Top

Published in:

2020 | OriginalPaper | Chapter

6. Risk Management

Authors : Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu

Published in: Cyber-Security in Critical Infrastructures

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This chapter embeds game theoretic techniques and models inside the ISO31000 risk management process, as a generic template for the general duty of risk control. We observe similarities between risk management processes and extensive form games, accompanied by the possibility of using game-theoretic algorithms and methods in various steps of a risk management process. Examples include decision making for risk prioritization, choice of best risk mitigation actions or optimal resource allocation for security. To this end, we discuss a variety of systematic methods for adversarial risk analysis (ARA), resilience management (in relation to risk management), level-k thinking, and the assessment of action spaces and utilities for games.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Bounded Rationality

next chapter Insurance

Aghassi M, Bertsimas D (2006) Robust game theory. Math Program 107(1–2):231–273. https://doi.org/10.1007/s10107-005-0686-0 MathSciNetMATHCrossRef

Bier VM, Cox LA (2007) Probabilistic risk analysis for engineered systems. In: Edwards W (ed) Advances in decision analysis. Cambridge University Press, Cambridge, pp 279–301CrossRef

CC Consortium (2018) Common criteria for information technology. https://www.commoncriteriaportal.org

Chauvin B, Hermand D, Mullet E (2007) Risk perception and personality facets. Risk Anal 27(1):171–185. https://doi.org/10.1111/j.1539-6924.2006.00867.x CrossRef

Clemen RT, Reilly T (2014) Making hard decisions with decision tools, 3rd rev. edn. South-Western/Cengage learning, Mason. Reilly, Terence (VerfasserIn)

Costa-Gomes MA, Crawford VP (2006) Cognition and behavior in two-person guessing games: an experimental study. Am Econ Rev 96(5):1737–1768. https://doi.org/10.1257/aer.96.5.1737 CrossRef

Crawford VP, Iriberri N (2007) Level-k auctions: can a nonequilibrium model of strategic thinking explain the winner’s curse and overbidding in private-value auctions? Econometrica 75(6):1721–1770. https://doi.org/10.1111/j.1468-0262.2007.00810.x MathSciNetMATHCrossRef

Crawford V, Gneezy U, Rottenstreich Y (2008) The power of focal points is limited: even minute payoff asymmetry may yield large coordination failures. Am Econ Rev 98(4):1443–1458CrossRef

Dohmen T, Falk A, Huffman D, Sunde U, Schupp J, Wagner GG (2011) Individual risk attitudes: measurement, determinants, and behavioral consequences. J Eur Econ Assoc 9(3):522–550. https://doi.org/10.1111/j.1542-4774.2011.01015.x CrossRef

10.

Fielder A, König S, Panaousis E, Schauer S, Rass S (2018) Risk assessment uncertainties in cybersecurity investments. Games 9(2):34. https://doi.org/10.3390/g9020034. http://www.mdpi.com/2073-4336/9/2/34/pdf

11.

Harsanyi JC (1973) Games with randomly disturbed payoffs: a new rationale for mixed-strategy equilibrium points. Int J Game Theory 2(1):1–23MathSciNetMATHCrossRef

12.

He W, Xia C, Zhang C, Ji Y, Ma X (2008) A network security risk assessment framework based on game theory. Futur Gener Commun Netw 2:249–253. https://doi.org/10.1109/FGCN.2008.166.

13.

Heal G, Kunreuther H (2005) You can only die once: interdependent security in an uncertain world. In: Richardson HW, Moore JE, Gordon P (eds) The economic impacts of terrorist attacks. Edward Elgar, Cheltenham/Northampton. https://doi.org/10.4337/9781845428150.00008

14.

HyRiM Consortium (2015) Hybrid risk management for utility providers. https://hyrim.net/. EUAFP7 Project No. 608090, project from 2015–2017

15.

Informationstechnik, B.f.S.i.d. (2008) BSI-Standard 100–2: IT-Grundschutz methodology. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-2_e_pdf.pdf?__blob=publicationFile&v=1

16.

Jajodia S, Noel S, O’Berry B (2005) Massive computing: topological analysis of network attack vulnerability. Springer, Berlin/New York

17.

Kawagoe T, Takizawa H (2009) Equilibrium refinement vs. level-k analysis: an experimental study of cheap-talk games with private information. Games Econ Behav 66(1):238–255. https://doi.org/10.1016/j.geb.2008.04.008 MathSciNetMATHCrossRef

18.

Keeney RL, Raiffa H (1976) Decisions with multiple objectives: preferences and value tradeoffs. Wiley series in probability and mathematical statistics. Wiley, New York. Raiffa, Howard (VerfasserIn)

19.

Linkov I, Palma-Oliveira JM (2017) An introduction to resilience for critical infrastructures. In: Linkov I, Palma-Oliveira JM (eds) Resilience and risk. Springer Netherlands, Dordrecht, pp 3–17. https://doi.org/10.1007/978-94-024-1123-2_1. http://link.springer.com/10.1007/978-94-024-1123-2_1

20.

Linkov I, Palma-Oliveira JM (eds) (2017) Resilience and risk: methods and application in environment, cyber and social domains. NATO science for peace and security series. Series C, environmental security. Springer, Dordrecht

21.

Münch I (2012) Wege zur Risikobewertung. In: Schartner P, Taeger J (eds) DACH security 2012. SysSec, pp 326–337

22.

Nicholson N, Soane E, Fenton-O’Creevy M, Willman P (2006) Personality and domain–specific risk taking. J Risk Res 8(2):157–176. https://doi.org/10.1080/1366987032000123856 CrossRef

23.

NIST (2018) National vulnerability database. https://nvd.nist.gov/

24.

Organisation IS (2009) ISO/IEC 31000 – risk management – principles and guidelines. http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170. Accessed 11 Apr 2016

25.

Pearl J (2005) Influence diagrams—historical and personal perspectives. Decis Anal 2(4):232–234. https://doi.org/10.1287/deca.1050.0055 CrossRef

26.

Rajbhandari L, Snekkenes EA (2011) Mapping between classical risk management and game theoretical approaches. In: Decker BD, Lapon J, Naessens V, Uhl A (eds) Communications and multimedia security: 12th IFIP TC 6/TC 11 international conference, CMS 2011, Ghent, 19–21 Oct 2011. Proceedings. Springer, Berlin/Heidelberg, pp 147–154

27.

Rass S (2017) On game-theoretic risk management (part three) – modeling and applications. arXiv:1711.00708v1 [q-fin.EC]

28.

Rass S, Schartner P (2011) Information-leakage in hybrid randomized protocols. In: Lopez J, Samarati P (eds) Proceedings of the international conference on security and cryptography (SECRYPT). SciTePress – Science and Technology Publications, pp 134–143

29.

Rass S, König S, Schauer S (2016) Decisions with uncertain consequences – a total ordering on loss-distributions. PLoS One 11(12):e0168583. https://doi.org/10.1371/journal.pone.0168583 CrossRef

30.

Rass S, Konig S, Schauer S (2017) Defending against advanced persistent threats using game-theory. PLoS One 12(1):e0168675. https://doi.org/10.1371/journal.pone.0168675 CrossRef

31.

Rass S, Alshawish A, Abid MA, Schauer S, Zhu Q, de Meer H (2017) Physical intrusion games – optimizing surveillance by simulation and game theory. IEEE Access 5:8394–8407. https://doi.org/10.1109/ACCESS.2017.2693425 CrossRef

32.

Rios Insua D, Rios J, Banks D (2009) Adversarial risk analysis. Risk Anal 104(486):841–854MathSciNetMATH

33.

Rothschild C, McLay L, Guikema S (2012) Adversarial risk analysis with incomplete information: a level-K approach. Risk Anal 32(7):1219–1231. http://doi.wiley.com/10.1111/j.1539-6924.2011.01701.x MATHCrossRef

34.

Rubio VJ, Hernández JM, Márquez MO (2012) The assessment of risk preferences as an estimation of risk propensity. In: Assailly JP (ed) Psychology of risk, psychology research progress. Nova Science Publishers, Inc, New York, pp 53–81

35.

Schauer S (2018) A risk management approach for highly interconnected networks. In: Rass S, Schauer S (eds) Game theory for security and risk management. Springer, Birkhäuser, pp 285–311CrossRef

36.

Shema M (2014) Anti-hacker tool kit, 4th edn. McGraw-Hill/Osborne, New York

37.

Skotnes R (2015) Risk perception regarding the safety and security of ICT systems in electric power supply network companies. Saf Sci Monit 19(1):1–15

38.

Sun Tzu, Giles L (2015) The art of war. OCLC: 1076737045

39.

Sun X, Dai J, Liu P, Singhal A, Yen J (2016) Towards probabilistic identification of zero-day attack paths. In: 2016 IEEE conference on communications and network security (CNS). IEEE, Piscataway, pp 64–72. https://doi.org/10.1109/CNS.2016.7860471

40.

Weber CS (2014) Determinants of risk tolerance. Int J Econ Financ Manag Sci 2(2):143. https://doi.org/10.11648/j.ijefm.20140202.15

41.

Weber EU, Blais AR, Betz NE (2002) A domain-specific risk-attitude scale: measuring risk perceptions and risk behaviors. J Behav Decis Mak 15(4):263–290. https://doi.org/10.1002/bdm.414 CrossRef

Title: Risk Management
Authors: Stefan Rass
Stefan Schauer
Sandra König
Quanyan Zhu
Publisher: Springer International Publishing
Book: Cyber-Security in Critical Infrastructures
Print ISBN: 978-3-030-46907-8

Electronic ISBN: 978-3-030-46908-5

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-46908-5_6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner