SlideShare a Scribd company logo

Boomtime: Risk as Economics (Allison Miller, SiRAcon15)

Allison Miller
Allison Miller

When we talk about Risk, and Information Risk as it applies to InfoSec specifically, we often focus on issues of statistics: data, measurement, and our favorite friend: uncertainty. In this talk we’ll look at models and concepts from economics that can augment our thinking, as we move from positive (i.e. primarily descriptive, “how things are”) to normative (i.e. driving policy , “how things should be”) research within the world of risk.

Technology
1 of 19
Download to read offline
Allison Miller allison@societyinforisk.org @selenakyle
THEMES OF SECURITY ECONOMICS Security ROI Cybercrime supply chains Market for Lemons Make it more expensive for the attacker Tragedy of the Commons Risk Tolerance Exploit/Vuln markets Behavioral Economics / Gamification #BO O M TI M E #RI S K @S E L E N A K Y L E
MICROECONOMICS Model for estimating consumption given individual preferences, under a budget constraint •  Utility maximization •  Preferences: Consumption mix •  Good A vs Good B •  Labor vs leisure •  Budget constraint #BO O M TI M E #RI S K @S E L E N A K Y L E
THE CONSUMER MODEL: EXPANDED Extensible from micro into macro •  Extensible to firms Ø  Estimate production given profits under cost/demand/price constraints •  Extensible to competition for resources (consumers, firms) Ø  Roots of game theory •  Extensible to markets Ø  Aggregation across many to many (markets for goods, money, labor) •  Extensible to public sector Ø  Government spend (fiscal) & policy (monetary) •  Extensible to economies #BO O M TI M E #RI S K @S E L E N A K Y L E
THE LANGUAGE OF RISK Some optimization functions assume *certainty* •  e.g. preferences, costs But making decisions under uncertainty is core to: •  Competition •  Investment •  Reality #BO O M TI M E #RI S K @S E L E N A K Y L E
RISK AVERSION Concept where theory meets behavior •  Expected value vs expected variance •  Probability gives you both, we tend to focus on E(x) •  Risk aversion is a condition that relies on V(x) #BO O M TI M E #RI S K @S E L E N A K Y L E
AN EXAMPLE You have $20k, but a 50/50 chance of losing $10k •  Expected value? •  $15k (i.e. .5($20k)+.5($10k)) Insurance costing $5k will cover full loss. Should you buy it or not? •  Expected value w/insurance? •  $15k (for sure) •  Expected value w/o insurance •  $15k (but as EITHER $10k or $20k) The risk averse individual will opt for the same expected value with less uncertainty (less risk) §  People seek utility maximization, not payoffs §  Risk, i.e. uncertainty, reduces overall utility (wealth) #BO O M TI M E #RI S K @S E L E N A K Y L E
AN EXAMPLE…CONTINUED You have $20k, but a 50/50 chance of losing $10k •  Expected value = $15k You are offered partial insurance costing $2.5k will cover half of the loss ($5k). @ No Loss: $17.5k ($20k – 2.5k) @ Loss: $12.5k ($20k – 2.5k – 10k – 5k) •  Expected value = •  $15k (but as EITHER $17.5k or $12.5k) Risk, i.e. uncertainty, is reduced but there is still a $5k variance #BO O M TI M E #RI S K @S E L E N A K Y L E
WHAT THIS LOOKS LIKE Utility Wealth E(V) U(total) U(partial) U(no insurance) 12.5 17.515 #BO O M TI M E #RI S K @S E L E N A K Y L E
HOW TO WIN AT RISK Win or lose? •  Game theory approach: maximize payoff …Tends to gravitate towards expected value •  The “defender’s dilemma” assumes a risk intolerant system manager …Lower expected loss. Ok, sounds like expected value. •  Optimal investments manage to value and variance …Build systems with better risk capacity …Portfolio theory, not just point performance Boom or bust maybe a better analogy? #BO O M TI M E #RI S K @S E L E N A K Y L E
WINNING AT ECONOMICS BOOM! #BO O M TI M E #RI S K @S E L E N A K Y L E
A BIT ABOUT ECONOMICS Speaking of econ #BO O M TI M E #RI S K @S E L E N A K Y L E
META ON MACRO Early 20th century: Ø  Panics! Chaos! Depression! 30’s-50’s: Data Ø  Gather, Count & Measure 50’s-70’s: Models Ø  Keynesians Rule! 70’s - now: Modern Macro Ø  RBC vs New Keynesians Given that the structure of an econometric model consists of optimal decision rules of economic agents, and that optimal decision rules vary systematically with changes in the structure of series relevant to the decision maker, it follows that any change in policy will systematically alter the structure of econometric models. −Lucas' Critique (1976) #BO O M TI M E #RI S K @S E L E N A K Y L E
SUPERMODELS Lucas Critique The α coefficients in Keynesian macroeconometric frameworks should be thought of as depending on government policy directly. Source: Modern Macroeconomics, Sanjay Chugh http://skchugh.com/teachingmanuscript.html #BO O M TI M E #RI S K @S E L E N A K Y L E
POSITIVE VS NORMATIVE ECONOMICS Positive Normative What it is What it should be Descriptions Recommendations #BO O M TI M E #RI S K @S E L E N A K Y L E
CURRENCY OF RISK Preferences Utility Money Returns Competition Tolerances Uncertainty Data Returns Adversaries #BO O M TI M E #RI S K @S E L E N A K Y L E
BOOMTIME Preferences Utility Money Returns Competition Tolerances Uncertainty Data Returns Adversaries Policy Analysis Graph Theory Dynamic Threat Models Cyberinsurance Security Econometrics Classification Inferior Goods Security “CPI” Incentive Design Coalitional Game Theory #BO O M TI M E #RI S K @S E L E N A K Y L E
HOW TO WIN [RISK] FRIENDS & INFLUENCE [INVESTMENT] PEOPLE BoomTime •  Consider framing our goals as “booming” vs “winning” All about that base… variance •  Bring your E(x) AND V(x) game Positive vs Normative Risk •  Your model’s in my policy… your policy’s in my model #BO O M TI M E #RI S K @S E L E N A K Y L E
#BO O M TI M E #RI S K @S E L E N A K Y L E

Recommended

Something Wicked
Something WickedSomething Wicked
Something WickedAllison Miller
 
When Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsWhen Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsAllison Miller
 
Practical AI workshop, AWS pop-up loft SF, June 20 2017 --- Data design & eco...
Practical AI workshop, AWS pop-up loft SF, June 20 2017 --- Data design & eco...Practical AI workshop, AWS pop-up loft SF, June 20 2017 --- Data design & eco...
Practical AI workshop, AWS pop-up loft SF, June 20 2017 --- Data design & eco...Twain Liu 刘秋艳
 
Algorithmic fairness
Algorithmic fairnessAlgorithmic fairness
Algorithmic fairnessAlexey Grigorev
 
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...Allison Miller
 
2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & Disincentives2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & DisincentivesAllison Miller
 
2011.04 How to Isotope Tag a Ghost
2011.04 How to Isotope Tag a Ghost2011.04 How to Isotope Tag a Ghost
2011.04 How to Isotope Tag a GhostAllison Miller
 
2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos Monkeys2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos MonkeysAllison Miller
 

Recommended

Something Wicked
Something WickedSomething Wicked
Something WickedAllison Miller
 
When Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsWhen Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsAllison Miller
 
Practical AI workshop, AWS pop-up loft SF, June 20 2017 --- Data design & eco...
Practical AI workshop, AWS pop-up loft SF, June 20 2017 --- Data design & eco...Practical AI workshop, AWS pop-up loft SF, June 20 2017 --- Data design & eco...
Practical AI workshop, AWS pop-up loft SF, June 20 2017 --- Data design & eco...Twain Liu 刘秋艳
 
Algorithmic fairness
Algorithmic fairnessAlgorithmic fairness
Algorithmic fairnessAlexey Grigorev
 
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...Allison Miller
 
2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & Disincentives2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & DisincentivesAllison Miller
 
2011.04 How to Isotope Tag a Ghost
2011.04 How to Isotope Tag a Ghost2011.04 How to Isotope Tag a Ghost
2011.04 How to Isotope Tag a GhostAllison Miller
 
2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos Monkeys2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos MonkeysAllison Miller
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers2013.10 Operating * by the Numbers
2013.10 Operating * by the NumbersAllison Miller
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)Allison Miller
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec AvengersTripwire
 
I am tired of lazy sadness
I am tired of lazy sadnessI am tired of lazy sadness
I am tired of lazy sadnessDakota Dragon
 
Research Graph: Connecting Identifiers across Research Data Infrastructures
Research Graph: Connecting Identifiers across Research Data InfrastructuresResearch Graph: Connecting Identifiers across Research Data Infrastructures
Research Graph: Connecting Identifiers across Research Data Infrastructuresamiraryani
 
SAVE THE FROGS! Presentation in Belo Horizonte, Brazil
SAVE THE FROGS! Presentation in Belo Horizonte, BrazilSAVE THE FROGS! Presentation in Belo Horizonte, Brazil
SAVE THE FROGS! Presentation in Belo Horizonte, BrazilSAVE THE FROGS!
 
2017 Why invest in Momentum as a Factor ?
2017 Why invest in Momentum as a Factor ?2017 Why invest in Momentum as a Factor ?
2017 Why invest in Momentum as a Factor ?Frederic Jamet
 
Manažeři a stres na pracovišti
Manažeři a stres na pracovištiManažeři a stres na pracovišti
Manažeři a stres na pracovištiPeter Ulcin
 
Zakonski okvir in raziskave
Zakonski okvir in raziskaveZakonski okvir in raziskave
Zakonski okvir in raziskaveEuropean Nuclear Education Network Association
 
Ley organica
Ley organicaLey organica
Ley organicaSheckethow Arishissha
 
Introdução ao Git - fs2w - GrupySP
Introdução ao Git - fs2w - GrupySPIntrodução ao Git - fs2w - GrupySP
Introdução ao Git - fs2w - GrupySPSamuel Sampaio
 
A Quick Guide to Credit Considerations in Real Estate Lending
A Quick Guide to Credit Considerations in Real Estate LendingA Quick Guide to Credit Considerations in Real Estate Lending
A Quick Guide to Credit Considerations in Real Estate LendingColleen Beck-Domanico
 
Cognitive Bias in Risk-Reward Analysis
Cognitive Bias in Risk-Reward AnalysisCognitive Bias in Risk-Reward Analysis
Cognitive Bias in Risk-Reward AnalysisDamon Levine, CFA, ARM, CRCMP, Open FAIR
 
Energy, Externalities & ClimateEmissions &
Energy, Externalities & ClimateEmissions &Energy, Externalities & ClimateEmissions &
Energy, Externalities & ClimateEmissions &cullenrjzsme
 
Chapter One Powerpoint
Chapter One PowerpointChapter One Powerpoint
Chapter One PowerpointMrRed
 
Heuristics, Networks and Trust - Moving Away from Standard Economics
Heuristics, Networks and Trust - Moving Away from Standard EconomicsHeuristics, Networks and Trust - Moving Away from Standard Economics
Heuristics, Networks and Trust - Moving Away from Standard Economicstutor2u
 
princ-ch27-presentation.ppt
princ-ch27-presentation.pptprinc-ch27-presentation.ppt
princ-ch27-presentation.pptchsami14
 
The basic tool of finance
The basic tool of finance The basic tool of finance
The basic tool of finance Hafizsamiullah1791
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Introduction To Economics
Introduction To EconomicsIntroduction To Economics
Introduction To EconomicsAbuhorayara Fahad
 
Ap macroeconomics review slides
Ap macroeconomics review slidesAp macroeconomics review slides
Ap macroeconomics review slidesStephen Staunton
 

More Related Content

Viewers also liked

I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers2013.10 Operating * by the Numbers
2013.10 Operating * by the NumbersAllison Miller
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)Allison Miller
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec AvengersTripwire
 
I am tired of lazy sadness
I am tired of lazy sadnessI am tired of lazy sadness
I am tired of lazy sadnessDakota Dragon
 
Research Graph: Connecting Identifiers across Research Data Infrastructures
Research Graph: Connecting Identifiers across Research Data InfrastructuresResearch Graph: Connecting Identifiers across Research Data Infrastructures
Research Graph: Connecting Identifiers across Research Data Infrastructuresamiraryani
 
SAVE THE FROGS! Presentation in Belo Horizonte, Brazil
SAVE THE FROGS! Presentation in Belo Horizonte, BrazilSAVE THE FROGS! Presentation in Belo Horizonte, Brazil
SAVE THE FROGS! Presentation in Belo Horizonte, BrazilSAVE THE FROGS!
 
2017 Why invest in Momentum as a Factor ?
2017 Why invest in Momentum as a Factor ?2017 Why invest in Momentum as a Factor ?
2017 Why invest in Momentum as a Factor ?Frederic Jamet
 
Manažeři a stres na pracovišti
Manažeři a stres na pracovištiManažeři a stres na pracovišti
Manažeři a stres na pracovištiPeter Ulcin
 
Introdução ao Git - fs2w - GrupySP
Introdução ao Git - fs2w - GrupySPIntrodução ao Git - fs2w - GrupySP
Introdução ao Git - fs2w - GrupySPSamuel Sampaio
 
A Quick Guide to Credit Considerations in Real Estate Lending
A Quick Guide to Credit Considerations in Real Estate LendingA Quick Guide to Credit Considerations in Real Estate Lending
A Quick Guide to Credit Considerations in Real Estate LendingColleen Beck-Domanico
 

Viewers also liked (13)

I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * Internet
 
2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec Avengers
 
I am tired of lazy sadness
I am tired of lazy sadnessI am tired of lazy sadness
I am tired of lazy sadness
 
Research Graph: Connecting Identifiers across Research Data Infrastructures
Research Graph: Connecting Identifiers across Research Data InfrastructuresResearch Graph: Connecting Identifiers across Research Data Infrastructures
Research Graph: Connecting Identifiers across Research Data Infrastructures
 
SAVE THE FROGS! Presentation in Belo Horizonte, Brazil
SAVE THE FROGS! Presentation in Belo Horizonte, BrazilSAVE THE FROGS! Presentation in Belo Horizonte, Brazil
SAVE THE FROGS! Presentation in Belo Horizonte, Brazil
 
2017 Why invest in Momentum as a Factor ?
2017 Why invest in Momentum as a Factor ?2017 Why invest in Momentum as a Factor ?
2017 Why invest in Momentum as a Factor ?
 
Manažeři a stres na pracovišti
Manažeři a stres na pracovištiManažeři a stres na pracovišti
Manažeři a stres na pracovišti
 
Zakonski okvir in raziskave
Zakonski okvir in raziskaveZakonski okvir in raziskave
Zakonski okvir in raziskave
 
Ley organica
Ley organicaLey organica
Ley organica
 
Introdução ao Git - fs2w - GrupySP
Introdução ao Git - fs2w - GrupySPIntrodução ao Git - fs2w - GrupySP
Introdução ao Git - fs2w - GrupySP
 
A Quick Guide to Credit Considerations in Real Estate Lending
A Quick Guide to Credit Considerations in Real Estate LendingA Quick Guide to Credit Considerations in Real Estate Lending
A Quick Guide to Credit Considerations in Real Estate Lending
 

Similar to Boomtime: Risk as Economics (Allison Miller, SiRAcon15)

Energy, Externalities & ClimateEmissions &
Energy, Externalities & ClimateEmissions &Energy, Externalities & ClimateEmissions &
Energy, Externalities & ClimateEmissions &cullenrjzsme
 
Chapter One Powerpoint
Chapter One PowerpointChapter One Powerpoint
Chapter One PowerpointMrRed
 
Heuristics, Networks and Trust - Moving Away from Standard Economics
Heuristics, Networks and Trust - Moving Away from Standard EconomicsHeuristics, Networks and Trust - Moving Away from Standard Economics
Heuristics, Networks and Trust - Moving Away from Standard Economicstutor2u
 
princ-ch27-presentation.ppt
princ-ch27-presentation.pptprinc-ch27-presentation.ppt
princ-ch27-presentation.pptchsami14
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Ap macroeconomics review slides
Ap macroeconomics review slidesAp macroeconomics review slides
Ap macroeconomics review slidesStephen Staunton
 
Economics-The Study of Choice
Economics-The Study of ChoiceEconomics-The Study of Choice
Economics-The Study of ChoiceLumen Learning
 
Economics-the Study of Choice
Economics-the Study of ChoiceEconomics-the Study of Choice
Economics-the Study of ChoiceLumen Learning
 
Storyfying your Data: How to go from Data to Insights to Stories
Storyfying your Data: How to go from Data to Insights to StoriesStoryfying your Data: How to go from Data to Insights to Stories
Storyfying your Data: How to go from Data to Insights to StoriesGramener
 
Chapter One Notes
Chapter One NotesChapter One Notes
Chapter One NotesMrRedAHS
 
Consumer Lead Change: How to Stay Relevant and Build Success By Duane Forrester
Consumer Lead Change: How to Stay Relevant and Build Success By Duane ForresterConsumer Lead Change: How to Stay Relevant and Build Success By Duane Forrester
Consumer Lead Change: How to Stay Relevant and Build Success By Duane ForresterSearch Marketing Expo - SMX
 
Superficial data analysis
Superficial data analysisSuperficial data analysis
Superficial data analysisBao Nguyen
 
Psychological determinants of human judgment & decision making
Psychological determinants of human judgment & decision makingPsychological determinants of human judgment & decision making
Psychological determinants of human judgment & decision makingReading Room
 
DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSOAlexander Hutton
 

Similar to Boomtime: Risk as Economics (Allison Miller, SiRAcon15) (20)

Cognitive Bias in Risk-Reward Analysis
Cognitive Bias in Risk-Reward AnalysisCognitive Bias in Risk-Reward Analysis
Cognitive Bias in Risk-Reward Analysis
 
Energy, Externalities & ClimateEmissions &
Energy, Externalities & ClimateEmissions &Energy, Externalities & ClimateEmissions &
Energy, Externalities & ClimateEmissions &
 
Chapter One Powerpoint
Chapter One PowerpointChapter One Powerpoint
Chapter One Powerpoint
 
Heuristics, Networks and Trust - Moving Away from Standard Economics
Heuristics, Networks and Trust - Moving Away from Standard EconomicsHeuristics, Networks and Trust - Moving Away from Standard Economics
Heuristics, Networks and Trust - Moving Away from Standard Economics
 
princ-ch27-presentation.ppt
princ-ch27-presentation.pptprinc-ch27-presentation.ppt
princ-ch27-presentation.ppt
 
The basic tool of finance
The basic tool of finance The basic tool of finance
The basic tool of finance
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Introduction To Economics
Introduction To EconomicsIntroduction To Economics
Introduction To Economics
 
Ap macroeconomics review slides
Ap macroeconomics review slidesAp macroeconomics review slides
Ap macroeconomics review slides
 
Economics-The Study of Choice
Economics-The Study of ChoiceEconomics-The Study of Choice
Economics-The Study of Choice
 
Economics-the Study of Choice
Economics-the Study of ChoiceEconomics-the Study of Choice
Economics-the Study of Choice
 
Miller 14e 447476_01
Miller 14e 447476_01Miller 14e 447476_01
Miller 14e 447476_01
 
Miller 14e 447476_01
Miller 14e 447476_01Miller 14e 447476_01
Miller 14e 447476_01
 
Storyfying your Data: How to go from Data to Insights to Stories
Storyfying your Data: How to go from Data to Insights to StoriesStoryfying your Data: How to go from Data to Insights to Stories
Storyfying your Data: How to go from Data to Insights to Stories
 
Chapter One Notes
Chapter One NotesChapter One Notes
Chapter One Notes
 
Consumer Lead Change: How to Stay Relevant and Build Success By Duane Forrester
Consumer Lead Change: How to Stay Relevant and Build Success By Duane ForresterConsumer Lead Change: How to Stay Relevant and Build Success By Duane Forrester
Consumer Lead Change: How to Stay Relevant and Build Success By Duane Forrester
 
Superficial data analysis
Superficial data analysisSuperficial data analysis
Superficial data analysis
 
Psychological determinants of human judgment & decision making
Psychological determinants of human judgment & decision makingPsychological determinants of human judgment & decision making
Psychological determinants of human judgment & decision making
 
DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSO
 
Macro
MacroMacro
Macro
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Boomtime: Risk as Economics (Allison Miller, SiRAcon15)

  • 2. THEMES OF SECURITY ECONOMICS Security ROI Cybercrime supply chains Market for Lemons Make it more expensive for the attacker Tragedy of the Commons Risk Tolerance Exploit/Vuln markets Behavioral Economics / Gamification #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 3. MICROECONOMICS Model for estimating consumption given individual preferences, under a budget constraint •  Utility maximization •  Preferences: Consumption mix •  Good A vs Good B •  Labor vs leisure •  Budget constraint #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 4. THE CONSUMER MODEL: EXPANDED Extensible from micro into macro •  Extensible to firms Ø  Estimate production given profits under cost/demand/price constraints •  Extensible to competition for resources (consumers, firms) Ø  Roots of game theory •  Extensible to markets Ø  Aggregation across many to many (markets for goods, money, labor) •  Extensible to public sector Ø  Government spend (fiscal) & policy (monetary) •  Extensible to economies #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 5. THE LANGUAGE OF RISK Some optimization functions assume *certainty* •  e.g. preferences, costs But making decisions under uncertainty is core to: •  Competition •  Investment •  Reality #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 6. RISK AVERSION Concept where theory meets behavior •  Expected value vs expected variance •  Probability gives you both, we tend to focus on E(x) •  Risk aversion is a condition that relies on V(x) #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 7. AN EXAMPLE You have $20k, but a 50/50 chance of losing $10k •  Expected value? •  $15k (i.e. .5($20k)+.5($10k)) Insurance costing $5k will cover full loss. Should you buy it or not? •  Expected value w/insurance? •  $15k (for sure) •  Expected value w/o insurance •  $15k (but as EITHER $10k or $20k) The risk averse individual will opt for the same expected value with less uncertainty (less risk) §  People seek utility maximization, not payoffs §  Risk, i.e. uncertainty, reduces overall utility (wealth) #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 8. AN EXAMPLE…CONTINUED You have $20k, but a 50/50 chance of losing $10k •  Expected value = $15k You are offered partial insurance costing $2.5k will cover half of the loss ($5k). @ No Loss: $17.5k ($20k – 2.5k) @ Loss: $12.5k ($20k – 2.5k – 10k – 5k) •  Expected value = •  $15k (but as EITHER $17.5k or $12.5k) Risk, i.e. uncertainty, is reduced but there is still a $5k variance #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 9. WHAT THIS LOOKS LIKE Utility Wealth E(V) U(total) U(partial) U(no insurance) 12.5 17.515 #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 10. HOW TO WIN AT RISK Win or lose? •  Game theory approach: maximize payoff …Tends to gravitate towards expected value •  The “defender’s dilemma” assumes a risk intolerant system manager …Lower expected loss. Ok, sounds like expected value. •  Optimal investments manage to value and variance …Build systems with better risk capacity …Portfolio theory, not just point performance Boom or bust maybe a better analogy? #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 11. WINNING AT ECONOMICS BOOM! #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 12. A BIT ABOUT ECONOMICS Speaking of econ #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 13. META ON MACRO Early 20th century: Ø  Panics! Chaos! Depression! 30’s-50’s: Data Ø  Gather, Count & Measure 50’s-70’s: Models Ø  Keynesians Rule! 70’s - now: Modern Macro Ø  RBC vs New Keynesians Given that the structure of an econometric model consists of optimal decision rules of economic agents, and that optimal decision rules vary systematically with changes in the structure of series relevant to the decision maker, it follows that any change in policy will systematically alter the structure of econometric models. −Lucas' Critique (1976) #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 14. SUPERMODELS Lucas Critique The α coefficients in Keynesian macroeconometric frameworks should be thought of as depending on government policy directly. Source: Modern Macroeconomics, Sanjay Chugh http://skchugh.com/teachingmanuscript.html #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 15. POSITIVE VS NORMATIVE ECONOMICS Positive Normative What it is What it should be Descriptions Recommendations #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 17. BOOMTIME Preferences Utility Money Returns Competition Tolerances Uncertainty Data Returns Adversaries Policy Analysis Graph Theory Dynamic Threat Models Cyberinsurance Security Econometrics Classification Inferior Goods Security “CPI” Incentive Design Coalitional Game Theory #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 18. HOW TO WIN [RISK] FRIENDS & INFLUENCE [INVESTMENT] PEOPLE BoomTime •  Consider framing our goals as “booming” vs “winning” All about that base… variance •  Bring your E(x) AND V(x) game Positive vs Normative Risk •  Your model’s in my policy… your policy’s in my model #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 19. #BO O M TI M E #RI S K @S E L E N A K Y L E