Security Investment in Contagious Networks

Security of the systems is normally interdependent in such a way that security risks of one part affect other parts and threats spread through the vulnerable links in the network. So, the risks of the systems can be mitigated through investments in the security of interconnecting links. This article takes an innovative look at the problem of security investment of nodes on their vulnerable links in a given contagious network as a game‐theoretic model that can be applied to a variety of applications including information systems. In the proposed game model, each node computes its corresponding risk based on the value of its assets, vulnerabilities, and threats to determine the optimum level of security investments on its external links respecting its limited budget. Furthermore, direct and indirect nonlinear influences of a node's security investment on the risks of other nodes are considered. The existence and uniqueness of the game's Nash equilibrium in the proposed game are also proved. Further analysis of the model in a practical case revealed that taking advantage of the investment effects of other players, perfectly rational players (i.e., those who use the utility function of the proposed game model) make more cost‐effective decisions than selfish nonrational or semirational players.     

Sourcing Information Security Operations: The Role of Risk Interdependency and Competitive Externality in Outsourcing Decisions

Firms are increasingly outsourcing information security operations to managed security service providers (MSSPs). Cost reduction and quality (security) improvement are often mentioned as motives for outsourcing information security, and these are also the frequently cited reasons for outsourcing traditional information technology (IT) functions, such as software development and maintenance. In this study, we present a different explanation—one based on interdependent risks and competitive externalities associated with IT security—for firms' decisions to outsource security. We show that in the absence of competitive externalities and interdependent risks, a firm will outsource security if and only if the MSSP offers a quality advantage over in‐house operations, which is consistent with the conventional explanation for security outsourcing. However, when security risks are interdependent and breaches impose competitive externalities, although firms still have stronger incentive to outsource security if the MSSP offers a higher quality in terms of preventing breaches than in‐house management, a quality advantage of MSSP over in‐house management is neither a prerequisite for a firm to outsource security nor a guarantee that a firm will. In addition to MSSP quality, the type of externality (positive or negative), the degree of externality, whether outsourcing increases or decreases risk interdependency, and the breach characteristics determine firms' sourcing decisions. When security breaches impose a positive externality, the incentive to outsource is enhanced if the MSSP decreases the risk interdependency and diminished if the MSSP increases this interdependency. A negative externality has the opposite effect on firms' incentives to outsource. A high demand spillover to a competitor, together with a high loss in industry demand because of a security breach, enhances these incentives to outsource security operations when the externality is negative. Finally, we extend our base model in several dimensions and show that our main results regarding the impact of interdependent risks and competitive externalities on sourcing decisions are robust and generalizable to different specifications.     

THE LIQUIDITY SERVICE OF BENCHMARK SECURITIES

We demonstrate that benchmark securities allow heterogeneously informed investors to create trading strategies that are perfectly aligned with their signals. Investors who are informed about security‐specific risks but uninformed about systematic risks can take an offsetting position in benchmark securities to eliminate exposure to adverse selection in systematic risks, while investors who are informed about systematic risks but uninformed about security‐specific risks can trade systematic risks exclusively using benchmark securities. We further show that introduction of benchmark securities encourages more investors to acquire both security‐specific and systematic‐factor information, which leads to increased liquidity and price informativeness for all individual securities. (JEL: G10, G12, G14)     

Some Limitations of Qualitative Risk Rating Systems

Qualitative systems for rating animal antimicrobial risks using ordered categorical labels such as “high,”“medium,” and “low” can potentially simplify risk assessment input requirements used to inform risk management decisions. But do they improve decisions? This article compares the results of qualitative and quantitative risk assessment systems and establishes some theoretical limitations on the extent to which they are compatible. In general, qualitative risk rating systems satisfying conditions found in real‐world rating systems and guidance documents and proposed as reasonable make two types of errors: (1) Reversed rankings, i.e., assigning higher qualitative risk ratings to situations that have lower quantitative risks; and (2) Uninformative ratings, e.g., frequently assigning the most severe qualitative risk label (such as “high”) to situations with arbitrarily small quantitative risks and assigning the same ratings to risks that differ by many orders of magnitude. Therefore, despite their appealing consensus‐building properties, flexibility, and appearance of thoughtful process in input requirements, qualitative rating systems as currently proposed often do not provide sufficient information to discriminate accurately between quantitatively small and quantitatively large risks. The value of information (VOI) that they provide for improving risk management decisions can be zero if most risks are small but a few are large, since qualitative ratings may then be unable to confidently distinguish the large risks from the small. These limitations suggest that it is important to continue to develop and apply practical quantitative risk assessment methods, since qualitative ones are often unreliable.     

Health Risk Assessment for Planned Waste Incinerators: Getting the Right Science and the Science Right

Health risk assessment is widely advocated in the United Kingdom as the most comprehensive means of assessing the health risks posed by the emissions of a planned waste incinerator. Its main advantage over other methods of assessment, such as air quality impact assessment, is its ability to address explicitly the direct (inhalation) and indirect (ingestion and dermal contact) health risks posed by different chemicals, including those that are not thought to have a threshold below which no adverse effect will take place. This article examines the level and quality of the emissions assessments included in 61 waste incinerator environmental statements (ESs); in particular, it focuses on the quality of the exposure assessment and risk characterization stages of the health risk assessment process. The article concludes that the ES has not always provided interested stakeholders with the best available information upon which to determine the tolerability of the health risks posed by waste incinerator emissions Some recommendations are made as to how this problem might be addressed in future environmental impact assessment (EIA) processes.     

Modeling Risk‐Related Knowledge in Tunneling Projects

Knowledge on failure events and their associated factors, gained from past construction projects, is regarded as potentially extremely useful in risk management. However, a number of circumstances are constraining its wider use. Such knowledge is usually scarce, seldom documented, and even unavailable when it is required. Further, there exists a lack of proven methods to integrate and analyze it in a cost‐effective way. This article addresses possible options to overcome these difficulties. Focusing on limited but critical potential failure events, the article demonstrates how knowledge on a number of important potential failure events in tunnel works can be integrated. The problem of unavailable or incomplete information was addressed by gathering judgments from a group of experts. The elicited expert knowledge consisted of failure scenarios and associated probabilistic information. This information was integrated using Bayesian belief‐networks‐based models that were first customized in order to deal with the expected divergence in judgments caused by epistemic uncertainty of risks. The work described in the article shows that the developed models that integrate risk‐related knowledge provide guidance as to the use of specific remedial measures.     

On Determining Specifications and Selections of Alternative Technologies for Airport Checked-Baggage Security Screening

Federal law mandates that every checked bag at all commercial airports be screened by explosive detection systems (EDS), explosive trace detection systems (ETD), or alternative technologies. These technologies serve as critical components of airport security systems that strive to reduce security risks at both national and global levels. To improve the operational efficiency and airport security, emerging image-based technologies have been developed, such as dual-energy X-ray (DX), backscatter X-ray (BX), and multiview tomography (MVT). These technologies differ widely in purchasing cost, maintenance cost, operating cost, processing rate, and accuracy. Based on a mathematical framework that takes into account all these factors, this article investigates two critical issues for operating screening devices: setting specifications for continuous security responses by different technologies; and selecting technology or combination of technologies for efficient 100% baggage screening. For continuous security responses, specifications or thresholds are used for classifying threat items from nonthreat items. By investigating the setting of specifications on system security responses, this article assesses the risk and cost effectiveness of various technologies for both single-device and two-device systems. The findings provide the best selection of image-based technologies for both single-device and two-device systems. Our study suggests that two-device systems outperform single-device systems in terms of both cost effectiveness and accuracy. The model can be readily extended to evaluate risk and cost effectiveness of multiple-device systems for airport checked-baggage security screening.     

A Framework for Linking Cybersecurity Metrics to the Modeling of Macroeconomic Interdependencies

Hierarchical decision making is a multidimensional process involving management of multiple objectives (with associated metrics and tradeoffs in terms of costs, benefits, and risks), which span various levels of a large-scale system. The nation is a hierarchical system as it consists multiple classes of decisionmakers and stakeholders ranging from national policymakers to operators of specific critical infrastructure subsystems. Critical infrastructures (e.g., transportation, telecommunications, power, banking, etc.) are highly complex and interconnected. These interconnections take the form of flows of information, shared security, and physical flows of commodities, among others. In recent years, economic and infrastructure sectors have become increasingly dependent on networked information systems for efficient operations and timely delivery of products and services. In order to ensure the stability, sustainability, and operability of our critical economic and infrastructure sectors, it is imperative to understand their inherent physical and economic linkages, in addition to their cyber interdependencies. An interdependency model based on a transformation of the Leontief input-output (I-O) model can be used for modeling: (1) the steady-state economic effects triggered by a consumption shift in a given sector (or set of sectors); and (2) the resulting ripple effects to other sectors. The inoperability metric is calculated for each sector; this is achieved by converting the economic impact (typically in monetary units) into a percentage value relative to the size of the sector. Disruptive events such as terrorist attacks, natural disasters, and large-scale accidents have historically shown cascading effects on both consumption and production. Hence, a dynamic model extension is necessary to demonstrate the interplay between combined demand and supply effects. The result is a foundational framework for modeling cybersecurity scenarios for the oil and gas sector. A hypothetical case study examines a cyber attack that causes a 5-week shortfall in the crude oil supply in the Gulf Coast area.     

Methodology for the Calculation of Annualized Incremental Risks in Systems of Dams

In the past few years, the field of dam safety has approached risk informed methodologies throughout the world and several methodologies and programs are appearing to aid in the systematization of the calculations. The most common way of implementing these calculations is through the use of event trees, computing event probabilities, and incremental consequences. This methodology is flexible enough for several situations, but its generalization to the case of systems of several dams is complex and its implementation in a completely general calculation methodology presents some problems. Retaining the event tree framework, a new methodology is proposed to calculate incremental risks. The main advantage of this proposed methodology is the ease with which it can be applied to systems of several dams: with a single risk model that describes the complete system and with a single calculation the incremental risks of the system can be obtained, being able to allocate the risk of each dam and of each failure mode. The article shows how both methodologies are equivalent and also applies them to a case study.     

Small Theories and Large Risks—Is Risk Analysis Relevant for Epistemology?

Ought we to take seriously large risks predicted by “exotic” or improbable theories? We routinely assess risks on the basis or either common sense, or some developed theoretical framework based on the best available scientific explanations. Recently, there has been a substantial increase of interest in the low‐probability “failure modes” of well‐established theories, which can involve global catastrophic risks. However, here I wish to discuss a partially antithetical situation: alternative, low‐probability (“small”) scientific theories predicting catastrophic outcomes with large probability. I argue that there is an important methodological issue (determining what counts as the best available explanation in cases where the theories involved describe possibilities of extremely destructive global catastrophes), which has been neglected thus far. There is no simple answer to the correct method for dealing with high‐probability high‐stakes risks following from low‐probability theories that still cannot be rejected outright, and much further work is required in this area. I further argue that cases like these are more numerous than usually assumed, for reasons including cognitive biases, sociological issues in science and the media image of science. If that is indeed so, it might lead to a greater weight of these cases in areas such as moral deliberation and policy making.     

Improving Risk-Based Decision Making for Terrorism Applications

How can we best allocate limited defensive resources to reduce terrorism risks? Dillon et al.'s Antiterrorism Risk-Based Decision Aid (ARDA) system provides a useful point of departure for addressing this crucial question by exhibiting a real-world system that calculates risk reduction scores for different portfolios of risk-reducing countermeasures and using them to rank-order different possible risk mitigation alternatives for Navy facilities. This comment points out some potential limitations of any scoring system that does not take into account risk externalities, interdependencies among threats, uncertainties that are correlated across targets, and attacker responses to alternative allocations of defensive resources. In at least some simple situations, allocations based on risk reduction scores and comparisons can inadvertently increase risks by providing intelligent attackers with valuable information, or they can fail to reduce risks as effectively as nonscoring, optimization-based approaches. These limitations of present scoring methods present exciting technical challenges and opportunities for risk analysts to develop improved methods for protecting facilities and infrastructure against terrorist threats.     

Cyber risk assessment in small and medium-sized enterprises: A multilevel decision-making approach for small e-tailors

The role played by information and communication technologies in today's businesses cannot be underestimated. While such technological advancements provide numerous advantages and opportunities, they are known to thread organizations with new challenges such as cyberattacks. This is particularly important for small and medium-sized enterprises (SMEs) that are deemed to be the least mature and highly vulnerable to cybersecurity risks. Thus, this research is set to assess the cyber risks in online retailing SMEs (e-tailing SMEs). Therefore, this article employs a sample of 124 small e-tailers in the United Kingdom and takes advantage of a multi-criteria decision analysis (MCDA) method. Indeed, we identified a total number of 28 identified cyber-oriented risks in five exhaustive themes of “security,” “dependency,” “employee,” “strategic,” and “legal” risks. Subsequently, an integrated approach using step-wise weight assessment ratio analysis (SWARA) and best–worst method (BWM) has been employed to develop a pathway of risk assessment. As such, the current study outlines a novel approach toward cybersecurity risk management for e-tailing SMEs and discusses its effectiveness and contributions to the cyber risk management literature.     

Addressing the Dependency Problem in Access Security System Architecture Design

The objective of this research is to present a method for evaluating the performance of access control security systems, such as airport security operations. This requires the examination of security system architectures, which involve security technology devices and the algorithms that coordinate their operations. Dependence between device responses in multiple-device systems is a critical practical issue in assessing the performance of such architectures, though no results on this problem have appeared in the literature. This paper presents a method for evaluating when multipledevice security systems with overlapping capabilities are cost-effective. This is achieved using a dependency structure for security system devices to quantify how various technologies interact and to measure the impact of device dependence on system error probabilities. A measure of device response dependence for a two-device system is defined and its properties are explored, including bounds on the dependency measure. The effect of dependence on the system Type I and Type II error probabilities is examined for the two-device system. System performance is compared for independent vs. dependent device responses and desirable dependence relationships are identified. Results are also presented for a cascading sequence of devices. An example is presented to illustrate the results for the two-device system. Implications of these results are discussed, such as how they can be used to identify the optimal use of security devices and to determine whether new technologies warrant investment.     

金融全球化、金融安全与金融演进——一个基于新兴古典范式的理论分析

本文运用新兴古典的分析范式 ,对金融全球化、金融安全和金融演进进行了一个深入细致的经济学考察和分析。本文认为 ,金融全球化是一股不可逆转的时代潮流 ,它是由分工演进和经济发展本身的逻辑所决定的 ,也是由金融本身的特点和演进逻辑决定的；对发展中国家而言 ,顺应金融全球化潮流、推进金融对外开放进程与保卫本国金融安全、维护本国金融利益始终是一对相伴相生的矛盾；要在一个全球化日甚的金融宏观背景下维护本国金融安全 ,关键在于实现金融创新的不断展开 ,而金融创新包括技术创新和制度创新两方面内容；文章最后探讨了维护我国直接…     

社会网络、 先前经验与创业风险识别

无法识别创业风险是导致创业失败的主要原因之一,如何有效识别并管理创业风险是新创企业健康成长的关键.社会网络能够弥补创业者在识别风险过程中的信息劣势,但既有研究极少探索社会网络是否以及如何影响创业风险识别.为弥补这个研究空白,文章利用信息处理理论为研究框架,构建了创业风险识别模型.具体而言,结构洞和网络强度有利于创业者获取更多、高质量与风险相关的信息,进而识别更多的创业风险;获取信息的数量在网络强度与创业风险识别关系之间发挥完全中介作用;创业者的先前经验正向影响创业风险识别,并对结构洞与获取信息的数量之间关系起调节作用.文章讨论了研究结果的理论贡献与实践启发.     

Use of Quality-Adjusted Life Year Weights with Dose-Response Models for Public Health Decisions: A Case Study of the Risks and Benefits of Fish Consumption

Risks associated with toxicants in food are often controlled by exposure reduction. When exposure recommendations are developed for foods with both harmful and beneficial qualities, however, they must balance the associated risks and benefits to maximize public health. Although quantitative methods are commonly used to evaluate health risks, such methods have not been generally applied to evaluating the health benefits associated with environmental exposures. A quantitative method for risk-benefit analysis is presented that allows for consideration of diverse health endpoints that differ in their impact (i.e., duration and severity) using dose-response modeling weighted by quality-adjusted life years saved. To demonstrate the usefulness of this method, the risks and benefits of fish consumption are evaluated using a single health risk and health benefit endpoint. Benefits are defined as the decrease in myocardial infarction mortality resulting from fish consumption, and risks are defined as the increase in neurodevelopmental delay (i.e., talking) resulting from prenatal methylmercury exposure. Fish consumption rates are based on information from Washington State. Using the proposed framework, the net health impact of eating fish is estimated in either a whole population or a population consisting of women of childbearing age and their children. It is demonstrated that across a range of fish methylmercury concentrations (0-1 ppm) and intake levels (0-25 g/day), individuals would have to weight the neurodevelopmental effects 6 times more (in the whole population) or 250 times less (among women of child-bearing age and their children) than the myocardial infarction benefits in order to be ambivalent about whether or not to consume fish. These methods can be generalized to evaluate the merits of other public health and risk management programs that involve trade-offs between risks and benefits.     

Using Prior Risk‐Related Knowledge to Support Risk Management Decisions: Lessons Learnt from a Tunneling Project

The authors of this article have developed six probabilistic causal models for critical risks in tunnel works. The details of the models' development and evaluation were reported in two earlier publications of this journal. Accordingly, as a remaining step, this article is focused on the investigation into the use of these models in a real case study project. The use of the models is challenging given the need to provide information on risks that usually are both project and context dependent. The latter is of particular concern in underground construction projects. Tunnel risks are the consequences of interactions between site‐ and project‐ specific factors. Large variations and uncertainties in ground conditions as well as project singularities give rise to particular risk factors with very specific impacts. These circumstances mean that existing risk information, gathered from previous projects, is extremely difficult to use in other projects. This article considers these issues and addresses the extent to which prior risk‐related knowledge, in the form of causal models, as the models developed for the investigation, can be used to provide useful risk information for the case study project. The identification and characterization of the causes and conditions that lead to failures and their interactions as well as their associated probabilistic information is assumed to be risk‐related knowledge in this article. It is shown that, irrespective of existing constraints on using information and knowledge from past experiences, construction risk‐related knowledge can be transferred and used from project to project in the form of comprehensive models based on probabilistic‐causal relationships. The article also shows that the developed models provide guidance as to the use of specific remedial measures by means of the identification of critical risk factors, and therefore they support risk management decisions. Similarly, a number of limitations of the models are discussed.     

Improving Risk Management: From Lame Excuses to Principled Practice

The three classic pillars of risk analysis are risk assessment (how big is the risk and how sure can we be?), risk management (what shall we do about it?), and risk communication (what shall we say about it, to whom, when, and how?). We propose two complements as important parts of these three bases: risk attribution (who or what addressable conditions actually caused an accident or loss?) and learning from experience about risk reduction (what works, and how well?). Failures in complex systems usually evoke blame, often with insufficient attention to root causes of failure, including some aspects of the situation, design decisions, or social norms and culture. Focusing on blame, however, can inhibit effective learning, instead eliciting excuses to deflect attention and perceived culpability. Productive understanding of what went wrong, and how to do better, thus requires moving past recrimination and excuses. This article identifies common blame‐shifting “lame excuses” for poor risk management. These generally contribute little to effective improvements and may leave real risks and preventable causes unaddressed. We propose principles from risk and decision sciences and organizational design to improve results. These start with organizational leadership. More specifically, they include: deliberate testing and learning—especially from near‐misses and accident precursors; careful causal analysis of accidents; risk quantification; candid expression of uncertainties about costs and benefits of risk‐reduction options; optimization of tradeoffs between gathering additional information and immediate action; promotion of safety culture; and mindful allocation of people, responsibilities, and resources to reduce risks. We propose that these principles provide sound foundations for improving successful risk management.     

Is bounded-vision an adequate explanation of strategic decision-making failures

One important area in which Management Science should be involved must surely be in the prevention of corporate failure. In this paper we therefore use a scientific methodology to try to identify the major causes of such failure. Two widely differing systems are examined and a large number of hypotheses considered as explanations of failure. In each case the only hypothesis which we are unable to reject, is that prior to the failure the dominant decision-makers in the system were not prepared to accept facts which were plainly available and which, if acted upon, could have prevented disaster. This allows us to suggest some ways of helping to prevent failure. Nevertheless, we feel that research into the mechanisms generating this phenomenon, which we have called bounded-vision, is required before adequate technologies can be designed.     

The SAM Framework: Modeling the Effects of Management Factors on Human Behavior in Risk Analysis

Complex engineered systems, such as nuclear reactors and chemical plants, have the potential for catastrophic failure with disastrous consequences. In recent years, human and management factors have been recognized as frequent root causes of major failures in such systems. However, classical probabilistic risk analysis (PRA) techniques do not account for the underlying causes of these errors because they focus on the physical system and do not explicitly address the link between components' performance and organizational factors. This paper describes a general approach for addressing the human and management causes of system failure, called the SAM (System-Action-Management) framework. Beginning with a quantitative risk model of the physical system, SAM expands the scope of analysis to incorporate first the decisions and actions of individuals that affect the physical system. SAM then links management factors (incentives, training, policies and procedures, selection criteria, etc.) to those decisions and actions. The focus of this paper is on four quantitative models of action that describe this last relationship. These models address the formation of intentions for action and their execution as a function of the organizational environment. Intention formation is described by three alternative models: a rational model, a bounded rationality model, and a rule-based model. The execution of intentions is then modeled separately. These four models are designed to assess the probabilities of individual actions from the perspective of management, thus reflecting the uncertainties inherent to human behavior. The SAM framework is illustrated for a hypothetical case of hazardous materials transportation. This framework can be used as a tool to increase the safety and reliability of complex technical systems by modifying the organization, rather than, or in addition to, re-designing the physical system.