Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 589 Information Risk Management 30 January 2007.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CS 589 Information Risk Management 30 January 2007."— Presentation transcript:

1 CS 589 Information Risk Management 30 January 2007

2 References for Today The Gaffney and Ulvila paper Gelman, Carlin, Stern, and Rubin, Bayesian Data Analysis. Chapman and Hall, 1998. Any decent statistics book that deals with Bayesian ideas

3 Today Continue with our introductory example Discuss the paper Specify Risks Using Probability Distributions –Event Risk(s) –Outcome Risk(s) Use our Risk Models in decision tree(s)

4

5 What do we need to know? Probabilities –P(Detection|An Intrusion)  P(D|I) –Associated Info –P(I) –And, finally, P(I|D) Outcomes –Individually, these will not be stochastic – for now –They will still lead to an expectation for each decision node

6 Conditional Probability P(D|I) and P(D| Not I) P(Not D|I) and P(Not D|Not I) Where would we get this information? What about P(I)?

7 Bayes Rule – Simple Version

8 Bayes’ Rule Prior Idea  Information  Revised Idea  Information  New Revision  etc. Specific form for computing new probabilities Where does the prior come from? Information?

9 Interpretation Two types of Accuracy Two types of Error

10 Solving the Tree Establish the Outcomes Compute the Probabilities – the conditionals on the endpoints and others Find Expected Values and roll back the tree

11 Outcomes These will often have to be estimated We can follow the paper (and some convention) and incorporate costs for false positives and false negatives Where would we get these numbers in an actual analysis? What did the authors (of the paper) do?

12

13 Sensitivity Analysis What are the strategies given the numbers we used in the example? What are the key variables? How would we assess the base-case outcome of this example?

14

15

16

17 Don’t Forget the Bottom Line Our decision criterion – Expected Cost We want to see what happens under different circumstances We can even show these situations – scenarios – graphically Relationships between cost ratio and P(D|I) and P(D not|I not)

18

19 Different Conditional Information What if we don’t know P(D|I)? We can flip the tree according to what we do know Outcomes should remain the same And the decision should remain the same

20 Another Way – Info Dependent

21 Modeling Decisions, chance events Probability distributions for chance events –Lack of data  Bayesian methods –Expert(s) –Lots of data  Distribution model(s) Outcomes –Financial, if possible –Multiple measures/criteria/attributes

22 Decision Situation In the context of Firm or Organization Goals, Objectives, Strategies A complete understanding should lead to a 1-2 sentence Problem Definition –Could be risk-centered –Could be oriented toward larger info issues Problem Definition should drive the selection of Alternatives and, to some degree, how they are evaluated

23 Information Business Issues Integrity and reliability of information stored and used in systems Preserve privacy and confidentiality Enhance availability of other information systems

24 Risk Management Process of defining and measuring or assessing risk and developing strategies to mitigate or minimize the risk Defining and assessing –Data driven –Other sources Developing strategies –Done in context of objectives, goals

25 What About the Paper? What is the problem/model structure? What are the key risks? How were they modeled? What do the authors say about the structure of the problem? What conclusions do you draw from the paper?

26 Probability Models For events –Discrete Events –Poisson Distribution –Binomial Distribution For outcomes Combine with Bayesian analysis

27 Poisson Distribution

28 Independent events happen along a continuum –Time – often the case in IA –Space –Distance Distribution parameter is the expected number of events per unit Parameter is also the distribution variance One possible model for discrete data

29

30 Using the Poisson in IRM Probability model of events per unit of measurement Expected number of events might impact technology choice Range of potential events might impact tech choice If we are risk averse, distributions help us explicitly consider event risks

31

32

33 What if we don’t have data? One way: –Select the model –Model parameters estimated using a prior distribution –Pick the right Prior Prior Expectation  Distribution Parameter Prior distribution should reflect degree of uncertainty

34 Priors Prior for a Poisson parameter is Gamma

35

36

37

38 Prior Distribution The prior should reflect our degree of certainty, or degree of belief, about the parameter we are estimating One way to deal with this is to consider distribution fractiles Use fractiles to help us develop the distribution that reflects the synthesis of what we know and what we believe

39 Prior + Information As we collect information, we can update our prior distribution and get a – we hope – more informative posterior distribution Recall what the distribution is for – in this case, a view of our parameter of interest The posterior mean is now the estimate for the Poisson lambda, and can be used in decision- making

40 Information For our Poisson parameter, information might consist of data similar to what we already collected in our example We update the Gamma, take the mean, and that’s our new estimate for the average occurrences of the event per unit of measurement.

41 Next Time You guys will present your responses to the homework assignment We will continue with Bayesian analysis and another example or two Segue into other topics given our framework that we have developed

Download ppt "CS 589 Information Risk Management 30 January 2007."

Similar presentations

Evaluating Provider Reliability in Risk-aware Grid Brokering Iain Gourlay.

Evaluating Provider Reliability in Risk-aware Grid Brokering Iain Gourlay.
A Tutorial on Learning with Bayesian Networks

A Tutorial on Learning with Bayesian Networks
Lahore University of Management Sciences, Lahore, Pakistan Dr. M.M. Awais- Computer Science Department 1 Lecture 12 Dealing With Uncertainty Probabilistic.

Lahore University of Management Sciences, Lahore, Pakistan Dr. M.M. Awais- Computer Science Department 1 Lecture 12 Dealing With Uncertainty Probabilistic.
Decision Making Under Risk Continued: Bayes’Theorem and Posterior Probabilities MGS3100 - Chapter 8 Slides 8c.

Decision Making Under Risk Continued: Bayes’Theorem and Posterior Probabilities MGS Chapter 8 Slides 8c.
Managerial Decision Modeling with Spreadsheets

Managerial Decision Modeling with Spreadsheets
Chap 19-1 Copyright ©2012 Pearson Education, Inc. publishing as Prentice Hall On Line Topic Decision Making Basic Business Statistics 12 th Edition.

Chap 19-1 Copyright ©2012 Pearson Education, Inc. publishing as Prentice Hall On Line Topic Decision Making Basic Business Statistics 12 th Edition.
1 Chapter 12 Value of Information. 2 Chapter 12, Value of information Learning Objectives: Probability and Perfect Information The Expected Value of Information.

1 Chapter 12 Value of Information. 2 Chapter 12, Value of information Learning Objectives: Probability and Perfect Information The Expected Value of Information.
Hypothesis testing Week 10 Lecture 2.

Hypothesis testing Week 10 Lecture 2.
CS 589 Information Risk Management 6 February 2007.

CS 589 Information Risk Management 6 February 2007.
Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter 4 - 1 Chapter 4: Modeling Decision Processes Decision Support Systems in the.

Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter Chapter 4: Modeling Decision Processes Decision Support Systems in the.
CS 589 Information Risk Management 23 January 2007.

CS 589 Information Risk Management 23 January 2007.
Structural uncertainty from an economists’ perspective

Structural uncertainty from an economists’ perspective
1 Civil Systems Planning Benefit/Cost Analysis Scott Matthews Courses: 12-706 / 19-702.

1 Civil Systems Planning Benefit/Cost Analysis Scott Matthews Courses: /
Results 2 (cont’d) c) Long term observational data on the duration of effective response Observational data on n=50 has EVSI = £867 d) Collect data on.

Results 2 (cont’d) c) Long term observational data on the duration of effective response Observational data on n=50 has EVSI = £867 d) Collect data on.
Statistics for Managers Using Microsoft Excel, 4e © 2004 Prentice-Hall, Inc. Chap 16-1 Chapter 16 Decision Making Statistics for Managers Using Microsoft.

Statistics for Managers Using Microsoft Excel, 4e © 2004 Prentice-Hall, Inc. Chap 16-1 Chapter 16 Decision Making Statistics for Managers Using Microsoft.
. PGM: Tirgul 10 Parameter Learning and Priors. 2 Why learning? Knowledge acquisition bottleneck u Knowledge acquisition is an expensive process u Often.

. PGM: Tirgul 10 Parameter Learning and Priors. 2 Why learning? Knowledge acquisition bottleneck u Knowledge acquisition is an expensive process u Often.
3-1 Introduction Experiment Random Random experiment.

3-1 Introduction Experiment Random Random experiment.
Applied Bayesian Analysis for the Social Sciences Philip Pendergast Computing and Research Services Department of Sociology

Applied Bayesian Analysis for the Social Sciences Philip Pendergast Computing and Research Services Department of Sociology
Thanks to Nir Friedman, HU

Thanks to Nir Friedman, HU
Basic Statistical Concepts Donald E. Mercante, Ph.D. Biostatistics School of Public Health L S U - H S C.

Basic Statistical Concepts Donald E. Mercante, Ph.D. Biostatistics School of Public Health L S U - H S C.

Similar presentations

Ads by Google