CS 589 Information Risk Management 23 January 2007.

Slides:

Advertisements

Similar presentations

Economics of Information (ECON3016)

Advertisements

Heuristic Search techniques

Decision Theory.

Chapter 8: Decision Analysis

McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. 5S Decision Theory.

Copyright © 2011 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 Strategic Capacity Management.

Decision Analysis. What is Decision Analysis? The process of arriving at an optimal strategy given: –Multiple decision alternatives –Uncertain future.

Managerial Decision Modeling with Spreadsheets

ISMT 161: Introduction to Operations Management

1 Chapter 12 Value of Information. 2 Chapter 12, Value of information Learning Objectives: Probability and Perfect Information The Expected Value of Information.

Section 5.1 Constructing Models of Random Behavior.

Sensitivity and Scenario Analysis

Engineering Economic Analysis Canadian Edition

Decision Analysis Your Logo Here Jane Hagstrom University of Illinois Jane Hagstrom University of Illinois.

Decision Theory: Single Stage Decisions Computer Science cpsc322, Lecture 33 (Textbook Chpt 9.2) March, 30, 2009.

CS 589 Information Risk Management 30 January 2007.

CS 589 Information Risk Management 6 February 2007.

Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter Chapter 4: Modeling Decision Processes Decision Support Systems in the.

Operations Management Decision-Making Tools Module A

1 Civil Systems Planning Benefit/Cost Analysis Scott Matthews Courses: /

1 Stochastic Dominance Scott Matthews Courses: /

Module 4 Topics: Creating case study decision tree

Uncertainty Logical approach problem: we do not always know complete truth about the environment Example: Leave(t) = leave for airport t minutes before.

1 Chapter 3 Structuring Decision. 2 Structuring Decisions Learning Objectives Fundamental steps in model creation Identify and structure values and objectives.

Games of Incomplete Information. These games drop the assumption that players know each other’s preferences. Complete info: players know each other’s preferences.

Chapter 14 Risk and Uncertainty Managerial Economics: Economic Tools for Today’s Decision Makers, 4/e By Paul Keat and Philip Young.

* Problem solving: active efforts to discover what must be done to achieve a goal that is not readily attainable.

Principles of Engineering System Design Dr T Asokan Decision Making in System Design.

Decision Analysis (cont)

DSS Modeling Current trends – Multidimensional analysis (modeling) A modeling method that involves data analysis in several dimensions – Influence diagram.

Managing Organizations Informed decision making as a prerequisite for success Action Vision Mission Organizational Context Policies, Goals, and Objectives.

Lecture: Decision making under uncertainty Date:

Risk, Probability and Judgment. The Harnessed AtomRisk, Probability, and Judgment 2 Today’s Topics What is risk? How do we perceive risk? How do we measure.

Using Probability and Discrete Probability Distributions

程建群博士 (Dr. Jason Cheng) 年 03 月 Software Engineering Part 05.

Engineering Economic Analysis Canadian Edition

Introduction to Decision Making Theory Dr. Nawaz Khan Lecture 1.

Dynamic Games & The Extensive Form

Decision & Risk Analysis Influence Diagrams, Decision Trees NOTE: Some materials for this presentation courtesy of Dr. Dan Maxwell Reference: Clemen &

MBA7025_01.ppt/Jan 13, 2015/Page 1 Georgia State University - Confidential MBA 7025 Statistical Business Analysis Introduction - Why Business Analysis.

Advanced Project Management Project Risk Management Ghazala Amin.

Chapter 6 Decision Trees and Influence Diagrams.

MBA7020_01.ppt/June 13, 2005/Page 1 Georgia State University - Confidential MBA 7020 Business Analysis Foundations Introduction - Why Business Analysis.

Choice under uncertainty Assistant professor Bojan Georgievski PhD 1.

McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. 5 Capacity Planning For Products and Services.

QM Spring 2002 Business Statistics Probability Distributions.

© 2007 Pearson Education Decision Making Supplement A.

Introduction to Probabilistic Analysis Introduction to Probabilistic Analysis The third phase of the cycle incorporates uncertainty into the analysis.

Making Simple Decisions Utility Theory MultiAttribute Utility Functions Decision Networks The Value of Information Summary.

Amity School Of Business Operations Research OPERATIONS RESEARCH.

Risk Analysis in Capital Budgeting. Nature of Risk Risk exists because of the inability of the decision-maker to make perfect forecasts. the risk associated.

BUAD306 Chapter 5S – Decision Theory. Why DM is Important The act of selecting a preferred course of action among alternatives A KEY responsibility of.

QUANTITATIVE TECHNIQUES

1 Optimizing Decisions over the Long-term in the Presence of Uncertain Response Edward Kambour.

DECISION MAKING TOOLS 1. Elements of Decision Problems 2.

MODULE 9 MANAGERS AS DECISION MAKERS “Decide first, then act” How do managers use information to make decisions and solve problems? What are the steps.

© 2015 McGraw-Hill Education. All rights reserved. Chapter 16 Decision Analysis.

Business Modeling Lecturer: Ing. Martina Hanová, PhD.

QUANTITATIVE TECHNIQUES

McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 4 Decision Analysis Building the Structure for Solving.

Decision Trees Jennifer Tsay CS 157B February 4, 2010.

Decision Making Under Uncertainty

Decisions Under Risk and Uncertainty

Nevin L. Zhang Room 3504, phone: ,

Chapter 19 Decision Making

Chapter Five Understanding Risk.

MNG221- Management Science –

Influence Diagrams, Decision

Presentation transcript:

CS 589 Information Risk Management 23 January 2007

Today’s Discussion Start with risk Discuss types of information risk Start with systematic, modeling-based framework for assessing alternatives when risks are known Continue with the hard part – specification of risk when risks are unknown

Next Week Discuss specification of risks using probability distributions Discuss incorporation of this information into a decision tree Discuss ways to apply these techniques to Information Risk scenarios

After Next Week Discuss the Expected Utility decision criterion Discuss Multiple Objectives and Expected Value and Expected Utility Discuss Applications in Information Risk Analysis and Management

References for Today Clemen, R. L. and T. Reilly, Making Hard Decisions. Duxbury, Gaffney Jr., J. E., J. W. Ulvila, “Evaluation of Intrusion Detectors: A Decision Theory Approach”, Proceedings of the IEEE Symposium on Security and Privacy

Risk ??? Chance of something bad happening? Having something bad happen? Anything else?

Risk The probability of an event occurring combined with the consequences of that event Just about everything is risky How do we actually measure risk?

Risk vs Uncertainty Uncertainty –We don’t know what the key variables are –We don’t know how they relate to alternatives Risk –Specify probability distributions –Connect them with alternatives One goal: Uncertainty  Risk via Modeling

Thinking About Risk Probabilities and Outcomes Which is riskier? –Living near a large power generation station –International flight –Driving to Albuquerque We have to define factors, events, outcomes, and associated probabilities

Dealing with Risk Define Risk Assess Risk Define Alternatives for Handling the Risk Evaluate Alternatives Evaluate your Evaluation Model Sensitivity Analysis Implementation

Evaluation Choosing among Alternatives Should be Evaluated on the same dimension(s) –Expected Value –Expected Utility –Value at Risk (VAR) –Multiple criteria Measurement of Alternatives on criteria dimensions is key – and another modeling issue

Sensitivity Analysis Checking on the evaluation of each alternative by varying individual variables Find the variable(s) that have the largest impact(s) on the ordering of alternatives Goal: robust solutions

Visual Representation Influence Diagrams –Connect factors, events –Help us define risks –Decomposition Decision Trees –Ordering of decisions, risky events –Easy to see and present – and solve

Visual Representations Squares denote Decisions Circles denote Risks Influence Diagrams – arcs connect decision and risk (aka chance) nodes Decision Trees – decision and chance nodes are sequentially ordered from left to right

A Very Simple Example Coin Flip Game Decisions: Play/No Play Risks: Heads/Tails Outcomes Must be Specified

Coin Flip Game Decision Tree With $0 Outcomes

If All Outcomes are $0 We are Indifferent between Play and No Play based on the Expected Value criterion We Prefer Play to No Play if E(Play) > E(No Play) Which means that the sum of the outcomes (if we have a fair coin) must be positive Generally, Play if

What if we can play twice? Sequential decision – we see the result of the first coin flip, and decide to continue This leads to the notion of Strategies – we can make a plan contingent upon resolution of risks that are resolved between decision nodes Everything is still based on Expected Value

Suppose O(H) = $10, O(T) = -$7 p(H) = p(T) =.5 (Fair coin) We can easily see that we would choose to Play in the one-game case What about the 2-game case?

Strategy It’s pretty simple – keep playing Would you really do this? Do you believe this? Why or why not??

Simple Example Suppose we are assessing two alternative intrusion detection systems. What’s the problem? What are the key risks for this decision? What are the decisions? What are the outcomes? How would we measure the outcomes? What is the decision criterion?

Key Point The optimal choice will be the one that is associated with the best expected criterion value – such as expected total cost This will be determined by how we define the outcomes – in terms of total costs – and probabilities When we roll back a decision tree, we assume that the downstream decision is the best one

Expected Value Random Variable with possible discrete outcomes

What do we need to know? Probabilities –P(Detection|An Intrusion)  P(D|I) –Associated Info –P(I) –And, finally, P(I|D) Outcomes –Individually, these will not be stochastic – for now –They will still lead to an expectation for each decision node

Conditional Probability P(D|I) and P(D| Not I) P(Not D|I) and P(Not D|Not I) Where would we get this information? What about P(I)?

Bayes Rule – Simple Version

Interpretation Two types of Accuracy Two types of Error

Solving the Tree Establish the Outcomes Compute the Probabilities – the conditionals on the endpoints and others Find Expected Values and roll back the tree

Sensitivity Analysis What are the strategies given the numbers we used in the example? What are the key variables? How would we assess the base-case outcome of this example?

Different Conditional Information What if we don’t know P(D|I)? We can flip the tree according to what we do know Outcomes should remain the same And the decision should remain the same

Another Way – Info Dependent

Modeling Decisions, chance events Probability distributions for chance events –Lack of data  Bayesian methods –Expert(s) –Lots of data  Distribution model(s) Outcomes –Financial, if possible –Multiple measures/criteria/attributes

Decision Situation In the context of Firm or Organization Goals, Objectives, Strategies A complete understanding should lead to a 1-2 sentence Problem Definition –Could be risk-centered –Could be oriented toward larger info issues Problem Definition should drive the selection of Alternatives and, to some degree, how they are evaluated

Information Business Issues Integrity and reliability of information stored and used in systems Preserve privacy and confidentiality Enhance availability of other information systems

Risk Management Process of defining and measuring or assessing risk and developing strategies to mitigate or minimize the risk Defining and assessing –Data driven –Other sources Developing strategies –Done in context of objectives, goals