An Exploration of Wireless Networking and the Management of Associated Security Risk

Collins, Helen Loretta

01 January 2015

The rapid expansion of wireless information technology (IT) coupled with a dramatic increase in security breaches forces organizations to develop comprehensive strategies for managing security risks. The problem addressed was the identification of security risk management practices and human errors of IT administrators, putting the organization at risk for external security intrusion. The purpose of this non-experimental quantitative study was to investigate and determine the security risk assessment practices used by IT administrators to protect the confidentiality and integrity of the organization's information. The research questions focused on whether the security risk management practices of IT administrators met or exceeded the minimally accepted practices and standards for wireless networking. The security risk assessment and management model established the theoretical framework. The sample was 114 participants from small to medium IT organizations comprised of security engineers, managers, and end users. Data collection was via an online survey. Data analysis included both descriptive and inferential statistical methods. The results revealed that greater than 80% of participants conducted appropriate risk management and review assessments. This study underscored the need for a more comprehensive approach to managing IT security risks. IT managers can use the outcome of this study as a benchmark for evaluating their current risk assessment procedures. Experiencing security breaches in organizations may be inevitable. However, when organizations and industry leaders can greatly reduce the cost of a data breach by developing effective risk management plans that lead to better security outcomes, positive social change can be realized.

breaches to AIS security

IEEE 802.11

security network

vulnerability and risk analysis

wireless networking

wireless threats

Databases and Information Systems

Other Communication

[en] PORTFOLIO VALUATION OF ELECTRICITY CONTRACTS: AN OPTIONS THEORY APPROACH / [pt] AVALIAÇÃO DE PORTFOLIOS DE CONTRATOS DE COMPRA E VENDA DE ENERGIA ELÉTRICA: UMA ABORDAGEM PELA TEORIA DE OPÇÕES

RODRIGO CORREA TORRES

13 July 2006

[pt] O Ambiente de Contratação Livre proporcionou uma continuidade do processo de livre concorrência de mercado iniciado com a reestruturação do setor elétrico em 1997. A mudança de um regime baseado em contratos de suprimento renováveis para uma estrutura baseada em preços dados por um mercado competitivo, expõe as empresas do setor elétrico brasileiro à volatilidade do mercado de eletricidade. Neste novo ambiente, as empresas devem gerenciar os riscos associados às suas operações. Devido às características singulares do setor elétrico brasileiro, o gerenciamento de risco é um grande desafio para os próximos anos. Por outro lado, com a liberdade de negociação permitida pelo segmento de comercialização de energia no Ambiente de Contratação Livre, os contratos de compra e venda de energia elétrica passaram a adaptar-se as necessidades de mercado com a incorporação de flexibilidades que viessem a mitigar os riscos com relação à demanda por energia elétrica e principalmente com relação ao preço. Dentro desse contexto, foi desenvolvido um modelo de avaliação de portfolio de contratos de compra e venda de energia elétrica, incorporando as flexibilidades inerentes a atividade de comercialização, de forma a quantificar os riscos associados a esta atividade e determinar o valor adicionado ao portfolio pelas flexibilidades. O caso estudado é fictício, mas é um exemplo típico na área de comercialização de energia elétrica dentro deste novo modelo. / [en] The Free Contracts Environment enabled continuity of the free market competition process which started with the electric sector restructure in 1997. The shift from a regime based on renewable supply contracts to a structure based on prices established by competition exposes companies in the Brazilian electric sector to the volatility of the electricity market. In this new environment companies must manage the risks associated to the operations. The Brazilian electric sector singular features make risk management a great challenge for ensuing years. On the other hand, with free negotiation enabled by the energy trade segment within the free contracts environment, electric energy purchase and sale contracts started to adapt to the market needs incorporating flexibilities designed to face uncertainty regarding electric energy demand in general and prices in particular. Within this context, an electric energy purchase and sale portfolio valuation model was developed, incorporating the flexibilities inherent to commercialization activities, in order to quantify the risks associated with this activity and establish the value added to the portfolio by the flexibilities. The case studied is fictitious, but typical in the field of electric energy trading within this new model.

[pt] ANALISE DE RISCO

[en] RISK ANALYSIS

[pt] SIMULACAO MONTE CARLO

[en] MONTE CARLO SIMULATION

[pt] AVALIACAO DE PORTFOLIOS

[en] PORTFOLIO VALUATION

[pt] AVALIACAO DE OPCOES

[en] OPTIONS VALUATION

Approche probabiliste dans la détermination des courbes de vulnérabilité des structures en génie civil / Probabilistic approach in determining the vulnerability curves of civil engineering structures

Mekki, Mohammed

07 April 2015

Dans le contexte du calcul sismique basé sur la notion de performance, lesingénieurs se trouvent confrontés à une tâche difficile pour estimer la performance etévaluer les risques des systèmes sol-structure en interaction. Afin d’accomplir cette tâcheavec succès, toutes les sources d'incertitudes aléatoires et épistémiques doivent être prisesen compte au cours du processus de conception. Ainsi, des méthodes appropriées sontnécessaires pour l'étude de la propagation de l'incertitude des paramètres du systèmedécrivant la structure, le sol, et les charges appliquées aux réponses structurelles endéfinissant des états limites de performance. L’objectif de cette thèse est de contribuer àl’étude du comportement sismique des structures en interaction avec le sol et d’offrir denouveaux outils pour le traitement de problèmes pertinents, orientés vers la nouvellephilosophie de conception parasismique des structures : la conception basée sur laperformance (performance-based design). Cet axe de recherche structure ce travail dedoctorat. La problématique s’inscrit dans le cadre de proposition de modèles simplifiés afind’aborder un problème compliqué tel que l’interaction sol-structure (ISS). Lecomportement non linéaire de la structure est déterminé par une approche capacitive baséesur la performance sismique telle que la méthode N2 proposée par P. Fajfar. Dans saversion originale, cette méthode considère que la structure est encastrée à sa base,négligeant ainsi l’ISS. Il s'agit d'une extension de la méthode N2 et que nous appelleronsN2-ISS. A notre connaissance, il n'existe pas d'études qui ont intégré l'ISS dans ce type deformalisme. Pour examiner la validité et la fiabilité du modèle présenté, une analysecomparative a été faite entre l'approche que nous proposons et trois autres méthodes: 1) laméthode introduite dans le code BSSC 1997, 2) la méthode proposée par Avilès & Perez–Rocha (2003) ainsi que 3) la méthode dynamique temporelle non linéaire. Les résultatsobtenus ont montré que la réponse en déplacement de la structure était assez proche dansles quatre méthodes.Les courbes de fragilité sont établies en tenant compte des effets de l’ISS et desincertitudes associées au chargement (mouvement du sol), aux propriétés de la structure,du sol, et de la fondation (impédances, ...). L’incertitude épistémique est égalementconsidérée de manière indirecte suite à la comparaison entre deux procédures d'évaluationdes états d’endommagements (Méthode de Park & Ang et Méthode de RISK-UE). L'étudea abouti aussi à une caractérisation préliminaire du risque sismique dans une partie de laville d'Oran dont les caractéristiques géologiques et géotechniques étaient disponibles.Cette étude a permis la cartographie du dommage et d'étudier la la vulnérabilité sismiquedes bâtiments. / In the context of performance-based earthquake engineering (PBEE), a challengingtask for structural engineers is to provide performance and risk assessment for structures orsoil-structure interaction (SSI) systems. In order to fulfill this task successfully, all relevantsources of aleatory and epistemic uncertainties must be accounted for during the designprocess. Thus, proper methods are required for the study of uncertainty propagation frommodel parameters describing the structure, the soil, and the applied loads to structuralresponses by defining some performance limit states. The objective of this thesis is tocontribute to the study of the seismic behavior of structures interacting with soil andprovide new tools for the treatment of relevant issues facing the new philosophy of seismicdesign of structures: performance-based design. The objective of this thesis is to contributeto the study of the seismic behavior of structures interacting with soil and provide newtools for the treatment of relevant issues facing the new philosophy of seismic design ofstructures: (performance-based design). This research structure this doctoral work. Theissue is part of proposed simplified models to address a complicated problem such as soilstructureinteraction (SSI). The nonlinear behavior of the structure is determined by acapacitive approach based on the seismic performance as N2 method proposed by P.Fajfar. In its original version, this method considers that the structure is fixed at its base,thus neglecting the ISS. The new proposed method called N2-SSI is an extension of the N2method. To our knowledge, there are no studies that have joined the SSI ISS in this type offormalism. The proposed approach is validated and compared with time history analysis,Building Seismic Safety Council (BSSC) method (NEHRP, 2003), and a method proposedby Aviles and Perez-Rocha (2003). The results obtained showed that the responsedisplacement of the structure was fairly close in the four methods.The fragility curves are established taking into account the effects of the ISS anddifferent uncertainty sources: the load (input ground motion), the soil, the structure and theSSI (impedances, ...). Epistemic uncertainty was investigated through comparison betweentwo different approaches in assessing damage states (Park and Ang and Risk-UE). Thestudy also resulted in a preliminary characterization of the seismic risk in a part of the Orancity, where geological and geotechnical characteristics were available. This study allowedthe mapping of the damage and the study of the seismic vulnerability of buildings.

Performance

Interaction sol-structure

Incertitudes

Variabilité

Fragilité,

Risque sismique

Dommage

Performance

Soil-structure interaction

Uncertainties

Variability

Fragility

Damage

Seismic risk analysis

Decision Support System for the Evaluation and Comparison of Concession Project Investments

McCowan, Alison Kate, n/a

January 2004

Governments of developed and developing countries alike are unable to fund the construction and maintenance of vital physical infrastructure such as roads, railways, water and wastewater treatment plants, and power plants. Thus, they are more and more turning to the private sector as a source of finance through procurement methods such as concession contracts. The most common form of concession contract is the Build-Operate-Transfer (BOT) contract, where a government (Principal) grants a private sector company (Promoter) a concession to build, finance, operate and maintain a facility and collect revenue over the concession period before finally transferring the facility, at no cost to the Principal, as a fully operational facility. Theoretically speaking, these projects present a win-win-win solution for the community as well as both private and public sector participants. However, with the opportunity for private sector companies to earn higher returns comes greater risk. This is despite the fact that concession projects theoretically present a win-win-win solution to the problem of infrastructure provision. Unfortunately, this has not been the case in a number of countries including Australia. Private sector participants have admitted that there are problems that must be addressed to improve the process. Indeed they have attributed the underperformance of concession projects to the inability of both project Principals and Promoters to predict the impact of all financial and non-financial (risk) factors associated with concession project investments (CPIs) and to negotiate contracts to allow for these factors. Non-financial project aspects, such as social, environmental, political, legal and market share factors, are deemed to be important; but these aspects would usually be considered to lie outside the normal appraisal process. To allow for the effects of such qualitative aspects, the majority of Principal or promoting organisations resort to estimating the necessary money contingencies without an appropriate quantification of the combined effects of financial and non-financial (risks and opportunities) factors. In extreme cases, neglect of non-financial aspects can cause the failure of a project despite very favourable financial components; or can even cause the failure to go-ahead with a project that may have been of great non-financial benefit due to its projected ordinary returns. Hence, non-financial aspects need careful analysis and understanding so that they can be assessed and properly managed. It is imperative that feasibility studies allow the promoting organisation to include a combination of financial factors and non-financial factors related to the economic environment, project complexity, innovation, market share, competition, and the national significance of the project investment. While much research has already focused on the classification of CPI non-financial (risk) factors, and the identification of interdependencies between risk factors on international projects, no attempt has yet been made to quantify these risk interdependencies. Building upon the literature, this thesis proposes a generic CPI risk factor framework (RFF) including important interdependencies, which were verified and quantified using input provided by practitioners and researchers conversant with risk profiles of international and/or concession construction projects. Decision Support Systems (DSSs) are systems designed to assist in the decision making process by providing all necessary information to the analyst. There are a number of DSSs that have been developed over recent years for the evaluation of high-risk construction project investments, such as CPIs, which incorporate the analysis of both financial and non-financial (risk) aspects of the investment. However, although these DSSs have been useful to practitioners and researchers alike, they have not offered a satisfactory solution to the modelling problem and are all limited in their practical application for various reasons. Thus, the construction industry lacks a DSS that is capable of evaluating and comparing several CPI options, taking into consideration both financial and non-financial aspects of an investment, as well as including the uncertainties commonly encountered at the feasibility stage of a project, in an efficient and effective manner. These two criteria, efficiency and effectiveness, are integral to the usefulness and overall acceptance of the developed DSS in industry. This thesis develops an effective and efficient DSS to evaluate and compare CPI opportunities at the feasibility stage. The novel DSS design is based upon a combination of: (1) the mathematical modelling technique and financial analysis model that captures the true degree of certainty surrounding the project; and (2) the decision making technique and RFF that most closely reproduces the complexity of CPI decisions. Overall, this thesis outlines the methodology followed in the development of the DSS – produced as a stand-alone software product – and demonstrates its capabilities through a verification and validation process using real-life CPI case studies.

decision support systems

infrastructure

projects

project management

public utilities

private sector finance

financing

concession contracts

CPI risk factor framework

risk analysis

Riskhantering i IT-projekt : En kvalitativ studie om arbetsmetoder

Choudhury, Siam, Almqvist, David

January 2008

<p>Many organizations today work in projects, a method of organizing work to provide a clearer focus on goals and more control of every aspect of the assignment. A project is, simply put, a plan to achieve a specific result. In turn, project management means to use various tools and methods to facilitate and streamline the effort towards achieving the goal with the project.</p><p>Risk management is the activity that refers to finding, identifying and quantify different types of risks and take appropriate action towards reducing or eliminating these risks to the extent possible. With increased use of projects as a method of working the demands for managing risks better become stronger. The question that this thesis tried to answer was: “What kind of risks does the IT industry think are linked to their projects and in what way does these companies manage these risks?”</p><p>Among the project leaders interviewed, the authors could see a great variation in lines of thought and values regarding the importance of risk management and how risk management should be handled. Some interesting observations were made and certain important areas have been brought into the spotlight.</p><p>The authors saw that risk management among the IT companies was handled very differently from each other. The variation can be due to the sizes in projects or due to the size of the companies. What the authors have observed shows that most of the companies have a common attitude towards the importance of risk management and are usually very structured in their work with risk management. The authors believes this to be a sign that risk management in IT projects is being taken more seriously now than before and believe that this trend will continue towards more well planned and well structured risk management in the IT industry.</p> / <p>Idag arbetar många organisationer i projektform, en arbetsmetod som medför tydligare inriktning mot resultat och större kontroll över alla delar av arbetet. Ett projekt är enklast beskrivet som en plan för att uppnå ett specifikt resultat. Projektledning innebär i sin tur att man använder sig utav olika metoder och verktyg för att underlätta och effektivisera arbete mot målet inom projekt.</p><p>Riskhantering är den verksamhet som syftar till att lokalisera, identifiera och kvantifiera risker av olika slag samt vidta lämpliga åtgärder för att i möjligaste mån reducera eller eliminera dessa risker. Med den ökande användningen av projekt som arbetsmetod ökar också kravet att hantera risker mot projekt bättre. Frågan som denna uppsats sökte svar på var: "Vad anser företag inom IT-branschen att det finns för risker kopplade till deras projekt och på vilket sätt hanterar företagen dessa risker?"</p><p>Semistrukturerade intervjuer genomfördes med representanter från fyra företag inom IT-branschen. De fyra företagen verkar inom olika områden och med detta ville författarna få en mer nyanserad bild av hur riskhantering sköts inom branschen. Löpande kontakt hölls med en representant från Öhrlings Pricewaterhouse Coopers (PwC) avdelning för riskhanteringstjänster (RMS). Denna kontakt fungerade som informationskälla. Urvalsmetoden för denna studie var ett omdömesurval. Författarna har efter egna kriterier valt ut och kontaktat projektledare på IT-företag. Kriterierna var att samtliga respondenter skulle ha ansvar för IT-projekt.</p><p>Författarna kunde se att det bland projektledarna varierade mycket i tankesätt och värderingar kring vikten av riskhantering och på vilket sätt riskhantering ska skötas. Vissa intressanta iakttagelser har gjorts och det finns viktiga områden som har kommit fram i ljuset genom denna uppsats.</p><p>Författarna kom fram till att riskhanteringen hos IT-företag sker på väldigt olika sätt på de företag som undersöktes. Variationen beror troligen både på storleken på projekten och på företagens storlek. Det författarna har sett visar dock på att företagen för det mesta är ganska strukturerade i sitt arbete kring riskhanteringen. Detta tror författarna tyder på att riskhantering i IT-projekt tas på större allvar nu än tidigare och de tror på en fortsatt trend med välstrukturerad och planerad riskhantering inom IT-branschen.</p>

Project

project management

risk management

risk analysis

risks

IT projects

Projekt

projektstyrning

projektledning

riskhantering

risk management

riskanalys

risker

IT-projekt.

Business studies

Företagsekonomi

Conditional limit theorems for multitype branching processes and illustration in epidemiological risk analysis

Pénisson, Sophie

January 2010

This thesis is concerned with the issue of extinction of populations composed of different types of individuals, and their behavior before extinction and in case of a very late extinction. We approach this question firstly from a strictly probabilistic viewpoint, and secondly from the standpoint of risk analysis related to the extinction of a particular model of population dynamics. In this context we propose several statistical tools. The population size is modeled by a branching process, which is either a continuous-time multitype Bienaymé-Galton-Watson process (BGWc), or its continuous-state counterpart, the multitype Feller diffusion process. We are interested in different kinds of conditioning on non-extinction, and in the associated equilibrium states. These ways of conditioning have been widely studied in the monotype case. However the literature on multitype processes is much less extensive, and there is no systematic work establishing connections between the results for BGWc processes and those for Feller diffusion processes. In the first part of this thesis, we investigate the behavior of the population before its extinction by conditioning the associated branching process X_t on non-extinction (X_t≠0), or more generally on non-extinction in a near future 0≤θ<∞ (X_{t+θ}≠0), and by letting t tend to infinity. We prove the result, new in the multitype framework and for θ>0, that this limit exists and is non-degenerate. This reflects a stationary behavior for the dynamics of the population conditioned on non-extinction, and provides a generalization of the so-called Yaglom limit, corresponding to the case θ=0. In a second step we study the behavior of the population in case of a very late extinction, obtained as the limit when θ tends to infinity of the process conditioned by X_{t+θ}≠0. The resulting conditioned process is a known object in the monotype case (sometimes referred to as Q-process), and has also been studied when X_t is a multitype Feller diffusion process. We investigate the not yet considered case where X_t is a multitype BGWc process and prove the existence of the associated Q-process. In addition, we examine its properties, including the asymptotic ones, and propose several interpretations of the process. Finally, we are interested in interchanging the limits in t and θ, as well as in the not yet studied commutativity of these limits with respect to the high-density-type relationship between BGWc processes and Feller processes. We prove an original and exhaustive list of all possible exchanges of limit (long-time limit in t, increasing delay of extinction θ, diffusion limit). The second part of this work is devoted to the risk analysis related both to the extinction of a population and to its very late extinction. We consider a branching population model (arising notably in the epidemiological context) for which a parameter related to the first moments of the offspring distribution is unknown. We build several estimators adapted to different stages of evolution of the population (phase growth, decay phase, and decay phase when extinction is expected very late), and prove moreover their asymptotic properties (consistency, normality). In particular, we build a least squares estimator adapted to the Q-process, allowing a prediction of the population development in the case of a very late extinction. This would correspond to the best or to the worst-case scenario, depending on whether the population is threatened or invasive. These tools enable us to study the extinction phase of the Bovine Spongiform Encephalopathy epidemic in Great Britain, for which we estimate the infection parameter corresponding to a possible source of horizontal infection persisting after the removal in 1988 of the major route of infection (meat and bone meal). This allows us to predict the evolution of the spread of the disease, including the year of extinction, the number of future cases and the number of infected animals. In particular, we produce a very fine analysis of the evolution of the epidemic in the unlikely event of a very late extinction. / Diese Arbeit befasst sich mit der Frage des Aussterbens von Populationen verschiedener Typen von Individuen. Uns interessiert das Verhalten vor dem Aussterben sowie insbesondere im Falle eines sehr späten Aussterbens. Wir untersuchen diese Fragestellung zum einen von einer rein wahrscheinlichkeitstheoretischen Sicht und zum anderen vom Standpunkt der Risikoanalyse aus, welche im Zusammenhang mit dem Aussterben eines bestimmten Modells der Populationsdynamik steht. In diesem Kontext schlagen wir mehrere statistische Werkzeuge vor. Die Populationsgröße wird entweder durch einen zeitkontinuierlichen mehrtyp-Bienaymé-Galton-Watson Verzweigungsprozess (BGWc) oder durch sein Analogon mit kontinuierlichem Zustandsraum, den Feller Diffusionsprozess, modelliert. Wir interessieren uns für die unterschiedlichen Arten auf Überleben zu bedingen sowie für die hierbei auftretenden Gleichgewichtszustände. Diese Bedingungen wurden bereits weitreichend im Falle eines einzelnen Typen studiert. Im Kontext von mehrtyp-Verzweigungsprozessen hingegen ist die Literatur weniger umfangreich und es gibt keine systematischen Arbeiten, welche die Ergebnisse von BGWc Prozessen mit denen der Feller Diffusionsprozesse verbinden. Wir versuchen hiermit diese Lücke zu schliessen. Im ersten Teil dieser Arbeit untersuchen wir das Verhalten von Populationen vor ihrem Aussterben, indem wir das zeitasymptotysche Verhalten des auf Überleben bedingten zugehörigen Verzweigungsprozesses (X_t|X_t≠0)_t betrachten (oder allgemeiner auf Überleben in naher Zukunft 0≤θ<∞, (X_t|X_{t+θ}≠0)_t). Wir beweisen das Ergebnis, neuartig im mehrtypen Rahmen und für θ>0, dass dieser Grenzwert existiert und nicht-degeneriert ist. Dies spiegelt ein stationäres Verhalten für auf Überleben bedingte Bevölkerungsdynamiken wider und liefert eine Verallgemeinerung des sogenannten Yaglom Grenzwertes (welcher dem Fall θ=0 entspricht). In einem zweiten Schritt studieren wir das Verhalten der Populationen im Falle eines sehr späten Aussterbens, welches wir durch den Grenzübergang auf θ→∞ erhalten. Der resultierende Grenzwertprozess ist ein bekanntes Objekt im eintypen Fall (oftmals als Q-Prozess bezeichnet) und wurde ebenfalls im Fall von mehrtyp-Feller-Diffusionsprozessen studiert. Wir untersuchen den bisher nicht betrachteten Fall, in dem X_t ein mehrtyp-BGWc Prozess ist und beweisen die Existenz des zugehörigen Q-Prozesses. Darüber hinaus untersuchen wir seine Eigenschaften einschließlich der asymptotischen und weisen auf mehrere Auslegungen hin. Schließlich interessieren wir uns für die Austauschbarkeit der Grenzwerte in t und θ, und die Vertauschbarkeit dieser Grenzwerte in Bezug auf die Beziehung zwischen BGWc und Feller Prozessen. Wir beweisen die Durchführbarkeit aller möglichen Grenzwertvertauschungen (Langzeitverhalten, wachsende Aussterbeverzögerung, Diffusionslimit). Der zweite Teil dieser Arbeit ist der Risikoanalyse in Bezug auf das Aussterben und das sehr späte Aussterben von Populationen gewidmet. Wir untersuchen ein Modell einer verzweigten Bevölkerung (welches vor allem im epidemiologischen Rahmen erscheint), für welche ein Parameter der Reproduktionsverteilung unbekannt ist. Wir konstruieren Schätzer, die an die jeweiligen Stufen der Evolution adaptiert sind (Wachstumsphase, Verfallphase sowie die Verfallphase, wenn das Aussterben sehr spät erwartet wird), und beweisen zudem deren asymptotische Eigenschaften (Konsistenz, Normalverteiltheit). Im Besonderen bauen wir einen für Q-Prozesse adaptierten kleinste-Quadrate-Schätzer, der eine Vorhersage der Bevölkerungsentwicklung im Fall eines sehr späten Aussterbens erlaubt. Dies entspricht dem Best- oder Worst-Case-Szenario, abhängig davon, ob die Bevölkerung bedroht oder invasiv ist. Diese Instrumente ermöglichen uns die Betrachtung der Aussterbensphase der Bovinen spongiformen Enzephalopathie Epidemie in Großbritannien. Wir schätzen den Infektionsparameter in Bezug auf mögliche bestehende Quellen der horizontalen Infektion nach der Beseitigung des primären Infektionsweges (Tiermehl) im Jahr 1988. Dies ermöglicht uns eine Vorhersage des Verlaufes der Krankheit inklusive des Jahres des Aussterbens, der Anzahl von zukünftigen Fällen sowie der Anzahl infizierter Tiere. Insbesondere ermöglicht es uns die Erstellung einer sehr detaillierten Analyse des Epidemieverlaufs im unwahrscheinlichen Fall eines sehr späten Aussterbens.

Mehrtyp-Verzweigungsprozesse

Feller Diffusionsprozesse

Schätzung von Verzweigungsprozessen

Epidemiologie

Risikoanalyse

Multitype branching processes

Feller diffusion processes

Risk analysis

Mathematics

Quantitative vulnerability analysis of electric power networks

Holmgren, Åke J.

January 2006

Disturbances in the supply of electric power can have serious implications for everyday life as well as for national (homeland) security. A power outage can be initiated by natural disasters, adverse weather, technical failures, human errors, sabotage, terrorism, and acts of war. The vulnerability of a system is described as a sensitivity to threats and hazards, and is measured by P (Q(t) &gt; q), i.e. the probability of at least one disturbance with negative societal consequences Q larger than some critical value q, during a given period of time (0,t]. The aim of the thesis is to present methods for quantitative vulnerability analysis of electric power delivery networks to enable effective strategies for prevention, mitigation, response, and recovery to be developed. Paper I provides a framework for vulnerability assessment of infrastructure systems. The paper discusses concepts and perspectives for developing a methodology for vulnerability analysis, and gives examples related to power systems. Paper II analyzes the vulnerability of power delivery systems by means of statistical analysis of Swedish disturbance data. It is demonstrated that the size of large disturbances follows a power law, and that the occurrence of disturbances can be modeled as a Poisson process. Paper III models electric power delivery systems as graphs. Statistical measures for characterizing the structure of two empirical transmission systems are calculated, and a structural vulnerability analysis is performed, i.e. a study of the connectivity of the graph when vertices and edges are disabled. Paper IV discusses the origin of power laws in complex systems in terms of their structure and the dynamics of disturbance propagation. A branching process is used to model the structure of a power distribution system, and it is shown that the disturbance size in this analytical network model follows a power law. Paper V shows how the interaction between an antagonist and the defender of a power system can be modeled as a game. A numerical example is presented, and it is studied if there exists a dominant defense strategy, and if there is an optimal allocation of resources between protection of components, and recovery. / QC 20100831

Safety Analysis

vulnerability

homeland security

risk analysis

network

electric power system

blackout

power law

statistical analysis

graph theory

branching process

game theory

Säkerhetsanalys

TECHNOLOGY

TEKNIKVETENSKAP

Riskhantering i IT-projekt : En kvalitativ studie om arbetsmetoder

Choudhury, Siam, Almqvist, David

January 2008

Many organizations today work in projects, a method of organizing work to provide a clearer focus on goals and more control of every aspect of the assignment. A project is, simply put, a plan to achieve a specific result. In turn, project management means to use various tools and methods to facilitate and streamline the effort towards achieving the goal with the project. Risk management is the activity that refers to finding, identifying and quantify different types of risks and take appropriate action towards reducing or eliminating these risks to the extent possible. With increased use of projects as a method of working the demands for managing risks better become stronger. The question that this thesis tried to answer was: “What kind of risks does the IT industry think are linked to their projects and in what way does these companies manage these risks?” Among the project leaders interviewed, the authors could see a great variation in lines of thought and values regarding the importance of risk management and how risk management should be handled. Some interesting observations were made and certain important areas have been brought into the spotlight. The authors saw that risk management among the IT companies was handled very differently from each other. The variation can be due to the sizes in projects or due to the size of the companies. What the authors have observed shows that most of the companies have a common attitude towards the importance of risk management and are usually very structured in their work with risk management. The authors believes this to be a sign that risk management in IT projects is being taken more seriously now than before and believe that this trend will continue towards more well planned and well structured risk management in the IT industry. / Idag arbetar många organisationer i projektform, en arbetsmetod som medför tydligare inriktning mot resultat och större kontroll över alla delar av arbetet. Ett projekt är enklast beskrivet som en plan för att uppnå ett specifikt resultat. Projektledning innebär i sin tur att man använder sig utav olika metoder och verktyg för att underlätta och effektivisera arbete mot målet inom projekt. Riskhantering är den verksamhet som syftar till att lokalisera, identifiera och kvantifiera risker av olika slag samt vidta lämpliga åtgärder för att i möjligaste mån reducera eller eliminera dessa risker. Med den ökande användningen av projekt som arbetsmetod ökar också kravet att hantera risker mot projekt bättre. Frågan som denna uppsats sökte svar på var: "Vad anser företag inom IT-branschen att det finns för risker kopplade till deras projekt och på vilket sätt hanterar företagen dessa risker?" Semistrukturerade intervjuer genomfördes med representanter från fyra företag inom IT-branschen. De fyra företagen verkar inom olika områden och med detta ville författarna få en mer nyanserad bild av hur riskhantering sköts inom branschen. Löpande kontakt hölls med en representant från Öhrlings Pricewaterhouse Coopers (PwC) avdelning för riskhanteringstjänster (RMS). Denna kontakt fungerade som informationskälla. Urvalsmetoden för denna studie var ett omdömesurval. Författarna har efter egna kriterier valt ut och kontaktat projektledare på IT-företag. Kriterierna var att samtliga respondenter skulle ha ansvar för IT-projekt. Författarna kunde se att det bland projektledarna varierade mycket i tankesätt och värderingar kring vikten av riskhantering och på vilket sätt riskhantering ska skötas. Vissa intressanta iakttagelser har gjorts och det finns viktiga områden som har kommit fram i ljuset genom denna uppsats. Författarna kom fram till att riskhanteringen hos IT-företag sker på väldigt olika sätt på de företag som undersöktes. Variationen beror troligen både på storleken på projekten och på företagens storlek. Det författarna har sett visar dock på att företagen för det mesta är ganska strukturerade i sitt arbete kring riskhanteringen. Detta tror författarna tyder på att riskhantering i IT-projekt tas på större allvar nu än tidigare och de tror på en fortsatt trend med välstrukturerad och planerad riskhantering inom IT-branschen.

Project

project management

risk management

risk analysis

risks

IT projects

Projekt

projektstyrning

projektledning

riskhantering

risk management

riskanalys

risker

IT-projekt.

Business studies

Företagsekonomi

Risk Measures Constituting Risk Metrics for Decision Making in the Chemical Process Industry

Prem, Katherine

2010 December 1900

The occurrence of catastrophic incidents in the process industry leave a marked legacy of resulting in staggering economic and societal losses incurred by the company, the government and the society. The work described herein is a novel approach proposed to help predict and mitigate potential catastrophes from occurring and for understanding the stakes at risk for better risk informed decision making. The methodology includes societal impact as risk measures along with tangible asset damage monetization. Predicting incidents as leading metrics is pivotal to improving plant processes and, for individual and societal safety in the vicinity of the plant (portfolio). From this study it can be concluded that the comprehensive judgments of all the risks and losses should entail the analysis of the overall results of all possible incident scenarios. Value-at-Risk (VaR) is most suitable as an overall measure for many scenarios and for large number of portfolio assets. FN-curves and F$-curves can be correlated and this is very beneficial for understanding the trends of historical incidents in the U.S. chemical process industry. Analyzing historical databases can provide valuable information on the incident occurrences and their consequences as lagging metrics (or lagging indicators) for the mitigation of the portfolio risks. From this study it can be concluded that there is a strong statistical relationship between the different consequence tiers of the safety pyramid and Heinrich‘s safety pyramid is comparable to data mined from the HSEES database. Furthermore, any chemical plant operation is robust only when a strategic balance is struck between optimal plant operations and, maintaining health, safety and sustaining environment. The balance emerges from choosing the best option amidst several conflicting parameters. Strategies for normative decision making should be utilized for making choices under uncertainty. Hence, decision theory is utilized here for laying the framework for choice making of optimum portfolio option among several competing portfolios. For understanding the strategic interactions of the different contributing representative sets that play a key role in determining the most preferred action for optimum production and safety, the concepts of game theory are utilized and framework has been provided as novel application to chemical process industry.

quantitative risk analysis

decision analysis

leading metrics, lagging metrics

FN-curves

Exceedance curves

safety pyramids

Expected utility Theory, Game Theory

Nash Equilibrium

Pareto Optimality

Decisional-Emotional Support System for a Synthetic Agent : Influence of Emotions in Decision-Making Toward the Participation of Automata in Society

Guerrero Razuri, Javier Francisco

January 2015

Emotion influences our actions, and this means that emotion has subjective decision value. Emotions, properly interpreted and understood, of those affected by decisions provide feedback to actions and, as such, serve as a basis for decisions. Accordingly, "affective computing" represents a wide range of technological opportunities toward the implementation of emotions to improve human-computer interaction, which also includes insights across a range of contexts of computational sciences into how we can design computer systems to communicate and recognize the emotional states provided by humans. Today, emotional systems such as software-only agents and embodied robots seem to improve every day at managing large volumes of information, and they remain emotionally incapable to read our feelings and react according to them. From a computational viewpoint, technology has made significant steps in determining how an emotional behavior model could be built; such a model is intended to be used for the purpose of intelligent assistance and support to humans. Human emotions are engines that allow people to generate useful responses to the current situation, taking into account the emotional states of others. Recovering the emotional cues emanating from the natural behavior of humans such as facial expressions and bodily kinetics could help to develop systems that allow recognition, interpretation, processing, simulation, and basing decisions on human emotions. Currently, there is a need to create emotional systems able to develop an emotional bond with users, reacting emotionally to encountered situations with the ability to help, assisting users to make their daily life easier. Handling emotions and their influence on decisions can improve the human-machine communication with a wider vision. The present thesis strives to provide an emotional architecture applicable for an agent, based on a group of decision-making models influenced by external emotional information provided by humans, acquired through a group of classification techniques from machine learning algorithms. The system can form positive bonds with the people it encounters when proceeding according to their emotional behavior. The agent embodied in the emotional architecture will interact with a user, facilitating their adoption in application areas such as caregiving to provide emotional support to the elderly. The agent's architecture uses an adversarial structure based on an Adversarial Risk Analysis framework with a decision analytic flavor that includes models forecasting a human's behavior and their impact on the surrounding environment. The agent perceives its environment and the actions performed by an individual, which constitute the resources needed to execute the agent's decision during the interaction. The agent's decision that is carried out from the adversarial structure is also affected by the information of emotional states provided by a classifiers-ensemble system, giving rise to a "decision with emotional connotation" included in the group of affective decisions. The performance of different well-known classifiers was compared in order to select the best result and build the ensemble system, based on feature selection methods that were introduced to predict the emotion. These methods are based on facial expression, bodily gestures, and speech, with satisfactory accuracy long before the final system. / <p>At the time of the doctoral defense, the following paper was unpublished and had a status as follows: Paper 8: Accepted.</p>