Browsing by Subject "Risk management"

Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    Analysis of Unmanned Aerial Vehicles Concept of Operations in ITS Applications
    (Center for Transportation Studies, 2011-03) Gebre-Egziabher, Demoz; Xing, Zhiqiang
    The work described in this report is about developing a framework for the design of concept of operations (CONOP), which use small uninhabited aerial systems (SUAS) to support of intelligent transportation system (ITS) application of highway and transportation infrastructure monitoring. In these envisioned applications, these vehicles will be used for tasks such as remote collection of traffic data or inspection of roads and bridges. As such, a risk that has to be managed for these applications is that of vehicle-infrastructure collision. Various solutions to ensure safe separation between the unmanned aerial vehicle (UAV) and the object being inspected have been proposed. However, most, if not all, of these solutions rely on a multi-sensor approach, which combines digital maps of the infrastructure being inspected with an integrated GPS/Inertial navigator. While "turn key" solutions for such multi-sensor systems exist, the performance specifications provided by their manufactures does not provide sufficient information to allow precisely quantifying or bounding the collision risk. Furthermore, size, weight and power (or SWAP) constraints posed by these small aerial vehicles limits the use of redundant hardware and/or software as a risk mitigation strategy. The purpose of the work reported here was to develop a framework for the design of CONOPs, which take these SUAS limitations into account. The method outlined shows, in part, how these vehicle/infrastructure collision risks can be estimated or conservatively bounded.
  • Thumbnail Image
    Item
    Improving information security risk management.
    (2009-12) Singh, Anand
    Optimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical sub-processes within risk management and are used to generate data that drive organizational decisions to accomplish this objective. However, despite this need, current approaches lack granular guidance on some key steps and have focused on qualitative data rather than quantitative data which reduces the value of the results for the decision makers. Through our research, we have identified the gaps in existing risk management methodologies. We have developed statistical design of experiments and requirements engineering based approaches to address these gaps. In addition, our quantitative models lead to a better alignment with business objectives by providing data to address the economics of making security decisions. Towards these ends, the work proposed here comprises of the following key components: (a) Improving risk assessment methodology through statistical models for control subsetting, configuration determination and judging the impact of security enhancements. (b) Developing approaches for dynamic configuration adjustment in response to changing security posture of an enterprise. (c) Managing the information risk introduced by vendors of an enterprise (d) Using requirements engineering to develop criteria and methodology for governance, risk management and compliance (GRC) which are used to drive risk considerations across the enterprise. Our research makes extensive use of statistical models; specifically, we are using Plackett-Burman statistical design of experiments technique for prioritizing security controls. Once prioritized controls have been determined, we propose the usage of control sensors to dynamically recommend security configuration adjustment. We also intend to use requirements engineering to develop process frameworks for managing security risks introduced by the vendors of an enterprise as well as for GRC management.
  • Thumbnail Image
    Item
    Oral history interview with Lance Hoffman by Rebecca Slayton
    (Charles Babbage Institute, 2014-07-01) Hoffman, Lance
    This interview with security pioneer Lance Hoffman discusses his entrance into the field of computer security and privacy—including earning a B.S. in math at the Carnegie Institute of Technology, interning at SDC, and earning a PhD at Stanford University—before turning to his research on computer security risk management at as a Professor at the University of California–Berkeley and George Washington University. He also discusses the relationship between his PhD research on access control models and the political climate of the late 1960s, and entrepreneurial activities ranging from the creation of a computerized dating service to the starting of a company based upon the development of a decision support tool, RiskCalc. Hoffman also discusses his work with the Association for Computing Machinery and IEEE Computer Society, including his role in helping to institutionalize the ACM Conference on Computers, Freedom, and Privacy. The interview concludes with some reflections on the current state of the field of cybersecurity and the work of his graduate students. This interview is part of a project conducted by Rebecca Slayton and funded by an ACM History Committee fellowship on “Measuring Security: ACM and the History of Computer Security Metrics.”
  • Thumbnail Image
    Item
    Producer Attitudes and Farm Management Education
    (2011) Holcomb, Charles R (Rob); Hyman, Randy; Ryan, Cindy
    The results of this study indicated that education level does not influence net farm income per operator. However, the education level of the farm operator spouse did have an impact on net farm income per operator. Regarding the level of importance the farm operator places on participation in agricultural risk management programs and the level of importance the farm operator places on the financial management of the operation with respect to net farm income were both inconclusive. While several survey components tied to those research questions did have a positive impact on net farm income, the results for both of these research questions was inconclusive. The most revealing part of the study showed that farm managers valued the educational components of this study that were tied directly to the farm management instructor much more than those educational components that were not tied directly to the farm management instructor.