SlideShare a Scribd company logo
1 of 19
Download to read offline
Allison Miller
allison@societyinforisk.org
@selenakyle
THEMES OF SECURITY ECONOMICS
Security ROI
Cybercrime supply chains
Market for Lemons
Make it more expensive for the
attacker
Tragedy of the Commons
Risk Tolerance
Exploit/Vuln markets
Behavioral Economics / Gamification
#BO O M TI M E #RI S K @S E L E N A K Y L E
MICROECONOMICS
Model for estimating consumption given individual
preferences, under a budget constraint
•  Utility maximization
•  Preferences: Consumption mix
•  Good A vs Good B
•  Labor vs leisure
•  Budget constraint
#BO O M TI M E #RI S K @S E L E N A K Y L E
THE CONSUMER MODEL: EXPANDED
Extensible from micro into macro
•  Extensible to firms
Ø  Estimate production given profits under cost/demand/price constraints
•  Extensible to competition for resources (consumers, firms)
Ø  Roots of game theory
•  Extensible to markets
Ø  Aggregation across many to many (markets for goods, money, labor)
•  Extensible to public sector
Ø  Government spend (fiscal) & policy (monetary)
•  Extensible to economies
#BO O M TI M E #RI S K @S E L E N A K Y L E
THE LANGUAGE OF RISK
Some optimization functions
assume *certainty*
•  e.g. preferences, costs
But making decisions under
uncertainty is core to:
•  Competition
•  Investment
•  Reality
#BO O M TI M E #RI S K @S E L E N A K Y L E
RISK AVERSION
Concept where theory meets behavior
•  Expected value vs expected variance
•  Probability gives you both, we tend to focus on E(x)
•  Risk aversion is a condition that relies on V(x)
#BO O M TI M E #RI S K @S E L E N A K Y L E
AN EXAMPLE
You have $20k, but a 50/50 chance of losing $10k
•  Expected value?
•  $15k (i.e. .5($20k)+.5($10k))
Insurance costing $5k will cover full loss. Should you buy it or not?
•  Expected value w/insurance?
•  $15k (for sure)
•  Expected value w/o insurance
•  $15k (but as EITHER $10k or $20k)
The risk averse individual will opt for the same expected value with less
uncertainty (less risk)
§  People seek utility maximization, not payoffs
§  Risk, i.e. uncertainty, reduces overall utility (wealth)
#BO O M TI M E #RI S K @S E L E N A K Y L E
AN EXAMPLE…CONTINUED
You have $20k, but a 50/50 chance of losing $10k
•  Expected value = $15k
You are offered partial insurance costing $2.5k will cover half
of the loss ($5k).
@ No Loss: $17.5k ($20k – 2.5k)
@ Loss: $12.5k ($20k – 2.5k – 10k – 5k)
•  Expected value =
•  $15k (but as EITHER $17.5k or $12.5k)
Risk, i.e. uncertainty, is reduced but there is still a $5k
variance
#BO O M TI M E #RI S K @S E L E N A K Y L E
WHAT THIS LOOKS LIKE
Utility
Wealth
E(V)
U(total)
U(partial)
U(no insurance)
12.5 17.515
#BO O M TI M E #RI S K @S E L E N A K Y L E
HOW TO WIN AT RISK
Win or lose?
•  Game theory approach: maximize payoff
…Tends to gravitate towards expected value
•  The “defender’s dilemma” assumes a risk intolerant
system manager
…Lower expected loss. Ok, sounds like expected value.
•  Optimal investments manage to value and variance
…Build systems with better risk capacity
…Portfolio theory, not just point performance
Boom or bust maybe a better analogy?
#BO O M TI M E #RI S K @S E L E N A K Y L E
WINNING AT ECONOMICS
BOOM!
#BO O M TI M E #RI S K @S E L E N A K Y L E
A BIT ABOUT ECONOMICS
Speaking of econ
#BO O M TI M E #RI S K @S E L E N A K Y L E
META ON MACRO
Early 20th century:
Ø  Panics! Chaos!
Depression!
30’s-50’s: Data
Ø  Gather, Count & Measure
50’s-70’s: Models
Ø  Keynesians Rule!
70’s - now: Modern Macro
Ø  RBC vs New Keynesians
Given that the structure of an econometric model
consists of optimal decision rules of economic agents,
and that optimal decision rules vary systematically
with changes in the structure of series relevant to the
decision maker, it follows that any change in policy will
systematically alter the structure of econometric
models. −Lucas' Critique (1976)
#BO O M TI M E #RI S K @S E L E N A K Y L E
SUPERMODELS
Lucas Critique
The α coefficients in Keynesian macroeconometric frameworks should be
thought of as depending on government policy directly.
Source: Modern Macroeconomics, Sanjay Chugh
http://skchugh.com/teachingmanuscript.html
#BO O M TI M E #RI S K @S E L E N A K Y L E
POSITIVE VS NORMATIVE ECONOMICS
Positive Normative
What it
is
What it
should be
Descriptions Recommendations
#BO O M TI M E #RI S K @S E L E N A K Y L E
CURRENCY OF RISK
Preferences
Utility
Money
Returns
Competition
Tolerances
Uncertainty
Data
Returns
Adversaries
#BO O M TI M E #RI S K @S E L E N A K Y L E
BOOMTIME
Preferences
Utility
Money
Returns
Competition
Tolerances
Uncertainty
Data
Returns
Adversaries
Policy Analysis
Graph Theory
Dynamic Threat Models
Cyberinsurance
Security Econometrics
Classification
Inferior Goods
Security “CPI”
Incentive Design
Coalitional Game Theory
#BO O M TI M E #RI S K @S E L E N A K Y L E
HOW TO WIN [RISK] FRIENDS & INFLUENCE [INVESTMENT] PEOPLE
BoomTime
•  Consider framing our goals
as “booming” vs “winning”
All about that base…
variance
•  Bring your E(x) AND V(x)
game
Positive vs Normative Risk
•  Your model’s in my policy…
your policy’s in my model
#BO O M TI M E #RI S K @S E L E N A K Y L E
#BO O M TI M E #RI S K @S E L E N A K Y L E

More Related Content

Viewers also liked

I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers2013.10 Operating * by the Numbers
2013.10 Operating * by the NumbersAllison Miller
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)Allison Miller
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec AvengersTripwire
 
I am tired of lazy sadness
I am tired of lazy sadnessI am tired of lazy sadness
I am tired of lazy sadnessDakota Dragon
 
Research Graph: Connecting Identifiers across Research Data Infrastructures
Research Graph: Connecting Identifiers across Research Data InfrastructuresResearch Graph: Connecting Identifiers across Research Data Infrastructures
Research Graph: Connecting Identifiers across Research Data Infrastructuresamiraryani
 
SAVE THE FROGS! Presentation in Belo Horizonte, Brazil
SAVE THE FROGS! Presentation in Belo Horizonte, BrazilSAVE THE FROGS! Presentation in Belo Horizonte, Brazil
SAVE THE FROGS! Presentation in Belo Horizonte, BrazilSAVE THE FROGS!
 
2017 Why invest in Momentum as a Factor ?
2017 Why invest in Momentum as a Factor ?2017 Why invest in Momentum as a Factor ?
2017 Why invest in Momentum as a Factor ?Frederic Jamet
 
Manažeři a stres na pracovišti
Manažeři a stres na pracovištiManažeři a stres na pracovišti
Manažeři a stres na pracovištiPeter Ulcin
 
Introdução ao Git - fs2w - GrupySP
Introdução ao Git - fs2w - GrupySPIntrodução ao Git - fs2w - GrupySP
Introdução ao Git - fs2w - GrupySPSamuel Sampaio
 
A Quick Guide to Credit Considerations in Real Estate Lending
A Quick Guide to Credit Considerations in Real Estate LendingA Quick Guide to Credit Considerations in Real Estate Lending
A Quick Guide to Credit Considerations in Real Estate LendingColleen Beck-Domanico
 

Viewers also liked (13)

I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * Internet
 
2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec Avengers
 
I am tired of lazy sadness
I am tired of lazy sadnessI am tired of lazy sadness
I am tired of lazy sadness
 
Research Graph: Connecting Identifiers across Research Data Infrastructures
Research Graph: Connecting Identifiers across Research Data InfrastructuresResearch Graph: Connecting Identifiers across Research Data Infrastructures
Research Graph: Connecting Identifiers across Research Data Infrastructures
 
SAVE THE FROGS! Presentation in Belo Horizonte, Brazil
SAVE THE FROGS! Presentation in Belo Horizonte, BrazilSAVE THE FROGS! Presentation in Belo Horizonte, Brazil
SAVE THE FROGS! Presentation in Belo Horizonte, Brazil
 
2017 Why invest in Momentum as a Factor ?
2017 Why invest in Momentum as a Factor ?2017 Why invest in Momentum as a Factor ?
2017 Why invest in Momentum as a Factor ?
 
Manažeři a stres na pracovišti
Manažeři a stres na pracovištiManažeři a stres na pracovišti
Manažeři a stres na pracovišti
 
Zakonski okvir in raziskave
Zakonski okvir in raziskaveZakonski okvir in raziskave
Zakonski okvir in raziskave
 
Ley organica
Ley organicaLey organica
Ley organica
 
Introdução ao Git - fs2w - GrupySP
Introdução ao Git - fs2w - GrupySPIntrodução ao Git - fs2w - GrupySP
Introdução ao Git - fs2w - GrupySP
 
A Quick Guide to Credit Considerations in Real Estate Lending
A Quick Guide to Credit Considerations in Real Estate LendingA Quick Guide to Credit Considerations in Real Estate Lending
A Quick Guide to Credit Considerations in Real Estate Lending
 

Similar to Boomtime: Risk as Economics (Allison Miller, SiRAcon15)

Energy, Externalities & ClimateEmissions &
Energy, Externalities & ClimateEmissions &Energy, Externalities & ClimateEmissions &
Energy, Externalities & ClimateEmissions &cullenrjzsme
 
Chapter One Powerpoint
Chapter One PowerpointChapter One Powerpoint
Chapter One PowerpointMrRed
 
Heuristics, Networks and Trust - Moving Away from Standard Economics
Heuristics, Networks and Trust - Moving Away from Standard EconomicsHeuristics, Networks and Trust - Moving Away from Standard Economics
Heuristics, Networks and Trust - Moving Away from Standard Economicstutor2u
 
princ-ch27-presentation.ppt
princ-ch27-presentation.pptprinc-ch27-presentation.ppt
princ-ch27-presentation.pptchsami14
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019  –  Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019  –  Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Ap macroeconomics review slides
Ap macroeconomics review slidesAp macroeconomics review slides
Ap macroeconomics review slidesStephen Staunton
 
Economics-the Study of Choice
Economics-the Study of ChoiceEconomics-the Study of Choice
Economics-the Study of ChoiceLumen Learning
 
Economics-The Study of Choice
Economics-The Study of ChoiceEconomics-The Study of Choice
Economics-The Study of ChoiceLumen Learning
 
Storyfying your Data: How to go from Data to Insights to Stories
Storyfying your Data: How to go from Data to Insights to StoriesStoryfying your Data: How to go from Data to Insights to Stories
Storyfying your Data: How to go from Data to Insights to StoriesGramener
 
Chapter One Notes
Chapter One NotesChapter One Notes
Chapter One NotesMrRedAHS
 
Consumer Lead Change: How to Stay Relevant and Build Success By Duane Forrester
Consumer Lead Change: How to Stay Relevant and Build Success By Duane ForresterConsumer Lead Change: How to Stay Relevant and Build Success By Duane Forrester
Consumer Lead Change: How to Stay Relevant and Build Success By Duane ForresterSearch Marketing Expo - SMX
 
Superficial data analysis
Superficial data analysisSuperficial data analysis
Superficial data analysisBao Nguyen
 
Psychological determinants of human judgment & decision making
Psychological determinants of human judgment & decision makingPsychological determinants of human judgment & decision making
Psychological determinants of human judgment & decision makingReading Room
 
DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSOAlexander Hutton
 

Similar to Boomtime: Risk as Economics (Allison Miller, SiRAcon15) (20)

Cognitive Bias in Risk-Reward Analysis
Cognitive Bias in Risk-Reward AnalysisCognitive Bias in Risk-Reward Analysis
Cognitive Bias in Risk-Reward Analysis
 
Energy, Externalities & ClimateEmissions &
Energy, Externalities & ClimateEmissions &Energy, Externalities & ClimateEmissions &
Energy, Externalities & ClimateEmissions &
 
Chapter One Powerpoint
Chapter One PowerpointChapter One Powerpoint
Chapter One Powerpoint
 
Heuristics, Networks and Trust - Moving Away from Standard Economics
Heuristics, Networks and Trust - Moving Away from Standard EconomicsHeuristics, Networks and Trust - Moving Away from Standard Economics
Heuristics, Networks and Trust - Moving Away from Standard Economics
 
princ-ch27-presentation.ppt
princ-ch27-presentation.pptprinc-ch27-presentation.ppt
princ-ch27-presentation.ppt
 
The basic tool of finance
The basic tool of finance The basic tool of finance
The basic tool of finance
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019  –  Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019  –  Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Introduction To Economics
Introduction To EconomicsIntroduction To Economics
Introduction To Economics
 
Ap macroeconomics review slides
Ap macroeconomics review slidesAp macroeconomics review slides
Ap macroeconomics review slides
 
Economics-the Study of Choice
Economics-the Study of ChoiceEconomics-the Study of Choice
Economics-the Study of Choice
 
Economics-The Study of Choice
Economics-The Study of ChoiceEconomics-The Study of Choice
Economics-The Study of Choice
 
Miller 14e 447476_01
Miller 14e 447476_01Miller 14e 447476_01
Miller 14e 447476_01
 
Miller 14e 447476_01
Miller 14e 447476_01Miller 14e 447476_01
Miller 14e 447476_01
 
Storyfying your Data: How to go from Data to Insights to Stories
Storyfying your Data: How to go from Data to Insights to StoriesStoryfying your Data: How to go from Data to Insights to Stories
Storyfying your Data: How to go from Data to Insights to Stories
 
Chapter One Notes
Chapter One NotesChapter One Notes
Chapter One Notes
 
Consumer Lead Change: How to Stay Relevant and Build Success By Duane Forrester
Consumer Lead Change: How to Stay Relevant and Build Success By Duane ForresterConsumer Lead Change: How to Stay Relevant and Build Success By Duane Forrester
Consumer Lead Change: How to Stay Relevant and Build Success By Duane Forrester
 
Superficial data analysis
Superficial data analysisSuperficial data analysis
Superficial data analysis
 
Psychological determinants of human judgment & decision making
Psychological determinants of human judgment & decision makingPsychological determinants of human judgment & decision making
Psychological determinants of human judgment & decision making
 
DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSO
 
Macro
MacroMacro
Macro
 

Recently uploaded

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 

Recently uploaded (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
How Tech Giants Cut Corners to Harvest Data for A.I.
How Tech Giants Cut Corners to Harvest Data for A.I.How Tech Giants Cut Corners to Harvest Data for A.I.
How Tech Giants Cut Corners to Harvest Data for A.I.
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 

Boomtime: Risk as Economics (Allison Miller, SiRAcon15)

  • 2. THEMES OF SECURITY ECONOMICS Security ROI Cybercrime supply chains Market for Lemons Make it more expensive for the attacker Tragedy of the Commons Risk Tolerance Exploit/Vuln markets Behavioral Economics / Gamification #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 3. MICROECONOMICS Model for estimating consumption given individual preferences, under a budget constraint •  Utility maximization •  Preferences: Consumption mix •  Good A vs Good B •  Labor vs leisure •  Budget constraint #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 4. THE CONSUMER MODEL: EXPANDED Extensible from micro into macro •  Extensible to firms Ø  Estimate production given profits under cost/demand/price constraints •  Extensible to competition for resources (consumers, firms) Ø  Roots of game theory •  Extensible to markets Ø  Aggregation across many to many (markets for goods, money, labor) •  Extensible to public sector Ø  Government spend (fiscal) & policy (monetary) •  Extensible to economies #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 5. THE LANGUAGE OF RISK Some optimization functions assume *certainty* •  e.g. preferences, costs But making decisions under uncertainty is core to: •  Competition •  Investment •  Reality #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 6. RISK AVERSION Concept where theory meets behavior •  Expected value vs expected variance •  Probability gives you both, we tend to focus on E(x) •  Risk aversion is a condition that relies on V(x) #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 7. AN EXAMPLE You have $20k, but a 50/50 chance of losing $10k •  Expected value? •  $15k (i.e. .5($20k)+.5($10k)) Insurance costing $5k will cover full loss. Should you buy it or not? •  Expected value w/insurance? •  $15k (for sure) •  Expected value w/o insurance •  $15k (but as EITHER $10k or $20k) The risk averse individual will opt for the same expected value with less uncertainty (less risk) §  People seek utility maximization, not payoffs §  Risk, i.e. uncertainty, reduces overall utility (wealth) #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 8. AN EXAMPLE…CONTINUED You have $20k, but a 50/50 chance of losing $10k •  Expected value = $15k You are offered partial insurance costing $2.5k will cover half of the loss ($5k). @ No Loss: $17.5k ($20k – 2.5k) @ Loss: $12.5k ($20k – 2.5k – 10k – 5k) •  Expected value = •  $15k (but as EITHER $17.5k or $12.5k) Risk, i.e. uncertainty, is reduced but there is still a $5k variance #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 9. WHAT THIS LOOKS LIKE Utility Wealth E(V) U(total) U(partial) U(no insurance) 12.5 17.515 #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 10. HOW TO WIN AT RISK Win or lose? •  Game theory approach: maximize payoff …Tends to gravitate towards expected value •  The “defender’s dilemma” assumes a risk intolerant system manager …Lower expected loss. Ok, sounds like expected value. •  Optimal investments manage to value and variance …Build systems with better risk capacity …Portfolio theory, not just point performance Boom or bust maybe a better analogy? #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 11. WINNING AT ECONOMICS BOOM! #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 12. A BIT ABOUT ECONOMICS Speaking of econ #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 13. META ON MACRO Early 20th century: Ø  Panics! Chaos! Depression! 30’s-50’s: Data Ø  Gather, Count & Measure 50’s-70’s: Models Ø  Keynesians Rule! 70’s - now: Modern Macro Ø  RBC vs New Keynesians Given that the structure of an econometric model consists of optimal decision rules of economic agents, and that optimal decision rules vary systematically with changes in the structure of series relevant to the decision maker, it follows that any change in policy will systematically alter the structure of econometric models. −Lucas' Critique (1976) #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 14. SUPERMODELS Lucas Critique The α coefficients in Keynesian macroeconometric frameworks should be thought of as depending on government policy directly. Source: Modern Macroeconomics, Sanjay Chugh http://skchugh.com/teachingmanuscript.html #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 15. POSITIVE VS NORMATIVE ECONOMICS Positive Normative What it is What it should be Descriptions Recommendations #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 17. BOOMTIME Preferences Utility Money Returns Competition Tolerances Uncertainty Data Returns Adversaries Policy Analysis Graph Theory Dynamic Threat Models Cyberinsurance Security Econometrics Classification Inferior Goods Security “CPI” Incentive Design Coalitional Game Theory #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 18. HOW TO WIN [RISK] FRIENDS & INFLUENCE [INVESTMENT] PEOPLE BoomTime •  Consider framing our goals as “booming” vs “winning” All about that base… variance •  Bring your E(x) AND V(x) game Positive vs Normative Risk •  Your model’s in my policy… your policy’s in my model #BO O M TI M E #RI S K @S E L E N A K Y L E
  • 19. #BO O M TI M E #RI S K @S E L E N A K Y L E