Jan van den Berg

Vermelding onderdeel organisatie

April 22, 2023

1

Security and Technology (WM0823TU) Lecture 12: Wrapup and Preparation for the Exam

Jan van den Berg

Faculty of Technology, Policy and Management

Home page: http://www.tbm.tudelft.nl/live/pagina.jsp?id=352a81e9-563c-4098-8a54-d424dbc1e41b&lang=en

Email: [email protected]

April 22, 2023 2

Agenda

• Wrapup• Why?: we live in a Society at Risk • What?: we like to realize a Risk Society• How?: we need appropriate methodologies• Main results/conclusions

• Preparation for the Exam

April 22, 2023 3

Our Society and its Risks

• Society is based on complex (critical) infrastructures that often apply sophisticated technology:

• (inter)national water and energy supply -• production factories -• (inter)national supply chain +• public transport services -• healthcare system -• Internet and other ICT services +• financial services +• river and sea flooding defense system +• first aid services: fire brigade, police, ambulance +• …

• Infrastructures are often highly interdependent

April 22, 2023 4

Infrastructures, example

physical: road, water

physical: mechanical

physical: electricity

Earth

physical: hardware

virtual: software

•Strongly interweaved•Many SPOFs

(single points of failure)

April 22, 2023 5

Society at risk

• Due to unintentional threats or hazards like natural disasters, human errors, technical failures, …, our society has safety problems: safety awareness already exists for many years

• Due to intentional threats like terrorism, smuggle, theft, fraud, …, our society has security problems: security awareness got a strong wakeup call on Sept 11, 2001 (9/11)

in short, our society is (and will be) at risk =our society is in a permanent state of risk, also as a consequence of a long modernization process

our preparedness on dealing with security risks is less developed than that on safety risks

April 22, 2023 6

Agenda

• Wrapup• Why?: we live in a Society at Risk • What?: we like to realize a Risk Society• How?: we need appropriate methodologies• Main results/conclusions

• Preparation for the Exam

April 22, 2023 7

Risk Society

• A Risk Society [Beck, 1992] is a society organized in response to risk: “it is a society that, unlike any preceding culture, lives in the future rather than the past” [http://en.wikipedia.org/wiki/Risk_society]

• Assumption: despite all kinds of activities, our current society has not achieved that state; the following incidents support this claim:

• world-wide financial crises still occur at regular moments in time …• idem, floodings often occur: New Orleans, Pakistan, Eastern Europe, …• idem, information security breaches: Internet was not designed having

risk in mind and we experiencing a lot of trouble at daily basis…• idem, unexpected high-impact security incidents sometimes occur like

9/11, suicidal bombing attacks in air planes and on crowed markets, … • idem, sometimes energy supply is in danger: oil crisis in the 70ies,

electricity power failures, …

April 22, 2023 8

Our focus: risks in infrastructures• (Technical) infrastructures (that strongly depend on technology),

specifically those related to• financial services: market and credit risk (lectures 2 and 3)• Internet as part of the real life: human values’ risks (lecture 4)• general information services: CIAA risks (lecture 5 and 6)• information quality risks for first aid agencies (lecture 8)• S&S risks in the supply chain (lecture 9)• risks related to flooding/water defense infrastructures (lecture 10 and

11)• In addition there was a Masterclass (lecture 7) on safety science

focusing on human, machine, context• Our main concern: risks and appropriate countermeasures• NOT: which measures are cost-effective?

(for example: we ignored the important ROI question of ‘return on SSJ-investments’…, which concerns an additional concern and topic of research!)

April 22, 2023 9

What’s the problem?, 1st conceptualization• We all strongly depend on many resources

including other people, nature, devices, services, money, … at all kinds of scales (in your house, city, province, land, continent, world, …)

• Sometimes, the word capabilities is used instead referring to human capabilities, economic forces (capital, labor, nature, information), ...

• Threats or hazards like… may menace these resources/capabilities (you name it!)• Vulnerabilities (in the defense) of a resource let the threats result (with a certain probability) in incidents having a certain impact: there is a RISK!!• Due to the risk certain, possibly overlapping, measures are taken (concerns the how): preventative, detective and corrective

valuable resourceor capability

threats

measures

April 22, 2023 10

Agenda

• Wrapup• Why?: we live in a Society at Risk • What?: we like to realize a Risk Society• How?: we need appropriate methodologies• Main results/conclusions

• Preparation for the Exam

Methodologies, basic steps

• We need first to analyse risks of the SSJ problem at stake

• If they are unacceptably high, we need to design and implement countermeasures

• Here the (not-discussed) problem of ROI becomes important (!): e.g., recent insights in future sea water heights should result into a new Deltaplan for the NLs?

• Source of figure 7

Analysing risks

• To assess risks (which do have an uncertainty component), probabilistic models are the standard approach:• Fault trees include probabilities: collapse of dikes, nuclear power

stations, working failure of a surge barrier, …• Event trees include probabilities: possible consequences of a big

train accident, nuclear bomb, oil pipe burst, poisoned mud distribution, eruption of a vulcano, …

• Market risk in finance: portfolio optimization (e.g., efficient frontier line)

• Idem credit risks (and operational risks)• Idem flooding risks: Monte Carlo simulation• Idem …

• Nota bene: probabilistic models need data to induce statistical conclusions

• To analyse models’ robustness, additional sensitivity analysis is crucial

Risk calculation and bow-tie model

• fault-tree analysis: this concerns a deductive reasoning scheme based on a tree with and and or gates

• In deductive reasoning,a conclusion necessarilyfollows from its premises

• Risk = Expected Loss =

i pi x li

• Reducing pi concerns all measures of lowering the probability of the occurrence of a critical event/security incident i

• So, reducing pi concerns the left part in bow-tie model (!)

Risk calculation and bow-tie model, cont.

• event tree: this concerns an (often probabilistic !! ) inductive decomposition of possible consequences, againstwhich certain measures are taken

• In inductive reasoning, the conclusion may follow from its premises (but this is not sure)

• Risk = Expected Loss =

i pi x li

• Reducing li concerns all measures of lowering the impacts/consequences of an occurring critical event/security incident i

• So, reducing li concerns the right part in bow-tie model (!)

Modeling risk, cont.

• In a world of infinity possible losses where we define a loss distribution f (l ) of all possible losses l, then the risk = expected loss is given by

risk = ∫ f (l ) l dl• There exist other definitions of risks like volatility

and VAR• Not all risks can (easily) be quantified, especially

risks related to human capabilities and/or assets w.r.t. human values (privacy breaches, reputation loss, loss of democratic and other human rights, …)

April 22, 2023 15

Risks in business

• An enterprise architecture approach may help to identify the most relevant risks

• An example concerns the estimation of the impact of information security breaches (CIAA)

• Understanding the dependence of crucial business processes on certain business information assets is key

April 22, 2023 17

Dealing with risk

• If risks are considered to be too high, they should be managed risk management

• Risk/Security management roughly concerns the (often dynamic) process of1. acceptable risk definition: defining what is an

acceptable level of risk in a given environment2. risk analysis: analyzing the expected impact of all

possible incidents in that environment3. countermeasures’ design: taking measures to reduce

the risk to the defined/decided acceptable level

Dealing with risk: taking measures• Measures are organisational (80%) and technical (20%)• Finding appropriate (technical and organisational)

measures (to deal with the risk in infrastructures) concerns design science, the science of creating an (organisational or technical) artefact

• Artefacts include frameworks, best practices, technological structures/infrastructures/innovations, …

• Design science differs from classical science where truth finding is the main goal

• The seven guidelines (according to Hevner et al., 2004) for designing an artifact are (1) problem relevance, (2) research rigor, (3) design as a search process, (4) design as an artifact, (5) design evaluation, (6) research contributions, and (7) research communication

Taking countermeasures, examples• Appropriate countermeasures of often consist of

(regularly updated) best (engineering) practices:• Waterwork infrastructures like Deltaworks, barrages, locks• Polder-boards (waterschappen) use centuries-old

experience • BS7799, a set of best practices for information security• Basel Committee of Banking Supervision: buffer capital

requirements a.o.• ROBECO engineers for financial assets management• Integrated ICT-solutions for adequate information supply• …

April 22, 2023 20

Agenda

• Wrapup• Why?: we live in a Society at Risk • What?: we like to realize a Risk Society• How?: we need appropriate methodologies• Main results/conclusions

• Preparation for the Exam

S&S research

• Safety science has a long history • Security science (due to partially new, dynamically

changing, technology-based intentional threats) is a relatively new topic of research

• SSJ topics in the technology domain are fundamentally multidisciplinary solving them concerns the science of truly integrating views from different disciplines (which is no sinecure!!!: look at the content of this course)

• Multiactor analysis (not much covered here) is often essential

Conclusions per domain: finance

April 22, 2023 23

Agenda

• Wrapup• Why?: we live in a Society at Risk • What?: we like to realize a Risk Society• How?: we need appropriate methodologies• Main results/conclusions

• Preparation for the Exam

How to study

• PPT presentations, with references to underlying material like articles, wikipedia, reports, theses;

• Understanding the concepts is key, not the skills to perform sophisticated calculations…

April 22, 2023 24

Example questions at the exam

Dit vraagstuk betreft risico-aspecten in de financiële wereld:a) Soms wordt risk in de financiële wereld gelijkgesteld aan

volatility. Wat houdt het begrip volatility in en wat is het risico-karakter ervan?

b)  Leg uit wat het begrip ‘value-at-risk’ inhoudt. Geef ook een voorbeeld.

c)  Leg uit wat het begrip ‘operational risk’ inhoudt. Geef ook een voorbeeld

d) Wat houdt de ‘efficiënte markt hypothese’ in en welke beleggingsstrategie wordt gekozen door iemand die er wel, respectievelijk niet, in gelooft?

Example questions at the exam, cont.

Onderstaande vragen gaan over risico-aspecten rond data en informatie.

• a)      Wat zijn binnen het vakgebied van de ‘information security’ de meest gehanteerde basale risicoaspecten? Leg ook van elk aspect uit wat de betekenis ervan is.

• b)      Licht kort de security services ‘identification’, ‘authentication’ en ‘access control’ toe.

• c)      Noem 4 security mechanismes om authenticatie mee te implementeren

• d) Welke risicoaspecten kent de ICT-infrastructuur genaamd ‘Internet’ naast de aspecten die bij vraag 2a) zijn bedoeld?

Example questions at the exam, cont.

• Other questions may concern methodological aspects and concepts related to• Bow-tie model• Monte Carlo simulations• Best (engineering) practices

To finalize

• Hopefully you enjoyed it!

• Good luck with • the exam• your carrier (in SSJ)• your life in general…!