Risk and the Theory of Security Risk Assessment

This book provides the conceptual foundation of security risk assessment and thereby enables reasoning about risk from first principles. It presents the underlying theory that is the basis of a rigorous and universally applicable security risk assessment methodology. Furthermore, the book identifies and explores concepts with profound operational implications that have traditionally been sources of ambiguity if not confusion in security risk management. Notably, the text provides a simple quantitative model for complexity, a significant driver of risk that is typically not addressed in security-related contexts.

Risk and The Theory of Security Risk Assessment is a primer of security risk assessment pedagogy, but it also provides methods and metrics to actually estimate the magnitude of security risk. Concepts are explained using numerous examples, which are at times both enlightening and entertaining. As a result, the book bridges alongstanding gap between theory and practice, and therefore will be a useful reference to students, academics and security practitioners.

Teaches the reader how to think about security risk problems and rigorously evaluate any scenario irrespective of its complexity or context Provides thought experiments to test the reader's understanding of basic security risk assessment concepts Provides quantitative methods to evaluate the effectiveness of security controls, identify meaningful performance metrics, and formulate a logic-based risk mitigation strategy

Auteur

Carl S. Young specializes in applying science to information and physical security risk management. He has held senior positions in the US government, the financial sector, consulting and academia. He is the author of three previous textbooks in addition to numerous technical papers, and has been an adjunct professor at the John Jay College of Criminal Justice (CUNY). Mr. Young earned undergraduate and graduate degrees in mathematics and physics from the Massachusetts Institute of Technology (MIT).

Contenu
Part 1: Security Risk Assessment Fundamentals.- Definitions and Basic Concepts.- Risk Factors.- Threat Scenarios.- Risk, In Depth.- Part II: Quantitative Concepts and Methods.- The (Bare) Essentials of Probability and Statistics.- Identifying and/or Quantifying Risk-Relevance.- Risk Factor Measurements.- Elementary Stochastic Methods and Security Risk.- Part III: Security Risk Assessment and Management.- Threat Scenario Complexity.- Systemic Security Risk.- General Theoretical Results.- The Theory, in Practice.- Epilogue.- Appendices.