StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Risk Analysis Methods - Research Paper Example

Cite this document
Summary
The researcher of this essay aims to analyze risk assessment methodologies. The latter is used for threat detection, clarifying the vulnerability of big processes, evaluating the risks of loss of assets, the chance of an occurrence of the suggested threats in some infrastructure or system…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.8% of users find it useful
Risk Analysis Methods
Read Text Preview

Extract of sample "Risk Analysis Methods"

 Risk Analysis Methods Contents Contents 2 Introduction 3 MSRAM model 4 CARVER 8 DREAD model 10 References 11 Introduction Good risk assessment methodologies are an essential requirement and the cornerstone to the implementation of program that is used to protect critical infrastructure. There is large no. of methods that are used to critically evaluate the risks of important infrastructures. This existence of a large no. of methods supports the argument that risk assessment methods are an important requirement in order to implement the program to be used for protecting of critical infrastructure. The field of risk assessment is an indispensible field and is useful for identifying threats, accessing the vulnerability of critical processes, evaluating the impact on the assets, infrastructure or system given the probability of an occurrence of these perceivable threats. There are lots of risk assessment methodologies that are used to critically evaluate the risks that can occur on critical infrastructure. Almost all of these models follow a predefined approach that is common to all the methods and the approach contains certain specific elements. The common elements that are present are identification of classification of threats, identification of the vulnerabilities that are present and evaluating the impact of the threats (Giannopoulos, Filippini and Schimmer, 2012). These three steps are common to all risk assessment methods and form the backbone of any risk assessment methods. The factors that are used to differentiate in between the risk assessment methods are 1. The target audience or the audience which the method addresses 2. The scope of the risk assessment method 3. The applicability of the risk assessment method In the following pages three different risk assessment models are discussed at length. The models that are discussed in the follo0wing pages are MSRAM, CARVER and DREAD model. MSRAM model MSRAM model or Maritime Security Risk Analysis Model is a model that has been designed by the US coast guard for the purpose of mitigating the risk of terrorist attacks on US ports and waterways MSRAM was developed as a captain of the port level risk analysis tool soon after the incident of 9/11 occurred. As per the DHS strategic plan 2008-13, since it is not feasible to secure the United States again all possible forms of attacks that may occur or any other threats that may arise, they have made risk management as the primary basis of policy and resource allocation decision making. A principal of US coast guard operation is risk management. The task is challenging due to the fact that the organization is engaged in multiple missions. This however forms one of the criteria of US coast guard decision making. The ultimate aim is to form an integrated performance management system that is used for measuring risk, readiness and ROI. Figure 1 Understanding of risk (Source: Cooper, 2015) The first step in the risk management model is to understand the risk that is existent in the system. Understanding risk has several dimensions that are how likely is the fact that risk will occur? What are the things that can go wrong if the incident happens and finally estimating what can be the impacts if such an incident ever occurs? Based on these factors Risk is defined as a function of Likelihood and consequence. The unit is used to analyze the generic attack mode against a specific target. The department of homeland security planning scenario is also addressed. Each of the attack is defined in sufficient detail in order to support the analysis of consequences and vulnerabilities. The target of terrorist attack is defined in terms of class, location, consequences, location of the attack and other key facts that are used in the analysis of the attack. On the basis of target class and the potential consequence of every attack, no. of different attack modes has been specified for analyzing the consequences and the vulnerabilities. The value system is used to determine the consequence scoring and considers death and injury, economic impacts that are primary and secondary, impact on the environment, impact on national security and the impact that is symbolic. The value and scale to measure the different impacts is determined by the US coast guard leadership. The values of the system are used to represent that which characterizes the American people. Vulnerability of the system is further broken down in five different factors. The factors are achievability of attack, three factors that are related to the system security namely owner operator, local law enforcement and US coast guard and target hardness. The central theme of the MSRAM model is to be able to mitigate the risk. In order to be able to mitigate the risk, it should be able to assess the risk. The foundation of the risk assessment is held in historical experience, analytical methods and knowledge and intuition. The challenges that exist are that in case of the terrorism profiles there is poor availability of the data set and there is significant uncertainty of the frequency of attacks to occur and also there is uncertainty to the consequences. The risk can be strategic, operational, mission support or institutional. Figure 2 Residual risk returns (Source: Cooper, 2015) Figure 3 Risk impact of USCG intervention (Source: Cooper, 2015) Figure 4 Type of targets and required attack model (Source: United States Coast guard, 2010) Figure 5 Scenario: Target + Attack model (Source: United States Coast guard, 2010) Figure 6 Scenario timeline (Source: United States Coast guard, 2010) MSRAM is used to quantify the USCG and other stakeholders’ methodology in mitigating risks through the process of Protective measures and primary consequence mitigation CARVER The matrix was developed by the United States special operation forces during the Vietnam War. CARVER stands for Criticality, Accessibility, Recoverability, Vulnerability, Effect and Recognizability (Michaelis, 2000). The CARVER matrix is a system that is used in order to rank specific targets so that the resources that are used to attack can be efficiently used. CARVEWR matrix was actually developed in the time of World War II and is used as a simple tool to identify and eradicate targets. CARVER can be used both from the offensive as well as defensive perspective. The CARVER matrix was designed by the US security forces in order to rank the targets according to a scale in order to identify the targets which seemed most important from the point of view of the CARVER matrix and could be attacked at first. The system that is the CARVER is used to identify the targets and aid different security agencies in selecting a target and accessing their risk vulnerability. The system is used to access the risk vulnerability and help in target selection by calculating the value of a potential target and the ease with which the target can be neutralized. In other words the method is used to logically analyze the question that what one would like to do and what is possible to be achieved given the resource availability at hand. When used as part of the offensive strategy the matrix can be used to predict which target should be attacked at the first place and when used as a defensive strategy the matrix can be used to predict as to which the target that is most vulnerable is and needs additional protection. To elucidate the point the CARVER matrix can be used to identify possible areas that are most vulnerable and most strategically important assets and it is required to deploy additional security forces to protect the assets. The profiling of the risk vulnerability of a target is measured on a specific scale depending on the parameters that are motioned in the CARVER matrix. For example if one wishes to access a water sanitation process based on the matrix then it will look like the following. After analyzing the different parts of the water sanitation process through the CARVER matrix one finds that the sanitation process itself ranks highest with a score of 18. So it is the most important process and needs to be given extra protection if the matrix is being used for the defensive purpose and the target that should be attacked at the first place if the matrix is used for offensive purpose. DREAD model There are two types of model that are used to analyze risk. One is Quantitative and another is qualitative risk analysis model. In the quantitative risk analysis model the following steps are followed. First the value of the asset is accessed and assigned. The next step is to calculate the single loss expectancy by multiplying the asset value with the exposure factor EF that is expressed as a percentage. The last step is to calculate the Annualized loss expectancy by multiplying single loss expectancy (SLE) with ARO or in other words annual rate of occurrence. The method that is used to neutralize the risk should not cost more than the ALE or annualized loss expectancy. The quality risk analysis on the other hand is based on opinion. It uses rating values in order to evaluate the risk. One of the qualitative methods used to access risk is known as the DREAD model (Czagan, 2015). The dread model stands for and measures the threat to an asset in the following terms. D-Damage Potential- This is used to assess the degree to which the assets are affected R- Reproducibility- this parameter access the degree to which the attack can be reproduced E-Exploitability- What is the degree of ease with which the attack can be launched A-Affected- No. of users that is likely to be affected by the attack D- Discoverability- The degree to which the vulnerability can be easily discovered. Each threat is rated based on the above factors and the overall valuation determines the severity of the threat and is measured on a scale. References Michaelis, Dean., 2000. The Complete .50-Caliber Sniper Course: Hard-Target Interdiction. (NY: Paladin Press, 2000), 64-65. Czagan, Dawid. 2015. Qualitative Risk Analysis with the DREAD Model. accessed 2 April, 2015, http://resources.infosecinstitute.com/qualitative-risk-analysis-dread-model. Giannopoulos, Georgios. Filippini, Roberto., and Schimmer, Muriel. 2012. Risk assessment methodologies for Critical Infrastructure Protection. Part I: A state of the art. accessed 2 April, 2015, http://ec.europa.eu/home-affairs/doc_centre/terrorism/docs/RA-ver2.pdf. Cooper, David, 2015. United States Coast Guard Risk Management Overview. accessed 2 April 2015, http://www.orau.gov/DHSsummit/presentations/March17/plenary/Cooper_Mar17.pdf. United States Coast guard, 2010. Maritime Security Risk Analysis Model Overview for USCG-CREATE Maritime Risk Symposium. accessed 2 April 2015, http://create.usc.edu/Fu-Mowrer%20-%20Pres.pdf. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Risk Analysis Methods Research Paper Example | Topics and Well Written Essays - 2250 words, n.d.)
Risk Analysis Methods Research Paper Example | Topics and Well Written Essays - 2250 words. Retrieved from https://studentshare.org/information-technology/1868157-risk-analysis-methods
(Risk Analysis Methods Research Paper Example | Topics and Well Written Essays - 2250 Words)
Risk Analysis Methods Research Paper Example | Topics and Well Written Essays - 2250 Words. https://studentshare.org/information-technology/1868157-risk-analysis-methods.
“Risk Analysis Methods Research Paper Example | Topics and Well Written Essays - 2250 Words”, n.d. https://studentshare.org/information-technology/1868157-risk-analysis-methods.
  • Cited: 0 times

CHECK THESE SAMPLES OF Risk Analysis Methods

Project Management Plan

The internal factors included leadership techniques and organizational charter which was espoused for the project and the management of the funds of the project since the project was running on a limited budget and there were numerous risk factors that surrounded the project.... Running head: Project Management Plan Transformation of Presteigne town into a technology city Name: Instructor: Course: Date: Transformation of Presteigne town into a technology city Introduction Project planning and management is putting into action the acquaintances, proficiency, and techniques in a bid to diligently and effectively implement a project....
6 Pages (1500 words) Essay

Data Security and Responsibility of the User

The asset based risk assessment methodology recommended by NIST is one of the most suitable Risk Analysis Methods applicable in computer systems industries like the gaming industry (Stoneburner and Goguen et al.... Thereafter, the threats from unauthorized activities are assessed and the internal vulnerabilities are detected such that the risk exposures can be determined.... The controls are applied as an integral part of the risk mitigation strategies once all the threats and corresponding risks to assets are assessed and documented....
3 Pages (750 words) Essay

Three Methods for Determining Discount Rates

The paper "Three methods for Determining Discount Rates" highlights that the discount rate which is used in financial calculations is usually chosen to be equal to the cost of capital.... As Brealey and Myers (Robert Wilson, 1982) show it, various methods can be used, including standard WACC, Arditti-Levy, equity residual and adjusted the present value.... Historically, with certain assumptions, the consistency of these methods has been demonstrated by comparing them in pairs by Robert Wilson, 1982....
6 Pages (1500 words) Coursework

The Methodology of Risk Decreasing and Fraud Operations Avoiding with Payment Cards of International Payment Systems

Frankly speaking, you will not be able to find enough necessary information anywhere, because the methods of fraud detection are security-guarded and frequently changed.... Here we tried to observe briefly the most fundamental methods of statistical analysis, systems analysis of multiple risks and Bayes confidence net theory theory.... For fraud operations detecting and negative results avoiding we can use some methods of content analysis: variance analysis for some independent factors influence on feature under review; cluster analysis for object and their features classification; longlinear analysis for statistical testing of hypothesis about the system of simultaneous even and plural relations in features group; analysis of causes for causal relations modeling among features with the help of statistical equation systems; regression analysis for regression dependence investigation among dependent and independent features; factor analysis for getting general information about the relation structure among the features of object under consideration with concealed factors detaching; correlation analysis for dependence detecting among numerical variates, one of which also depends on many chance factors....
2 Pages (500 words) Essay

Net Present Value Evaluation

There are various methods available for appraisal of a project like Net Present Value, Pay back period and others.... There are various methods available for appraisal of a project like Net Present Value, Pay back period and others.... Here we are using NPV and payback method to analyze the project....
6 Pages (1500 words) Essay

Class student dicussions answers

I agree with Pavitar that the difference between quantitative Risk Analysis Methods and qualitative Risk Analysis Methods is with the data that are used in quantitative methods.... The scale has been determined before and, so the parameters that are considered are looked into. In the last pages, Pavitar also brings out the Question Pavitar) I agree with Pavitar that the difference between quantitative Risk Analysis Methods and qualitative Risk Analysis Methods is with the data that are used in quantitative methods....
1 Pages (250 words) Assignment

Project Risk Strategies: Monte Carlo Simulation

ualitative risk analysis is a strategy employed to address threats that may arise due to an ongoing project.... The next strategy is carrying out a qualitative analysis of the identified risks.... A quantitative analysis is part of the strategies that are used to address the threats that arise from the project.... A qualitative analysis involves prioritizing the risks by analyzing their probability and their impacts (Kloppenborg, 2012)....
6 Pages (1500 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us