Risk and the theory of security risk assessment

This book provides the conceptual foundation of security risk assessment and thereby enables reasoning about risk from first principles. It presents the underlying theory that is the basis of a rigorous and universally applicable security risk assessment methodology. Furthermore, the book identifies and explores concepts with profound operational implications that have traditionally been sources of ambiguity if not confusion in security risk management. Notably, the text provides a simple quantitative model for complexity, a significant driver of risk that is typically not addressed in security-related contexts. Risk and The Theory of Security Risk Assessment is a primer of security risk assessment pedagogy, but it also provides methods and metrics to actually estimate the magnitude of security risk. Concepts are explained using numerous examples, which are at times both enlightening and entertaining. As a result, the book bridges a longstanding gap between theory and practice, and therefore will be a useful reference to students, academics and security practitioners.

Part 1: Security Risk Assessment Fundamentals.- Definitions and Basic Concepts.- Risk Factors.- Threat Scenarios.- Risk, In Depth.- Part II: Quantitative Concepts and Methods.- The (Bare) Essentials of Probability and Statistics.- Identifying and/or Quantifying Risk-Relevance.- Risk Factor Measurements.- Elementary Stochastic Methods and Security Risk.- Part III: Security Risk Assessment and Management.- Threat Scenario Complexity.- Systemic Security Risk.- General Theoretical Results.- The Theory, in Practice.- Epilogue.- Appendices.