A knowledge-based decision support system for computer disaster prevention in IT centres

Danish, Tawfig Yousef

January 1994

In analysing the extent to which adequate research work may have been undertaken in the specific area of computer disaster prevention, it was found that little work had been done. In the real-life situation, it was also concluded that, in the vast majority of cases, no adequate disaster prevention controls were in use at IT installations. Guidance for the analysis and management of the risk associated with computer disasters, as a result, has also been inadequate and lacking in uniformity, specially in the areas of risk identification and risk entities interactions and relationships. This research has involved developing and delivering a methodology which would help IT risk managers in implementing effective computer disaster prevention controls. A knowledge based system (KBS) approach has been used to build a prototype system which provides full support in this important area of decision making, and to show how the representation of risks can be handled.

658

Risk management; Security

Risk management for property casualty insurance companies

Mutenga, Stanley

January 2001

This thesis addresses the need to reduce inefficiencies in management of insurance company risk capital. The laxity in managing the cost of capital is a result of dysfunctional property/casualty risk classification and capital accumulation practices in the insurance industry. We reclassify risk based on both peril and financial functional features, in order to capture all the facets of risk affecting a firm and ultimately to achieve optimal capital allocation. With the purpose of reducing inefficiencies in mind, we explore and isolate the impact of regulation on insurance company profitability. We use barrier option pricing models to mimic the impact of solvency requirements on firm-wide risk. This methodology of measuring risk is better than plain vanilla option pricing models, in that, through the option to an early default, we are able to capture the economic significance of financial distress, and allocate firm-wide risk capital. The firm-wide risk is incidentally used to empirically test the impact of risk on the cost of carry, the quality of operational profitability and forward asset commitment per unit of liabilities. Our empirical test confirms a strong relationship between firm-level risk, and the cost of carry, return on policyholders' surplus and the cost of capital per contract underwritten. The results are better than previous results obtained using plain vanilla option-pricing models and reveal the importance of incorporating solvency requirements in defining the economic significance of insolvency. The results also points to the importance of advised risk classification procedures to the whole process of integrated risk measurement and financing, which we explore in this study.

368

HD61 Risk Management

Risk management in energy markets

Kolos, Sergey Pavlovitch

28 August 2008

Not available / text

Energy industries

Risk management

Disruption managment for project scheduling problem

Zhu, Guidong

28 August 2008

Not available / text

Production scheduling

Risk management

The influence of conditioning information, intervalling dependency and autocorrelation in measuring risk

Hong, KiHoon Jimmy

January 2013

No description available.

330

Financial risk management

Cyber security information sharing in the United States : an empirical study including risk management and control implications, 2000-2003

Lavine, Michael Keith

January 2007

A tremendous amount of change in traditional business paradigms has occurred over the past decade through the development of Electronic Commerce and advancements in the field of Information Technology. As lesser-developed countries progress and become more prosperous, traditional 'first world' countries have migrated to become strong service oriented economies (Asch, 2001). Supporting technologies have developed over the past decade which has exploited the benefits of the Internet and other information technologies. While Electronic Commerce continues to grow there is a corresponding impact on computer software and individual privacy (Ghosh and Swaminatha, 2001). Recently, the U.S. National Institute of Standards and Technology (NIST) found that software bugs cost the U.S. economy approximately $59.5 billion, or 60% of the annual Gross Domestic Product (U.S. Department of Commerce, 2003). In addition, we have witnessed a rise in the strength and impact of Denial of Service and other types of computer attacks such as: viruses, trojans, exploit scripts and probes/scans. Popular industry surveys such as the annual Federal Bureau of Investigation/Computer Security Institute (Gordon, Et. Al., 2006) confirm the growing threats in the Information Assurance field. In addition to these concerns our increased reliance on the Internet enabled systems (Loudon and Loudon, 2000), E-Commerce systems and Information Technologies an integrated suite of risks which must be managed effectively across the public and private sectors (Backhouse, Et. Al, 2005, Ghosh and Swamintha, 2001, Parker, 2001, Graf, 1995, Greenberg and Goldman, 1995). Previous research (Rumizen, 1998, Haver, 1998, Roulier, 1998) examined Inter-Organisational, Web Information Systems and Government Information Systems in order to assess how companies and other organisations can effectively design these information systems such that maximum benefits can be achieved for all participating organisations. Furthermore, Davenport, Harris and Delong (2001) and Davenport (1999) explained that collaboration is central to the results of a knowledge management system in which open, nonpolitical, non-competitive entities are involved in environments to achieve optimal individual and collective results. Before this memorable event, some related programmatic initiatives were already in-process at that time. The United States government built upon its active leadership in the areas of computer security and information assurance when it launched a number of important efforts to manage information security threats. This was clearly evident when President Clinton made the U.S. National Infrastructure (NII) a major national priority in the 1990s. One critical development occurred in 1998 when the National Infrastructure Protection Centre was established to be the central point for gathering, analysing and disseminating critical cyber security information and built upon the previous success of the national Computer Emergency Response Team (CERT). Earlier research (Rich, 2001, Soo Hoo, 2000, Howard, 1997 and Landwher, 1994) addressed various aspects of information security information and incident reporting. Also, Vatis (2001) addressed some research considerations in this area while investigating foreign network centric and traditional warfare events primarily through Denial of Service and Web Site Defacement attacks. However, areas for new exploration existed especially as they related to U.S. critical infrastructure protection (Karestand, 2003, Vatis, 2001, U.S. General Accounting Office, 2000, Alexander and Swetham, 1999). Finally, Information and Network Centric Warfare (Arens and Rosenbloom, 2003, Davies, 2000, Denning and Baugh, 2000, and Schwartau, 1997) are increasing national security issues in the War on Terrorism and Homeland Security in general.

658.4780973

HD61 Risk Management

Risk management and decision making in defined benefit pension schemes

Ngwira, Bernard Chiwiya

January 2004

stochastic approach to decision-making in defined benefit pension schemes is presented. Existing decision-making tools in the form of actuarial valuations and asset and liability modelling are discussed. These tools are shown to be inadequate to fully address the objectives of the various stakeholders. Pension fund control using a quadratic criteria with linear factors is studied in the case where the fund is invested in a risk-free asset and a risky asset. Optimal asset allocation strategies are shown to be counter-intuitive. The optimal strategy is shown to involve increasing the allocation in the risky asset as the fund deficit increases and increasing the allocation in the risk-free asset as the fund deficit decreases. It is further shown that increasing the weight on the linear factors leads to an increase in the optimal allocation in the risky asset. A risk management approach to decision-making is presented. This is shown to be a more satisfactory decision-making tool in terms of setting the funding and investment strategies. The objectives of the stakeholders are addressed through downside risk measures and a performance measure for the cost. Methods of solving the problem are discussed: an indifference curve approach and a stochastic multi-objective approach leading to Pareto optimal solutions. It is shown that, in the indifference curve approach, an "efficient region" exists. This efficient region is such that all funding and investment strategies outside this region are inefficient; that is, such strategies can be improved by choosing strategies in the region. On the other hand in the multi-objective approach, pareto optimal investment strategies are located along an "efficient frontier". An extension to the stochastic approach is presented. Optimal funding and asset allocation strategies, over a range of projection horizons, are determined by taking into account the probability of default by the sponsoring employer. It is shown that, over a short-term horizon, bond-only asset allocation strategies are optimal, whilst over a longer horizon equity-backed asset allocation strategies are optimal.

368

HD61 Risk Management

The design of project estimating systems

Mulekezi, Luke

January 1990

No description available.

624

Risk management

Earthquake risk assessment and management : case study, Cyprus

Kythreoti, Stella

January 2002

Earthquakes are amongst the worst natural disasters on Earth, resulting in an annual average of around 10,000 fatalities last century and progressively increasing in the amount of economic damage they cause, reaching US $20 billion per annum this decade. The mitigation of the unwanted consequences of earthquakes is normally achieved by Risk Management Strategies (RMS), which rely on the development of Earthquake Risk Assessment (ERA) techniques. This thesis aims to develop a framework for ERA for medium seismicity regions that incorporates the spatial aspects of the hazard and risk evaluation. The framework is used to undertake ERA for the island of Cyprus, and the information is used to propose RMS. The ERA framework relies on comprehensive data on the location, value and vulnerability of buildings and the population distribution. These data were collected from the various Cyprus Government Departments. Various hazard and attenuation models are examined, and the effect of their variability is taken into account through Monte Carlo simulations. The estimated annual risk for Cyprus is just below £ 10 million CY. This value was estimated based on the use of the re-appraised historical data for the past-century. Comparisons with other seismic hazard assessment methods, such as recurrence relationships, have revealed that, without a spatial distribution model, such approaches are unsuitable for ERA. Though the maximum intensities predicted are in line with the ones that underpin the aseismic code of Cyprus (CCEAA-CFEE, 1994), the predicted design accelerations are higher than given in the code. Hence, new seismic accelerations are proposed. Despite that, the current reduction in risk is comparable to the additional cost of aseismic design. Seismic retrofitting was also examined and it was found that as part of a general modernisation scheme seismic upgrading is cost effective. However, whatever the state of the building, it is recommended that earthquake insurance should be made mandatory. The current seismic insurance rates appear to be fair, though they seem to underestimate the risk in the areas of high seismicity. The number of likely human losses is also estimated. This study concludes that the result of ERA is heavily dependent on the models and data used, and both require constant updating for the ERA results to remain meaningful.

363

Risk management strategies

Construction dispute reduction through an improved contracting process in the Canadian context

Hartman, Francis T.

January 1993

This thesis presents a new approach to construction contracting in North America. This new approach is referred to as the New Canadian Contracting Method (NCCM). It has been developed as a result of research into the existing contracting process used in North America generally and in Canada specifically. The NCCM addresses four main issues that were identified in the research, namely: confrontational construction; dispute resolution problems and costs; the project execution team selection process; completion of contracts. The NCCM addresses these issues without being prescriptive or by attempting to address one party's agenda over another. This is because these two approaches have been common to previous and unsuccessful attempts at addressing these issues. The new contracting method proposes the following four elements. First the designer and contractor are selected on a qualification basis. The designer and the contractor may be brought on to the project team at a time when the contractor can add to constructability by having input into production of the working drawings. Second, a commercial risk evaluation process is introduced as a part of the negotiation or tendering stage. This approach is innovative, and allows both the owner and the contractors to have input to the identification and allocation of risk in the contract. Third the administration of the contract involves a Proactive Mediation Process that is designed to reduce the incidence of conflict and lower or eliminate conflict resolution costs. Fourth the close-out of contracts is formalized with a process for realigning the completion of the contract. This is done by reassigning outstanding obligations to the best advantage of all parties. The draft process was tested for validity. The consensus was that, with some modifications (included in the thesis), the NCCM could be useful to the Canadian construction industry.

658

Risk management