A Model for Cyber Attack Risks in Telemetry Networks

Shourabi, Neda Bazyar

10 1900

ITC/USA 2015 Conference Proceedings / The Fifty-First Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2015 / Bally's Hotel & Convention Center, Las Vegas, NV / This paper develops a method for analyzing, modeling and simulating cyber threats in a networked telemetry environment as part of a risk management model. The paper includes an approach for incorporating a Monte Carlo computer simulation of this modeling with sample results.

Risk Management

Cyber-attack

Monte Carlo simulation

Market-consistent valuation of a pension product with guarantee in line with Solvency II : An applied case study to improve knowledge about how rationality and stressed conditions with respect to market- and insurance risk will impact the balance sheet.

Berg, Isak, Stadig, Richard

January 2016

Traditional pension products have today been replaced by products that are linked directly to the unit value of some kind of investment portfolio. These products contribute to more vulnerable situations for insurance companies in terms of uncertainties of future obligations. This master thesis aims to create a general valuation model in line with Solvency II regulation, which is able to value the best estimate of the insurance liability. The model will use a state model, stochastic scenario generator model and the Makeham function for estimating mortality intensity. An applied case study was conducted to evaluate how stressed market- and insurance conditions would impact the liability. Additional studies was performed to test how different degrees of rational behaviour among policyholders would impact the liability.  The policyholder population was fictitious and consisted of 100 policyholders. The results illuminated that the degree of rationality had a relative significant impact on the insurance company's liability, as opposed of what impact trends in longevity had on the best estimate in a separated stress test. On the other hand, when stress testing market risk and trend in longevity at the same time, the non-linearity risk was relatively high. The results of this thesis indicated the importance of studying risks in a combined case and not only separately, and also that higher degree of rational behaviour among policyholders could lead to an increase in surrender of profit generated policyholders which in turn affected the insurance liability.

Risk management

Insurance

Best estimate

Valuation

Procurement risk management using commodity futures: a multistage stochastic programming approach

Xu, Yihua, 許意華

January 2006

published_or_final_version / abstract / Industrial and Manufacturing Systems Engineering / Doctoral / Doctor of Philosophy

Industrial procurement - Planning.

Risk management - Mathematical models.

Two essays on managerial risk-seeking activities and compensation contracts

Kang, Chang Mo

25 September 2014

This dissertation examines how the structures of compensation for executives and directors are affected by the possibility that managers can influence the risk of a firm's cash flows. In chapter 1, I consider a moral hazard model which shows that a strong pay-for-performance sensitivity in managerial compensation may deteriorate shareholder value when shareholders cannot monitor managerial risk-seeking activities. Intuitively, while high-powered managerial compensation provides the manager with incentives to increase the firm's value by exerting effort, it also creates managerial incentive to engage in (unproductive) risk-seeking activities. To test this prediction, I consider a regulatory change that makes it more difficult for managers to conceal information about the (speculative) use of derivative instruments. Specifically, I examine how the structures of compensation for executives and managers are affected by the adoption of a new accounting standard, the Statement of Financial Accounting Standard No. 133 Accounting for Derivative Instruments and Hedging Activities (FAS 133) which mandates the fair value accounting for derivative holdings. Consistent with the model prediction, I find that relative to other firms, derivative users (firms that traded derivatives before adopting FAS 133) increase the pay-for-performance sensitivity of CEO/CFO compensation. In Chapter 2, I extend the model by incorporating the realistic features that shareholders delegate to the (self-interested) board the tasks of monitoring managers and of setting their compensation contracts. My analysis shows that while high-powered board compensation induces the board to monitor the firm and to properly design managerial compensation, it also provides the board with incentives to misreport managerial risk-seeking activities and to engage in collusive behavior with the manager at the expense of shareholders. From these trade-offs, I develop a number of testable hypotheses and take them to the data. Consistent with the model predictions, I find that firms in which (i) managerial risk-seeking activities are more likely to occur (e.g., high R&D firms or banks) and (ii) board monitoring costs are likely to be lower (e.g., firms that have non-officer blockholders on the board) show weaker pay-for-performance sensitivity of board compensation and stronger pay-for-performance sensitivity of CEO compensation. / text

Compensation

Contract

Risk management

Corporate finance

Applying stochastic programming models in financial risk management

Yang, Xi

January 2010

This research studies two modelling techniques that help seek optimal strategies in financial risk management. Both are based on the stochastic programming methodology. The first technique is concerned with market risk management in portfolio selection problems; the second technique contributes to operational risk management by optimally allocating workforce from a managerial perspective. The first model involves multiperiod decisions (portfolio rebalancing) for an asset and liability management problem and deals with the usual uncertainty of investment returns and future liabilities. Therefore it is well-suited to a stochastic programming approach. A stochastic dominance concept is applied to control the risk of underfunding. A small numerical example and a backtest are provided to demonstrate advantages of this new model which includes stochastic dominance constraints over the basic model. Adding stochastic dominance constraints comes with a price: it complicates the structure of the underlying stochastic program. Indeed, new constraints create a link between variables associated with different scenarios of the same time stage. This destroys the usual tree-structure of the constraint matrix in the stochastic program and prevents the application of standard stochastic programming approaches such as (nested) Benders decomposition and progressive hedging. A structure-exploiting interior point method is applied to this problem. Computational results on medium scale problems with sizes reaching about one million variables demonstrate the efficiency of the specialised solution technique. The second model deals with operational risk from human origin. Unlike market risk that can be handled in a financial manner (e.g. insurances, savings, derivatives), the treatment of operational risks calls for a “managerial approach”. Consequently, we propose a new way of dealing with operational risk, which relies on the well known Aggregate Planning Model. To illustrate this idea, we have adapted this model to the case of a back office of a bank specialising in the trading of derivative products. Our contribution corresponds to several improvements applied to stochastic programming modelling. First, the basic model is transformed into a multistage stochastic program in order to take into account the randomness associated with the volume of transaction demand and with the capacity of work provided by qualified and non-qualified employees over the planning horizon. Second, as advocated by Basel II, we calculate the probability distribution based on a Bayesian Network to circumvent the difficulty of obtaining data which characterises uncertainty in operations. Third, we go a step further by relaxing the traditional assumption in stochastic programming that imposes a strict independence between the decision variables and the random elements. Comparative results show that in general these improved stochastic programming models tend to allocate more human expertise in order to hedge operational risks. The dual solutions of the stochastic programs are exploited to detect periods and nodes that are at risk in terms of expertise availability.

332

探索建構服務導向資訊專案之風險因素 / Exploring risk factors in implementing service-oriented IT projects

呂加佩, Lue, Chia Pei

Unknown Date

For IT project managers, how to implement IT projects successfully is always an important issue due to high failure rate of traditional IT project implementation. When more and more enterprises start to develop systems under the new IT methodology in service oriented IT projects, it is essential to access risks coming with this new IT concept. In this research we aim to identify risk factors related to service oriented IT projects and then analyze the impact and rank of these risk factors. Adapted from the general IT project risk category proposed by Ewusi (1994), we propose 6 risk factors of service-oriented IT projects. The risk framework highlights the properties of business strategy, business Process, and workforce under on-demand business architecture. We use a customer service system to justify our research framework, applying the IBM’s concept of SIMM (service integrated maturity model). A pretest is first conducted with several IT experts who has implemented service oriented IT project experience, followed by a general survey. A binary logistic regression is used to testify the hypotheses. The result shows that essential risk factors that influence the adoption of service oriented system, from the highest to lowest, are insufficient technology planning, lack of expertise, ineffective project governance, and organizational misalignment. The findings help CIOs and project managers realize of the risks and the priority of these risks that have to be noticed and controlled when making decisions on service oriented systems adoption.

Service oriented

IT project risk

Risk management

The Politics of Risk Management and the Culture of Risk Taking

Lamoureux, Patrick

13 September 2012

Risk has become a key concept in social theory and has had a significant impact across academic disciplines including criminology. On the one hand, several criminologists argue that the rise of risk has fundamentally reconfigured the operations of courts, corrections, and policing. Many claim that, over the last few decades, crime control has moved away from the old rehabilitative and retributive approaches of the past and towards more actuarial approaches based on risk management – crime has become a risk to be managed in aggregate terms rather than a moral transgression in need of rectification. On the other hand, while risk-based approaches to governing crime have grown significantly, cultural criminologists and sociologists of sport have noted a heightened emphasis on risk-taking by urban graffiti writers, illegal street racers, extreme sports enthusiasts, and illicit drug users. For these people, the risk-averse logic of actuarial governance – risk as potential harm to be avoided – is inverted such that risk is positively embraced for the excitement it affords. What is particularly characteristic about the present, then, is that a politics of risk management is colliding with a culture of risk-taking. In attempts to make sense of this puzzling paradox, in this thesis I offer a primarily theoretical investigation of the dominant approaches used in the study of risk management (chp. I) and risk taking (chp. II & III) in sociology and criminology. After exploring how the rise of risk has reconfigured crime control over the last quarter century in Chapter one, in Chapter two I develop the argument that orthodox criminology provides two dominant images of criminal risk-taking. While dispositional theories explain criminal risk-taking as the pathological behaviour of individuals with particular body types, low-self control, or of lower-class origin, situational theories conceive of criminal risk-taking as the (ir)rational decisions of necessarily risk-averse actors. Despite differences between dispositional and situational theories, both leave no room for risk-taking that is controlled and intentional. In Chapter three I enlist the work of Jack Katz on the seductions of crime and of Stephen Lyng on the sociology of risk-taking to develop a third, cultural approach to risk-taking that is voluntary and cross-class. I illustrate how, for Katz’s and Lyng’s actors, risk is approached as a challenge rather than seen as a deterrent. Lastly, I add to the historicity of the cultural approach to risk-taking by tracing its roots in a romantic worldview that arose out of 19th century disenchantment with the bureaucratic rationalism and alienation of capitalist modernity. In conclusion, I summarize the main argument of the thesis and outline some potential avenues for future research.

risk society

risk management

risk-taking

edgework

Analysis of NASA's Post-Challenger response and relationship to the Columbia accident and investigation

Moyer, Seth A.

09 1900

The investigatory findings of the Space Shuttle Challenger and Columbia accident investigation boards are analyzed and evaluated relative to one another, with the goal of determining if there are lessons applicable to organizations that manage technically complex programs. An analysis is conducted of the recommendations from the Challenger investigation and NASA's actions taken to correct problems in the organization. The effectiveness of both the recommendations and NASA's response in terms of preventing the Columbia accident are examined. In the intervening years between the Challenger and Columbia several unofficial analyses of the Challenger accident and investigation have been published. The findings of these independent works are presented in order to determine any relationship to the Columbia accident and the subsequent Columbia investigation. The investigation of the Columbia accident and Challenger accident are compared to determine if any of the investigatory findings indicate that there were common factors in the accidents. An evaluation of the NASA organizational structure and culture is conducted. The impact of the culture on implementing the changes recommended after Challenger and relationship to the Columbia accident and investigation is examined. These analyses and examinations result in several conclusions and recommendations applicable to organizations that manage technically complex programs.

Organizational sociology

Culture

Systems engineering

Risk management

Applying ensemble prediction systems to Department of Defense operations

Cunningham, Jeffrey G.

03 1900

Based on recent advances, skilled objectively-determined probabilistic forecasts of some weather phenomena may be provided to operational decision-makers. Objective probabilistic forecasts that are generated from ensemble prediction systems (EPS) are attractive as a forecast methodology for Department of Defense (DoD) applications for three reasons: first, atmospheric scientists understand that the atmosphere has a limit of predictability, which means that traditional deterministic forecasts lack important uncertainty information; second, it has been demonstrated that quantifying uncertainty may improve a weather forecast user's ability to make a better decision based on their own utility function, which translates to better operational risk management (ORM) for the DoD; and finally, progress points towards a future with machine-to-machine warfare. These assertions are examined by applying probabilistic forecasts from an ensemble-based aircraft-scale turbulence forecast system to several cases and scenarios. Results clearly demonstrate the advantage of using ensemble-based probabilistic forecasts versus deterministic forecasts. Additionally, application of ensemble-based probabilistic forecast information to DoD operations is shown to be possible through its ORM programs. Specifically, air refueling scenarios are identified that demonstrate the integration of probabilistic turbulence forecast guidance into the U.S. Air Force ORM process.

Meteorology

Turbulence

Forecasting

Weather

Risk management

How does bias/scope influence the operational outcome of pressurised incident command decisions and can it be countered?

Sallis, Geoffrey

January 2015

Effective fireground decision-making requires good situation awareness (SA) and appropriate selection from the information available to the incident commander. Individuals can display different information bias/scope in their view of the operational incident: either a liberal bias/scope towards accepting information as true with a risk of false alarm errors and/or a conservative bias/scope towards rejecting information with a risk of misses. Such decision - making bias/scope was examined over a series of five separate studies including operational fire fighters and incident commanders. The studies included a breathing apparatus (BA) exercise, two different table top operational incidents (domestic and commercial) and two exercises for flexible duty managers (FDM) in an assessable simulated fireground incident in 2012 and again in 2013. The studies were based on realistic incidents that both fire fighters and FDMs would be expected to respond to, in the final two studies each individual had to take over command and move towards a successful conclusion from an operational, environmental and social perspective. In all the studies, participants were required to answer true or false to a series of probe statements about the incident, which were analysed by a signal detection tool (QASA) to give a measure of actual situational awareness (ASA), perceived situational awareness (PSA) and bias/scope. The first exercise was a BA exercise undertaken to identify if bias was shown by FF’s when undertaking training, the data analysed by the QASA identified that most individuals displayed a high level of ASA about the incident, but also showed either a conservative bias/scope (with miss errors) or a liberal bias /scope (with false alarm errors). The results however also show that two individuals can appear to have similar ASA, but in fact still have very different bias/scope in regard to that knowledge. Once it was established that bias was identified this was developed using table top exercises as it allowed more participants and more control over undertaking the research within normal programmed training periods. The analysis of the two table top exercises showed ASA was high in both, but fire fighters perceived their PSA in a similar way if they had high confidence in one exercise they also had high confidence in the other exercise, or vice versa. However there was no significant correlation between the ASA scores and the PSA scores, with the pattern of bias/scope tendencies being differed across the two studies; with no significant correlation. In reviewing these results the identified difference in undertaking the 2 exercises was that in the second FF’s were familiar with the process and this allow a more relaxed approach, reducing pressure on the individual. While individuals showed bias patterns within the exercises undertaken, more pressurized exercises were identified to see if this bias was consistent for the individual when under pressure. Using the assessable incident commander exercises run by the FRS to test incident commander competence at a FDM level to undertake this. The exercises were used in 2012 and 2013 using the same individuals to compare their results, the outcome of these two simulated assessable fireground incident studies were; • for ASA: there was no significant correlation: r = -.120 and p= .623; • for PSA: there was a significant positive correlation: r =.577 and p = .012; • for bias/scope there was found a strongly positive significant correlation across the scores: r = .592 which is significant at the .008 level. The conclusion of the research is that individuals hold bias/scope tendencies and under pressure these tendencies are shown to be resting and will impact (condition) the individual’s decisions during periods of operational command during stressful conditions. The finding of bias/scope patterns is an important one that may have implications for understanding errors in incident ground decision - making. The finding of resting bias/scope patterns in FDM is an even more important one, which will have implications for understanding errors in incident ground decision - making and how we can help to reduce them. In semi structure interviews with FDMs who had undertaken the assessable exercises, they believed that knowing their bias was a first step to altering it to allow them to improve their decision making at pressurized incidents. Which supported the ultimate goal of the current research to further the understanding of bias/scope tendency, in order to support the training of effective fireground decision - making.