PSAM 16 - Paper Overview

PSAM 16 Conference Paper Overview

Welcome to the PSAM 16 Conference paper and speaker overview page.

Lead Author: Gregory D. Wyss

Risk-Informed Management of Enterprise Security
An oft-stated goal within the physical security community is to make security investment decisions within a risk context. For many, risk is defined in a traditional mathematical context of likelihood of occurrence (a probability or frequency) and consequence. Some will further multiply these values and aggregate them to obtain an annualized loss expectancy value for risk, as has been common in safety risk analysis. Others express security risk in terms of Threat, Vulnerability and Consequence, believing that risk can be computed by multiplying numerical values for these attributes. In all cases strong foundational issues exist in application of these numerical methods, including adversary definition, likelihood of attack (and its twin sibling “deterrence”), interdependence among the mathematical terms, adversary tactics, and the differences in adversary groups (known and unknown) with respect to their motivations, goal intensity, knowledge of the target, etc. Even where analysts have tried to be faithful in using these methods to compute “security risk”, the uncertainty bounds on the resulting estimates have often been so broad as to make it almost impossible to use statistical tools to make meaningful recommendations for security decision makers. This research takes a different approach to security risk management in that it begins with the basic assertion that one does not need to compute a numerical value for risk in order to effectively manage risk. It is consistent with a 2010 National Academies report on DOE security management in this regard. The method developed in this paper is based on the premise that potential attack scenarios represent higher security risks to the extent that they are easier for an adversary to successfully accomplish and lead to higher consequences. Security risk management then consists of identifying attack scenarios for which the combination of consequences and scenario difficulty is unacceptably high, and then identifying and implementing mitigation methods that will increase adversary difficulty, reduce expected consequences, or both.

Risk-Informed Management of Enterprise Security

An oft-stated goal within the physical security community is to make security investment decisions within a risk context. For many, risk is defined in a traditional mathematical context of likelihood of occurrence (a probability or frequency) and consequence. Some will further multiply these values and aggregate them to obtain an annualized loss expectancy value for risk, as has been common in safety risk analysis. Others express security risk in terms of Threat, Vulnerability and Consequence, believing that risk can be computed by multiplying numerical values for these attributes. In all cases strong foundational issues exist in application of these numerical methods, including adversary definition, likelihood of attack (and its twin sibling “deterrence”), interdependence among the mathematical terms, adversary tactics, and the differences in adversary groups (known and unknown) with respect to their motivations, goal intensity, knowledge of the target, etc. Even where analysts have tried to be faithful in using these methods to compute “security risk”, the uncertainty bounds on the resulting estimates have often been so broad as to make it almost impossible to use statistical tools to make meaningful recommendations for security decision makers. This research takes a different approach to security risk management in that it begins with the basic assertion that one does not need to compute a numerical value for risk in order to effectively manage risk. It is consistent with a 2010 National Academies report on DOE security management in this regard. The method developed in this paper is based on the premise that potential attack scenarios represent higher security risks to the extent that they are easier for an adversary to successfully accomplish and lead to higher consequences. Security risk management then consists of identifying attack scenarios for which the combination of consequences and scenario difficulty is unacceptably high, and then identifying and implementing mitigation methods that will increase adversary difficulty, reduce expected consequences, or both.

Paper GD286 Preview

Author and Presentation Info

Presentation only, a full paper is not available.

Lead Author Name: Gregory Wyss (gdwyss@sandia.gov)

Bio: Greg is a Distinguished Member of Technical Staff at Sandia National Laboratories, where he has worked and taught in the areas of risk, reliability and vulnerability assessment for over 30 years. He has developed methods and performed risk and vulnerability assessment studies for nuclear reactors, space vehicle launches, nuclear test facilities, telecommunications, and other high-integrity and high-consequence systems. His current responsibilities include developing security risk management methodologies for high-security nuclear facilities. His research interests include assessment of pre-attack planning, insider threats, decision support, and synergistic effects between cyber and physical security systems. Greg has a Ph.D. in Nuclear Engineering from the University of Illinois, and is a Fellow of the International Association for the Advancement of Space Safety.

Country: United States of America
Company: Sandia National Laboratories
Job Title: Distinguished Member of Technical Staff

PSAM 16 Conference Paper Overview

Welcome to the PSAM 16 Conference paper and speaker overview page.

Paper GD286 Preview

Author and Presentation Info

Download the presentation pdf file.