Model free optimisation in risk management

Shahverdyan, Sergey

January 2015

Following the financial crisis of 2008, the need for more robust techniques to quantify the capital charge for risk management has become a pressing problem. Under Basel II/III, banks are allowed to calculate the capital charge using internally developed models subject to regulatory approval. An interesting problem for the regulator is to compare the resulting figures against the required capital under worst case scenarios. The existing literature on the latter problem, which is based on the marginal problem, assumes that no a-priori information is known about the dependencies of contributing risks. These problems are linear optimisation problems over a constrained set of probability measures, discretisation of which leads to large scale LPs. But this approach is very conservative and cannot be implemented robustly in practice, due to the scarcity of historical data. In our approach, we take a less conservative strategy by incorporating dependence information contained in the data in a form that still leads to LPs, an important feature of such problems due to their high dimensionality. Conceptually, our model is the discretisation of an infinite dimensional linear optimisation problem over a set of probability measures. For some specific cases we can prove strong duality, opening up the approach of discretising the dual instead of the primal. This approach is preferable, as it yields better numerical results. In this work we also apply our model to model-free path-dependent option pricing. Use of delayed column generation techniques allows us to solve problems several orders of magnitude larger than via the standard simplex algorithm. For high-dimensional LPs we also implement Nesterov's smoothing technique to solve the problems.

Modelo de gestión de riesgos de seguridad de la información para pymes en el Perú / Information security risk management model for Peruvian SMEs

García Porras, Johari Chris, Huamani Pastor, Sarita Cecilia

18 June 2019

Actualmente, toda empresa debería tener el conocimiento de qué tan importante es y cómo debe tratarse la información para su negocio, ya que es uno de sus activos más importante. Lamentablemente, no todas tienen claro su valor, exponiéndose a grandes pérdidas. Según un estudio de EY, el 41% de empresas consideran que poseen probidades mínimas para detectar un ataque sofisticado. El motivo principal son las restricciones presupuestarias y la falta de recursos especializados. Para proteger la información, las empresas deben determinar su exposición al riesgo, lo recomendable es emplear metodologías, marcos de referencia o estándares de análisis de riesgo de seguridad de la información. Este proyecto consiste en implementar un modelo de gestión de riesgos de seguridad de la información para Pymes, integrando la metodología OCTAVE-S y la norma ISO/IEC 27005. Se abarca el análisis de las metodologías y normas de gestión de riesgos, el diseño del modelo de gestión de riesgos de seguridad de la información, la validación del modelo en una Pyme en el proceso de ventas. La integración proporciona una identificación oportuna y eficaz de los riesgos del enfoque cualitativo y permite aprovechar los valores identificados para los activos del enfoque cuantitativo. Asimismo, permite identificar los principales riesgos valorizándolos, para luego proceder a un tratamiento de acuerdo a las necesidades de la empresa. Se espera que este modelo ayude en la gestión de riesgos de seguridad de la información dentro de las Pymes, para poder reducir el impacto de riesgos a los que pueden estar expuestas. / Nowadays, every company should be aware of the importance and the way business information should be treated since it is one of their most important assets. Unfortunately, not all are sure about their actual value, and so, they may be exposed to large losses. According to EY, 41% of companies consider that they have minimum probabilities to detect a sophisticated attack. The main reason that hinders the effectiveness of information security is due to budgetary restrictions and the lack of specialized resources. To protect the information, companies must determine their risk exposure, for which it’s advisable to use methodologies, reference frameworks or standards for information security risk analysis. This project consists on implementing an information security risk management model for SMEs, integrating the OCTAVE-S methodology and the ISO/IEC 27005 standard. This covers the analysis of methodologies and risk management standards, the design of the information security risk management model, the validation of the model in a SME in the sales process. This integration provides a timely and effective identification of the risks of the qualitative approach and makes it possible to take advantage of the values identified for the assets of the quantitative approach. Furthermore, this allows identifying the main information security risks by rating and treating them according to the needs of the company. It’s expected that this model will help in the management of information security risks within SMEs, in order to reduce the impact of risks to which they may be exposed. / Tesis

Modelo de Gestión de riesgos

Seguridad de la Información

OCTAVE

ISO/IEC 27005

Risk Management model

Information Security

Study on Architecture-Oriented Project Risk Management Model

Hung, Mao-feng

23 June 2009

This research studies the six strategies of Project Risk Management defined by a Guide to Project Management Body of Knowledge (PMBOK) issued by U.S. Project Management Institute (PMI), the model of risk management invented by Boehm in 1991, and an enterprise architecture tool. As a result, this research comes out Architecture-Oriented Project Risk Management Model, abbreviated as AOPRMM, which emphasizes structure behavior coalescence within an organization. AOPRMM thoroughly describe the organization¡¦s integrity and the services provided by various structure elements. Moreover, AOPRMM is able to demonstrate the relationship of interaction among structure elements. Currently, most risk management models are categorized into the process-oriented approach. This research utilizes architecture-oriented as a new approach for modeling the project risk management. The model used in our approach is compared with those such as standard model of ISO 31000, standard model of New Zealand, and standard model of Taiwanese government. The result of this research shows that AOPRMM could help project managers master the whole project in a short period of time, implement the project easily, and lower the cost. By applying AOPRMM, the industries could regulate standard operations, and clarify the responsibility and authority in order to implement the project risk management successfully. This research achieves a beneficial model and knowledge for the project risk management. This accomplishment may be valuable for the business and academic circles to follow and refer.

Structure Behavior Coalescence

Enterprise Architecture

Project Risk Management

綠色品質風險管控模型之研究 / Green Quality Risk Management Model

王昭珷, Wang,Chao Pin

Unknown Date

本研究旨在利用風險管控的方式，來協助電子製造業建立一套可有效的維持產品的綠色品質並降低產品的綠色風險的綠色品質風險管控模型，使得企業不致因產品在出貨後，被檢測出違反RoHS指令而使企業被罰以巨額款項並損失商譽。 回顧1997年12月聯合國氣候變化框架公約(UNFCCC)參加國第三次會議在日本京都舉行，並簽定了[京都議定書]之後，各國陸續制定出其各自的環保法令，其中又以歐盟於2003年2月通過並於2006年7月1日起實施限制鉛，鎘，汞，六價鉻，多溴聯苯，多溴聯苯醚等六項有害物質的RoHS指令的影響範圍最大且最為直接的影響到我國的產業，從而引發起了本研究的動機。 本研究透過與訪談個案的合作，實際從分析個案的產品研發生產的作業中，由影響RoHS的角度從作業一直剖析到管控內容，進而找到會影響RoHS品質不良的16個風險因子，並透過建立的監控系統來進行風險因子的資料採樣，最後經由羅吉斯迴歸模型，建立出一套風險計算模型，以連接RoHS風險因子的監控系統而成為一套綠色品質風險管控模型。 / The objective of this research is to help electronic manufacturers to establish a Green Quality Risk Management Model, which can effectively keep green quality and decrease green quality risk of products. Consequently, companies can prevent huge amount of fine and goodwill impairment caused by RoHS violation of their shipments. After the participants of UNFCCC held the third meeting in Kyoto, Japan and ratified the Kyoto Protocol in December 1997, every country created its environmental regulations in secession. Among those regulations, the RoHS directive, which prohibits the usage of Lead, Mercury, Cadmium, Hexavalent chromium (Cr6+), Polybrominated biphenyls (PBB)and Polybrominated diphenyl ether (PBDE), adopted in February 2003 and activated in January 2006 by the European Union resulted in most pervasive and direct impact on Taiwanese industry, consequently creating the incentive for this research. By the cooperation of case interview, this research analyze the research and development operations of interviewees with the perspectives from primary operations to floor control in order to identify sixteen risk factors of RoHS quality, and sample the data of risk factors with established control system. Finally, a green quality risk management model was created by the establishment of a risk computation model in connection with RoHS risk factor control system was established using Logistic Regression model.

RoHS

綠色風險因子

羅吉斯迴歸

AHP

風險計算模型

風險管控模型

綠色風險

品質

RoHS

green risk factor

logistic regression

AHP

risk computation model

risk management model

eco

risk

A security risk management approach to the prevention of theft of platinum group metals: case study of Impala Platinum Mines and Refinery

Mokhuane, Seadimo Joseph

02 1900

Text in English / The purpose of this study was to establish the vulnerabilities of the security control measures that are being used at Impala Platinum mines and refinery to prevent the theft of Platinum Group Metals (PGMs). It is important to ensure that the security control measures in place are effective and efficient in preventing the occurrence of such theft. The research examined the security risk management approach to the prevention of theft of PGMs and the causes of theft of PGMs by organised crime syndicates operating in South Africa and abroad. The study found that Impala Platinum employees, in collusion with contractors and members of mine security services, are involved in the theft of PGMs. To achieve the goals and objective of the research study, effective security control measures were identified that will help Impala Platinum mines and refinery to overcome the risks and challenges related to the theft of PGMs. / Security Risk Management / M. Tech. (Security Management)

Platinum group metals

Theft

Security Risk Management Model

Security risk management approach

Prevention

Security risk control measures

Analysis

Incident reports

Organised crime syndicates

Protection

Behaviour

Organised crime threats

Modus operandi

Investigation

Recovery process

364.1628669240968

Impala Platinum

Organized crime -- South Africa

Dynamic Risk Management in Information Security : A socio-technical approach to mitigate cyber threats in the financial sector / Dynamisk riskhantering inom informationssäkerhet : Ett sociotekniskt tillvägagångssätt för att hantera cyberhot i den finansiella sektorn

Lundberg, Johan

January 2020

In the last decade, a new wave of socio-technical cyber threats has emerged that is targeting both the technical and social vulnerabilities of organizations and requires fast and efficient threat mitigations. Yet, it is still common that financial organizations rely on yearly reviewed risk management methodologies that are slow and static to mitigate the ever-changing cyber threats. The purpose of this research is to explore the field of Dynamic Risk Management in Information Security from a socio-technical perspective in order to mitigate both types of threats faster and dynamically to better suit the connected world we live in today. In this study, the Design Science Research methodology was utilized to create a Dynamic Information Security Risk Management model based on functionality requirements collected through interviews with professionals in the financial sector and structured literature studies. Finally, the constructed dynamic model was then evaluated in terms of its functionality and usability. The results of the evaluation showed that the finalized dynamic risk management model has great potential to mitigate both social and technical cyber threats in a dynamic fashion. / Under senaste decenniet har en ny våg av sociotekniska cyberhot uppkommit som är riktade både mot de sociala och tekniska sårbarheterna hos organisationer. Dessa hot kräver snabba och effektiva hotreduceringar, dock är det fortfarande vanligt att finansiella organisationer förlitar sig på årligen granskade riskhanteringsmetoder som både är långsamma och statiska för att mildra de ständigt föränderliga cyberhoten. Syftet med denna forskning är att undersöka området för dynamisk riskhantering inom informationssäkerhet ur ett sociotekniskt perspektiv, med målsättningen att snabbare och dynamiskt kunna mildra bägge typerna av hot för att bättre passa dagens uppkopplade värld.  I studien användes Design Science Research för att skapa en dynamisk riskhanteringsmodell med syfte att hantera sociotekniska cyberhot mot informationssäkerheten. Riskhanteringsmodellen är baserad på funktionskrav insamlade genom intervjuer med yrkesverksamma inom finanssektorn, samt strukturerade litteraturstudier.  Avslutningsvis utvärderades den konstruerade dynamiska modellen avseende dess funktionalitet och användbarhet. Resultaten av utvärderingen påvisade att den slutgiltiga dynamiska riskhanteringsmodellen har en stor potential att mitigera både sociala och tekniska cyberhot på ett dynamiskt sätt.

DISRMM

Dynamic Risk Management

Adaptive Risk Management

Socio-Technical

Sociotechnical

Social Triggers

Technical Triggers

Information Security

Usability

SEO

Search Engine Optimization

SEAREvasion

SEAR Evasion Approach

Dynamic

Risk Management

Socio-technical Threats

Risk Management Finance

Technical Risk Management Finance

Social Risk Management Finance

Socio-technical Model

Design Science Research.

Dynamisk Riskhantering

Informationssäkerhet

Finans

Finansiell Organisation

Dynamisk Informationssäkerhet

Sociotekniska Cyberhot

Riskhantering.

Information Systems