= Loss= 1.500
26 Return On Attack GI expected gain Cost cost before S Loss loss caused by GI= Cost=4.000 Cost=4.200 s= Loss=1.000 Loss=200 Loss= ROA=5,00 ROA=6,00 ROA=6,82 ROA=5,77 Loss= ROA=5,45 Loss= ROA=5,26
27 Putting together the evaluations Maximize ROI minimize ROA max ROI min ROA a Pareto-optimal solution maximize a user-defined function of ROI and ROA F.W. CP-Nets
28 Putting together the evaluations Maximize ROI ROI=3,20 ROI=-0,70 ROI=5,20 ROI=-0,69 ROA=5,00 ROA=6,00 ROA=6,82 ROA=5,77 ROI=-0,62 ROI=-0,61 ROA=5,45 ROA=5,26
29 Putting together the evaluations Minimize ROA ROI=3,20 ROI=-0,70 ROI=5,20 ROI=-0,69 ROA=5,00 ROA=6,00 ROA=6,82 ROA=5,77 ROI=-0,62 ROI=-0,61 ROA=5,45 ROA=5,26
30 Putting together the evaluations max ROI min ROA ROI=3,20 ROI=-0,70 ROI=5,20 ROI=-0,69 ROA=5,00 ROA=6,00 ROA=6,82 ROA=5,77 ROI=-0,62 ROI=-0,61 ROA=5,45 ROA=5,26
31 Putting together the evaluations The Pareto-optimal countermeasure for the first attack ROA 10 c3 c2 c1 c1 c ROI c3
32 Putting together the evaluations The Pareto-optimal countermeasure for the second attack ROA 10 c5 c4 c4 c5 c ROI c6
33 F.W. CP-Nets Relations between possibilistic logic and cp-nets Uncertainties of attacks modelled as probability/possibility distribution (See: CP-Net, Possibility Theory (Prade, Dubois), Uncertainty and CP-Net (?Brent Phd Thesis?)) A 1 f A 2 A 1 c 1 f c 2 f c 3 A 2 c 4 f c 2 f c 3 c 4 f c 1 f c 2 f c 3
34 Conclusion and Future Work From Attack to Defense trees Defense trees + quantitative labels ROI ROA Evaluation of multiple attacks and countermeasure Heuristics to find the best configuration Minimum (cost) set cover Game Theory analysis Defense Graphs Constraint intervals to represent uncertain indexes (RM, ARO, EF)
Augmented Risk Analysis
Electronic Notes in Theoretical Computer Science 168 (2007) 207 220 www.elsevier.com/locate/entcs Augmented Risk Analysis Giampaolo Bella a,1 Stefano Bistarelli b,c,2 Pamela Peretti b,3 Salvatore Riccobene
More informationInformation Security Risk Management
Information Security Risk Management Based on ISO/IEC 17799 Houman Sadeghi Kaji Spread Spectrum Communication System PhD., Cisco Certified Network Professional Security Specialist BS7799 LA info@houmankaji.net
More informationPost-Class Quiz: Information Security and Risk Management Domain
1. Which choice below is the role of an Information System Security Officer (ISSO)? A. The ISSO establishes the overall goals of the organization s computer security program. B. The ISSO is responsible
More informationProject Management for the Professional Professional Part 3 - Risk Analysis. Michael Bevis, JD CPPO, CPSM, PMP
Project Management for the Professional Professional Part 3 - Risk Analysis Michael Bevis, JD CPPO, CPSM, PMP What is a Risk? A risk is an uncertain event or condition that, if it occurs, has a positive
More informationMIS 5206 Protection of Information Assets - Unit #4 - Risk Evaluation. MIS 5206 Protecting Information Assets
MIS 5206 Protection of Information Assets - Unit #4 - Risk Evaluation Agenda Where Role of InfoSec categorization fits Risk evaluation Who is responsible Risk management techniques Test taking tip Quiz
More informationCS188 Spring 2012 Section 4: Games
CS188 Spring 2012 Section 4: Games 1 Minimax Search In this problem, we will explore adversarial search. Consider the zero-sum game tree shown below. Trapezoids that point up, such as at the root, represent
More informationAdvanced Microeconomics
Advanced Microeconomics ECON5200 - Fall 2014 Introduction What you have done: - consumers maximize their utility subject to budget constraints and firms maximize their profits given technology and market
More informationRisk Management: Assessing and Controlling Risk
Risk Management: Assessing and Controlling Risk Introduction Competitive Disadvantage To keep up with the competition, organizations must design and create a safe environment in which business processes
More informationAN INTRODUCTION TO RISK CONSIDERATION
AN INTRODUCTION TO RISK CONSIDERATION Introduction This cookbook aims at recalling basic concepts and providing simple tools and possibilities of applying the "considering of risks and opportunities" in
More informationBANK RISK MANAGEMENT
BANK RISK MANAGEMENT Assoc. prof. Mădălina-Gabriela ANGHEL PhD (madalinagabriela_anghel@yahoo.com) Artifex University of Bucharest Lecturer Marian SFETCU PhD (sfetcum@yahoo.com) Artifex University of Bucharest
More informationCNAM Risk Management for Utility Managers
CNAM 2013 Heather McGinnity PEng. Region of Peel Project Manager Roop Lutchman, PEng. GHD Leader, Business Consulting May 07 th, 2013 Agenda 1. Introduction 2. Risk Management Framework 3. Case Study (Lake
More informationMBF1413 Quantitative Methods
MBF1413 Quantitative Methods Prepared by Dr Khairul Anuar 4: Decision Analysis Part 1 www.notes638.wordpress.com 1. Problem Formulation a. Influence Diagrams b. Payoffs c. Decision Trees Content 2. Decision
More informationProject Risk Management
Project Risk Management Introduction Unit 1 Unit 2 Unit 3 PMP Exam Preparation Project Integration Management Project Scope Management Project Time Management Unit 4 Unit 5 Unit 6 Unit 7 Project Cost Management
More informationADVANCED QUANTITATIVE SCHEDULE RISK ANALYSIS
ADVANCED QUANTITATIVE SCHEDULE RISK ANALYSIS DAVID T. HULETT, PH.D. 1 HULETT & ASSOCIATES, LLC 1. INTRODUCTION Quantitative schedule risk analysis is becoming acknowledged by many project-oriented organizations
More informationEssays on Some Combinatorial Optimization Problems with Interval Data
Essays on Some Combinatorial Optimization Problems with Interval Data a thesis submitted to the department of industrial engineering and the institute of engineering and sciences of bilkent university
More informationENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.
1. Purpose: 1.1. Pedernales Electric Cooperative ( PEC ) is committed to delivering low-cost, reliable and safe energy solutions for the benefit of our members. In order to improve the likelihood of achieving
More informationSmall Business Lending Learning Solution
Small Business Lending Learning Solution Small Business Lending addresses topics relevant to the small business lender with an emphasis on effective assessment of financial, market, and management risks.
More informationJohan Oscar Ong, ST, MT
Decision Analysis Johan Oscar Ong, ST, MT Analytical Decision Making Can Help Managers to: Gain deeper insight into the nature of business relationships Find better ways to assess values in such relationships;
More informationProject Theft Management,
Project Theft Management, by applying best practises of Project Risk Management Philip Rosslee, BEng. PrEng. MBA PMP PMO Projects South Africa PMO Projects Group www.pmo-projects.co.za philip.rosslee@pmo-projects.com
More informationUse of the Risk Driver Method in Monte Carlo Simulation of a Project Schedule
Use of the Risk Driver Method in Monte Carlo Simulation of a Project Schedule Presented to the 2013 ICEAA Professional Development & Training Workshop June 18-21, 2013 David T. Hulett, Ph.D. Hulett & Associates,
More information13.1 Quantitative vs. Qualitative Analysis
436 The Security Risk Assessment Handbook risk assessment approach taken. For example, the document review methodology, physical security walk-throughs, or specific checklists are not typically described
More informationOptimal prepayment of Dutch mortgages*
137 Statistica Neerlandica (2007) Vol. 61, nr. 1, pp. 137 155 Optimal prepayment of Dutch mortgages* Bart H. M. Kuijpers ABP Investments, P.O. Box 75753, NL-1118 ZX Schiphol, The Netherlands Peter C. Schotman
More informationMODULE 5 PROJECT RISK MANAGEMENT, PROCUREMENT AND CONTRACTS
Advanced Project Management MODULE 5 PROJECT RISK MANAGEMENT, PROCUREMENT AND CONTRACTS 06 07 November 2018 Facilitator: Mr Mondli Mbambo Module Purpose Project Risk & Procurement Managment Knowledge Risk
More informationInformation Security Risk Assessment by Using Bayesian Learning Technique
Information Security Risk Assessment by Using Bayesian Learning Technique Farhad Foroughi* Abstract The organisations need an information security risk management to evaluate asset's values and related
More informationRisk Management FUN! Humor Me
Risk Management FUN! Humor Me Leveraging Project Risk Management to Solidify Your RIM Business Continuity P R E S E N T E D B Y : M A R Y L. C L I N T O N, M B A, P M P W E D N E S D A Y, J U N E 2 1,
More informationCMPSCI 311: Introduction to Algorithms Second Midterm Practice Exam SOLUTIONS
CMPSCI 311: Introduction to Algorithms Second Midterm Practice Exam SOLUTIONS November 17, 2016. Name: ID: Instructions: Answer the questions directly on the exam pages. Show all your work for each question.
More informationQ1. [?? pts] Search Traces
CS 188 Spring 2010 Introduction to Artificial Intelligence Midterm Exam Solutions Q1. [?? pts] Search Traces Each of the trees (G1 through G5) was generated by searching the graph (below, left) with a
More informationRisk Assessment in the CBA process. Bruxelles, 30/9/2015 Antonio Carrarini JASPERS - Vienna Office
Risk Assessment in the CBA process Bruxelles, 30/9/2015 Antonio Carrarini JASPERS - Vienna Office Overview Reg. (EU) 1303/2013 ( Common provisions on the ERDF ) includes general requirements related to
More informationAgenda. Lecture 2. Decision Analysis. Key Characteristics. Terminology. Structuring Decision Problems
Agenda Lecture 2 Theory >Introduction to Making > Making Without Probabilities > Making With Probabilities >Expected Value of Perfect Information >Next Class 1 2 Analysis >Techniques used to make decisions
More informationAgent and Object Technology Lab Dipartimento di Ingegneria dell Informazione Università degli Studi di Parma. Distributed and Agent Systems
Agent and Object Technology Lab Dipartimento di Ingegneria dell Informazione Università degli Studi di Parma Distributed and Agent Systems Coordination Prof. Agostino Poggi Coordination Coordinating is
More informationTOBB-ETU, Economics Department Macroeconomics II (ECON 532) Practice Problems III
TOBB-ETU, Economics Department Macroeconomics II ECON 532) Practice Problems III Q: Consumption Theory CARA utility) Consider an individual living for two periods, with preferences Uc 1 ; c 2 ) = uc 1
More informationDecision making in the presence of uncertainty
CS 2750 Foundations of AI Lecture 20 Decision making in the presence of uncertainty Milos Hauskrecht milos@cs.pitt.edu 5329 Sennott Square Decision-making in the presence of uncertainty Computing the probability
More informationTrade Expenditure and Trade Utility Functions Notes
Trade Expenditure and Trade Utility Functions Notes James E. Anderson February 6, 2009 These notes derive the useful concepts of trade expenditure functions, the closely related trade indirect utility
More informationRisk Management at the Deutsche Bundesbank March 2011
Risk Management at the Deutsche Bundesbank March 2011 (C) Deutsche Bundesbank - Division Organisation 1 Agenda Definition of risk management [3] Factors of influence to review the RM set up [4] The Framework
More informationDecision Trees Using TreePlan
Decision Trees Using TreePlan 6 6. TREEPLAN OVERVIEW TreePlan is a decision tree add-in for Microsoft Excel 7 & & & 6 (Windows) and Microsoft Excel & 6 (Macintosh). TreePlan helps you build a decision
More informationThe Course So Far. Atomic agent: uninformed, informed, local Specific KR languages
The Course So Far Traditional AI: Deterministic single agent domains Atomic agent: uninformed, informed, local Specific KR languages Constraint Satisfaction Logic and Satisfiability STRIPS for Classical
More informationDecision Analysis CHAPTER LEARNING OBJECTIVES CHAPTER OUTLINE. After completing this chapter, students will be able to:
CHAPTER 3 Decision Analysis LEARNING OBJECTIVES After completing this chapter, students will be able to: 1. List the steps of the decision-making process. 2. Describe the types of decision-making environments.
More informationOptimizing the Incremental Delivery of Software Features under Uncertainty
Optimizing the Incremental Delivery of Software Features under Uncertainty Olawole Oni, Emmanuel Letier Department of Computer Science, University College London, United Kingdom. {olawole.oni.14, e.letier}@ucl.ac.uk
More informationChapter 18 Student Lecture Notes 18-1
Chapter 18 Student Lecture Notes 18-1 Business Statistics: A Decision-Making Approach 6 th Edition Chapter 18 Introduction to Decision Analysis 5 Prentice-Hall, Inc. Chap 18-1 Chapter Goals After completing
More informationIntegrated Cost Schedule Risk Analysis Using the Risk Driver Approach
Integrated Cost Schedule Risk Analysis Using the Risk Driver Approach Qatar PMI Meeting February 19, 2014 David T. Hulett, Ph.D. Hulett & Associates, LLC 1 The Traditional 3-point Estimate of Activity
More informationDecision Making Supplement A
Decision Making Supplement A Break-Even Analysis Break-even analysis is used to compare processes by finding the volume at which two different processes have equal total costs. Break-even point is the
More informationRISK MANAGEMENT POLICY OF HEXA TRADEX LIMITED (W.E.F )
RISK MANAGEMENT POLICY OF HEXA TRADEX LIMITED (W.E.F 01.10.2014) BACKGROUND This document lays down the framework of Risk Management at Hexa Tradex Limited (hereinafter referred to as the Company ) and
More informationTheir opponent will play intelligently and wishes to maximize their own payoff.
Two Person Games (Strictly Determined Games) We have already considered how probability and expected value can be used as decision making tools for choosing a strategy. We include two examples below for
More informationA Framework for Incorporating Insurance into Critical Infrastructure Cyber Risk Strategies
Air Force Institute of Technology AFIT Scholar Theses and Dissertations 3-24-2016 A Framework for Incorporating Insurance into Critical Infrastructure Cyber Risk Strategies Derek R. Young Follow this and
More informationReview of Production Theory: Chapter 2 1
Review of Production Theory: Chapter 2 1 Why? Trade is a residual (EX x = Q x -C x; IM y= C y- Q y) Understand the determinants of what goods and services a country produces efficiently and which inefficiently.
More informationSubject : Computer Science. Paper: Machine Learning. Module: Decision Theory and Bayesian Decision Theory. Module No: CS/ML/10.
e-pg Pathshala Subject : Computer Science Paper: Machine Learning Module: Decision Theory and Bayesian Decision Theory Module No: CS/ML/0 Quadrant I e-text Welcome to the e-pg Pathshala Lecture Series
More informationProject Planning. Identifying the Work to Be Done. Gantt Chart. A Gantt Chart. Given: Activity Sequencing Network Diagrams
Project Planning Identifying the Work to Be Done Activity Sequencing Network Diagrams Given: Statement of work written description of goals work & time frame of project Work Breakdown Structure Be able
More informationA Hybrid Solver for Constrained Portfolio Selection Problems preliminary report
A Hybrid Solver for Constrained Portfolio Selection Problems preliminary report Luca Di Gaspero 1, Giacomo di Tollo 2, Andrea Roli 3, Andrea Schaerf 1 1. DIEGM, Università di Udine, via delle Scienze 208,
More informationSCHOOL OF BUSINESS, ECONOMICS AND MANAGEMENT. BF360 Operations Research
SCHOOL OF BUSINESS, ECONOMICS AND MANAGEMENT BF360 Operations Research Unit 5 Moses Mwale e-mail: moses.mwale@ictar.ac.zm BF360 Operations Research Contents Unit 5: Decision Analysis 3 5.1 Components
More informationMohammad Hossein Manshaei 1394
Mohammad Hossein Manshaei manshaei@gmail.com 1394 Let s play sequentially! 1. Sequential vs Simultaneous Moves. Extensive Forms (Trees) 3. Analyzing Dynamic Games: Backward Induction 4. Moral Hazard 5.
More informationProject Management. Managing Risk. Clifford F. Gray Eric W. Larson Third Edition. Chapter 7
Project Management THE MANAGERIAL PROCESS Clifford F. Gray Eric W. Larson Third Edition Chapter 7 Managing Risk Copyright 2006 The McGraw-Hill Companies. All rights reserved. PowerPoint Presentation by
More informationInteractive Multiobjective Fuzzy Random Programming through Level Set Optimization
Interactive Multiobjective Fuzzy Random Programming through Level Set Optimization Hideki Katagiri Masatoshi Sakawa Kosuke Kato and Ichiro Nishizaki Member IAENG Abstract This paper focuses on multiobjective
More informationGame Theory. Lecture Notes By Y. Narahari. Department of Computer Science and Automation Indian Institute of Science Bangalore, India October 2012
Game Theory Lecture Notes By Y. Narahari Department of Computer Science and Automation Indian Institute of Science Bangalore, India October 2012 COOPERATIVE GAME THEORY Coalitional Games: Introduction
More informationLogistics. Lecture notes. Maria Grazia Scutellà. Dipartimento di Informatica Università di Pisa. September 2015
Logistics Lecture notes Maria Grazia Scutellà Dipartimento di Informatica Università di Pisa September 2015 These notes are related to the course of Logistics held by the author at the University of Pisa.
More informationRisk Management in Italy: State of the art and perspectives. PMI Rome Italy Chapter
Risk Management in Italy: State of the art and perspectives Marco Giorgino, Full Professor of Global Risk Management, Politecnico di Milano PMI Rome Italy Chapter November, 5 th 2009 Agenda 2» What is
More informationLecture l(x) 1. (1) x X
Lecture 14 Agenda for the lecture Kraft s inequality Shannon codes The relation H(X) L u (X) = L p (X) H(X) + 1 14.1 Kraft s inequality While the definition of prefix-free codes is intuitively clear, we
More information1. better to stick. 2. better to switch. 3. or does your second choice make no difference?
The Monty Hall game Game show host Monty Hall asks you to choose one of three doors. Behind one of the doors is a new Porsche. Behind the other two doors there are goats. Monty knows what is behind each
More informationLog-Robust Portfolio Management
Log-Robust Portfolio Management Dr. Aurélie Thiele Lehigh University Joint work with Elcin Cetinkaya and Ban Kawas Research partially supported by the National Science Foundation Grant CMMI-0757983 Dr.
More informationRisk Analysis for Critical Infrastructure and Key Asset Protection: Methods and Challenges
Risk Analysis for Critical Infrastructure and Key Asset Protection: Methods and Challenges Bilal M. Ayyub, Professor and Director University of Maryland at College Park Terrorism Risk Analysis A CREATE
More informationBy Mohammed Abdullah Al Mehrezi
By Mohammed Abdullah Al Mehrezi JUSTIFICATION FOR THE STUDY In January 2008, six member states of the Gulf Cooperation Countries (GCC) agreed to launch a common market to increase investment and trade
More informationAlgorithmic Game Theory and Applications. Lecture 11: Games of Perfect Information
Algorithmic Game Theory and Applications Lecture 11: Games of Perfect Information Kousha Etessami finite games of perfect information Recall, a perfect information (PI) game has only 1 node per information
More informationMicroeconomics of Banking: Lecture 5
Microeconomics of Banking: Lecture 5 Prof. Ronaldo CARPIO Oct. 23, 2015 Administrative Stuff Homework 2 is due next week. Due to the change in material covered, I have decided to change the grading system
More informationAn Overview of the Enterprise Risk Management Process
An Overview of the Enterprise Risk Management Process Laureen Regan, Ph.D. Fox School of Business and Management Temple University What is Enterprise Risk Management? Risk Management is "the culture, processes
More informationA Framework for Risk Assessment in Egyptian Real Estate Projects using Fuzzy Approach
A Framework for Risk Assessment in Egyptian Real Estate Projects using Fuzzy Approach By Ahmed Magdi Ibrahim Aboshady A Thesis Submitted to the Faculty of Engineering at Cairo University In Partial Fulfillment
More information(a) Describe the game in plain english and find its equivalent strategic form.
Risk and Decision Making (Part II - Game Theory) Mock Exam MIT/Portugal pages Professor João Soares 2007/08 1 Consider the game defined by the Kuhn tree of Figure 1 (a) Describe the game in plain english
More informationAssessing Reliability as the Electric Power Industry Restructures
Energy Laboratory MIT EL 00-008 WP Massachusetts Institute of Technology Assessing Reliability as the Electric Power Industry Restructures November 2000 Assessing Reliability as the Electric Power Industry
More informationAction Selection for MDPs: Anytime AO* vs. UCT
Action Selection for MDPs: Anytime AO* vs. UCT Blai Bonet 1 and Hector Geffner 2 1 Universidad Simón Boĺıvar 2 ICREA & Universitat Pompeu Fabra AAAI, Toronto, Canada, July 2012 Online MDP Planning and
More informationNotes for the Course Autonomous Agents and Multiagent Systems 2017/2018. Francesco Amigoni
Notes for the Course Autonomous Agents and Multiagent Systems 2017/2018 Francesco Amigoni Current address: Dipartimento di Elettronica, Informazione e Bioingegneria, Politecnico di Milano, Piazza Leonardo
More informationChapter 2 supplement. Decision Analysis
Chapter 2 supplement At the operational level hundreds of decisions are made in order to achieve local outcomes that contribute to the achievement of the company's overall strategic goal. These local outcomes
More informationRISK-LEVEL ASSESSMENT SYSTEM ON BENGAWAN SOLO S FLOOD PRONE AREAS USING AHP AND WEB GIS
rhadint@it.student.pens.ac.id RISK-LEVEL ASSESSMENT SYSTEM ON BENGAWAN SOLO S FLOOD PRONE AREAS USING AHP AND WEB GIS H A R I S R A H A D I A N TO A R N A FA R I Z A JAUA R I A K H M A D N U R H A S I
More informationDeveloping Optimized Maintenance Work Programs for an Urban Roadway Network using Pavement Management System
Developing Optimized Maintenance Work Programs for an Urban Roadway Network using Pavement Management System M. Arif Beg, PhD Principal Consultant, AgileAssets Inc. Ambarish Banerjee, PhD Consultant, AgileAssets
More informationOperational Risk in the Basel framework
Operational Risk in the Basel framework Xavier-Yves Zanota BIS September, 27 Lisboa XV CONFERENCE OF AUDITING, RISK AND GOVERNANCE Risk Governance Presentation agenda Operational risk in the Basel framework
More informationInformation Technology Project Management, Sixth Edition
Management, Sixth Edition Prepared By: Izzeddin Matar. Note: See the text itself for full citations. Understand what risk is and the importance of good project risk management Discuss the elements involved
More informationRisk Management Plan for the <Project Name> Prepared by: Title: Address: Phone: Last revised:
for the Prepared by: Title: Address: Phone: E-mail: Last revised: Document Information Project Name: Prepared By: Title: Reviewed By: Document Version No: Document Version Date: Review Date:
More informationThe ALM & Market Risk Management
RISK MANAGEMENT Overview of Risk Management Basic Approach to Risk Management Financial deregulation, internationalization and the increasing use of securities markets for financing and investment have
More informationPresented by Kristina Narvaez President & CEO ERM Strategies, LLC
Presented by Kristina Narvaez President & CEO ERM Strategies, LLC www.erm-strategies.com Regulations to Support Value Creation Sarbanes Oxley 2002 NYSE 2004 SEC 33-9089 Dodd Frank Section 165 Part C S
More informationIntroduction to Decision Analysis
Session # Page Decisions Under Certainty State of nature is certain (one state) Select decision that yields the highest return Examples: Product Mix Diet Problem Distribution Scheduling Decisions Under
More informationPricing Kernel. v,x = p,y = p,ax, so p is a stochastic discount factor. One refers to p as the pricing kernel.
Payoff Space The set of possible payoffs is the range R(A). This payoff space is a subspace of the state space and is a Euclidean space in its own right. 1 Pricing Kernel By the law of one price, two portfolios
More informationIntegrated Cost Schedule Risk Analysis Using the Risk Driver Approach
Integrated Cost Schedule Risk Analysis Using the Risk Driver Approach David T. Hulett, Ph.D. Hulett & Associates 24rd Annual International IPM Conference Bethesda, Maryland 29 31 October 2012 (C) 2012
More informationHaeryip Sihombing 1. Risk. Risk Management
Project Management Managing Risk 7 Haeryip Sihombing Universiti Teknikal Malaysia Melaka (UTeM) BMFP 4542 1 2 Risk Management Process The Risk Event Graph Risk Uncertain or chance events that planning
More information95 Express Dynamic Pricing
95 Express Dynamic Pricing 2014 ITS 3C Summit September 17, 2014 Charles Robbins, PE Agenda Dynamic Pricing Overview Parameter Adjustments Preparing For Phase 2 Lessons Learned 2 I-95 Southbound heading
More informationAlgorithms and Networking for Computer Games
Algorithms and Networking for Computer Games Chapter 4: Game Trees http://www.wiley.com/go/smed Game types perfect information games no hidden information two-player, perfect information games Noughts
More informationItalian PPP applications: A theoretical framework
Symposium: Public Private Partnerships in Transport: Trends & Theory Research Roadmap Lisbon, 12 January 2011 Italian applications: A theoretical framework Nunzia Carbonara Nicola Costantino Roberta Pellegrino
More informationAnalysis of Utility Theory on VLSI Cell Placement
Appl. Math. Inf. Sci. 8, No. 4, 1611-1616 (2014) 1611 Applied Mathematics & Information Sciences An International Journal http://dx.doi.org/10.12785/amis/080415 Analysis of Utility Theory on VLSI Cell
More information6/7/2018. Overview PERT / CPM PERT/CPM. Project Scheduling PERT/CPM PERT/CPM
/7/018 PERT / CPM BSAD 0 Dave Novak Summer 018 Overview Introduce PERT/CPM Discuss what a critical path is Discuss critical path algorithm Example Source: Anderson et al., 01 Quantitative Methods for Business
More informationSTOCHASTIC PROGRAMMING FOR ASSET ALLOCATION IN PENSION FUNDS
STOCHASTIC PROGRAMMING FOR ASSET ALLOCATION IN PENSION FUNDS IEGOR RUDNYTSKYI JOINT WORK WITH JOËL WAGNER > city date
More informationINSE 6230 Total Quality Project Management
INSE 6230 Total Quality Project Management Lecture 6 Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project
More informationQuantitative Trading System For The E-mini S&P
AURORA PRO Aurora Pro Automated Trading System Aurora Pro v1.11 For TradeStation 9.1 August 2015 Quantitative Trading System For The E-mini S&P By Capital Evolution LLC Aurora Pro is a quantitative trading
More informationEnterprise Risk Management From Book to Board Room
Enterprise Risk Management From Book to Board Room Raghuraman Ranganathan Senior Manager, Corporate Risk Center of Excellence Enterprise Risk Management Wipro Limited What do we have here. 120 Mins..time
More information1. Introduction 2. Model Formulation 3. Solution Approach 4. Case Study and Findings 5. On-going Research
1. Introduction 2. Model Formulation 3. Solution Approach 4. Case Study and Findings 5. On-going Research Natural disasters have caused: Huge amount of economical loss Fatal injuries Through effective
More information1 of 14 4/27/2009 7:45 AM
1 of 14 4/27/2009 7:45 AM Chapter 7 - Network Models in Project Management INTRODUCTION Most realistic projects that organizations like Microsoft, General Motors, or the U.S. Defense Department undertake
More informationRegret Minimization and Security Strategies
Chapter 5 Regret Minimization and Security Strategies Until now we implicitly adopted a view that a Nash equilibrium is a desirable outcome of a strategic game. In this chapter we consider two alternative
More informationLinear functions Increasing Linear Functions. Decreasing Linear Functions
3.5 Increasing, Decreasing, Max, and Min So far we have been describing graphs using quantitative information. That s just a fancy way to say that we ve been using numbers. Specifically, we have described
More informationChapter 3. Decision Analysis. Learning Objectives
Chapter 3 Decision Analysis To accompany Quantitative Analysis for Management, Eleventh Edition, by Render, Stair, and Hanna Power Point slides created by Brian Peterson Learning Objectives After completing
More informationModule 15 July 28, 2014
Module 15 July 28, 2014 General Approach to Decision Making Many Uses: Capacity Planning Product/Service Design Equipment Selection Location Planning Others Typically Used for Decisions Characterized by
More informationProgressive Hedging for Multi-stage Stochastic Optimization Problems
Progressive Hedging for Multi-stage Stochastic Optimization Problems David L. Woodruff Jean-Paul Watson Graduate School of Management University of California, Davis Davis, CA 95616, USA dlwoodruff@ucdavis.edu
More informationFinite Memory and Imperfect Monitoring
Federal Reserve Bank of Minneapolis Research Department Finite Memory and Imperfect Monitoring Harold L. Cole and Narayana Kocherlakota Working Paper 604 September 2000 Cole: U.C.L.A. and Federal Reserve
More informationManaging Project Risks. Dr. Eldon R. Larsen, Marshall University Mr. Ryland W. Musick, West Virginia Division of Highways
Managing Project Risks Dr. Eldon R. Larsen, Marshall University Mr. Ryland W. Musick, West Virginia Division of Highways Abstract Nearly all projects have risks, both known and unknown. Appropriately managing
More informationCFA Level II - LOS Changes
CFA Level II - LOS Changes 2017-2018 Ethics Ethics Ethics Ethics Ethics Ethics Ethics Ethics Ethics Topic LOS Level II - 2017 (464 LOS) LOS Level II - 2018 (465 LOS) Compared 1.1.a 1.1.b 1.2.a 1.2.b 1.3.a
More informationCHAPTER 6 CRASHING STOCHASTIC PERT NETWORKS WITH RESOURCE CONSTRAINED PROJECT SCHEDULING PROBLEM
CHAPTER 6 CRASHING STOCHASTIC PERT NETWORKS WITH RESOURCE CONSTRAINED PROJECT SCHEDULING PROBLEM 6.1 Introduction Project Management is the process of planning, controlling and monitoring the activities
More information