Welcome to the ARES 2010 Conference

-> CISIS conference

• Home

• Important dates

• Conference Officers

• Keynotes

• Previous Keynotes

• Program committee

• Program

• Submission guidelines

• Registration

• Workshops

• Venue

• Previous conferences

• Partners

• Contact

• Accomodation

Welcome to the ARES 2010 Conference

February, 15th - 18th 2010

Andrzej Frycz Modrzewski Cracow College Krakow,Poland

*** ATTENTION ***

The final program is available. Please note that changes may occur!

The registration desk opens at 08:00.

The Fifth International Conference on Availability, Reliability and Security (“ARES 2010 – The International Dependability Conference”) will bring together researchers and

practitioners in the area of dependability. ARES 2010 will highlight the various aspects of dependability - with special focus on the crucial linkage between availability, reliability and security.

ARES aims at a full and detailed discussion of the research issues of dependability as an integrative concept that covers amongst others availability, safety, confidentiality, integrity, maintainability and security in the different fields of

applications.

ARES will emphasize the interplay between foundations and practical issues of dependability in emerging areas such as e-government, m-government, location-based applications, ubiquitous computing, autonomous computing, chances of grid computing etc.

ARES is devoted to the critical examination and research challenges of the various aspects of Dependable Computing and the definition of a future road map.

Selected papers that are accepted by and presented at the ARES Conference will be published, after further revision, in

special issues of internationa journals. Papers of ARES 2009 were selected to appear in special issues of the journals (JISSec, IJCCBS).

The acceptance rate of the ARES 2009 conference was 25%.

More information about previous ARES conference can be found here: >>previous conferences<< .

We are proud to announce Ross Anderson and Gene

Spafford as keynote speakers of ARES 2010: >>keynotes<<

The ARES 2010 conference is...

... organized by

2010 International Conference on Availability, Reliability

and Security

ARES 2010

Table of Contents

Welcome Message from ARES 2010 Chairs

...xv

Welcome Message from ARES 2010 Workshop Co-Chair

...xvi

ARES 2010 Conference Officers

...xvii

ARES 2010 Reviewer List

...xviii

Welcome Message from the FARES 2010 Workshop C0-Chairs

...xxi

Welcome Message from the OSA 2010 Workshop Chair

...xxii

OSA 2010 Organizing Committee

...xxiii

OSA 2010 Reviewer List

...xxiv

Welcome Message from the SECSE 2010 Workshop Organizers

...xxv

SecSE 2010 Organization

...xxvi

Welcome Message from the SPattern 2010 Workshop Organizers

...xxvii

SPattern 2010 Organization Committee

...xxviii

Welcome Message from the WAIS 2010 Workshop Chair

...xxix

WAIS 2010 Organizing Committee

...xxx

WAIS 2010 Reviewers

...xxxi

Welcome Message from the WSDF 2010 Workshop Organizers

...xxxii

WSDF 2010 Organizing Committee

...xxxiii

v

ARES 2010 Full Papers Network Security I

A Security Decision-Reaction Architecture for Heterogeneous Distributed

Network...1 Christophe Feltus, Djamel Khadraoui, and Jocelyn Aubert

Dual-Level Attack Detection and Characterization for Networks under DDoS...9 Anjali Sardana and Ramesh Chandra Joshi

Improving Effectiveness of Intrusion Detection by Correlation Feature

Selection...17 Hai Nguyen, Katrin Franke, and Slobodan Petrovic

Network Security II

Analytical Approach to Attack Graph Analysis for Network Security...25 Phongphun Kijsanayothin and Rattikorn Hewett

Affects of Queuing Mechanisms on RTP Traffic: Comparative Analysis

of Jitter, End-to-End Delay and Packet Loss...33 Gregory Epiphaniou, Carsten Maple, Paul Sant, and Matthew Reeve

A Computer Architecture with Hardwarebased Malware Detection...41 Klaus Hildebrandt, Igor Podebrad, and Bernd Klauer

Identity Management, Authentication, and Authorization I

Solving the Transitive Access Problem for the Services Oriented Architecture...46 Alan H. Karp and Jun Li

Unified Public Key Infrastructure Supporting Both Certificate-Based

and ID-Based Cryptography...54 Byoungcheon Lee

Secure Bindings of SAML Assertions to TLS Sessions...62 Florian Kohlar, Jörg Schwenk, Meiko Jensen, and Sebastian Gajek

Identity Management, Authentication, and Authorization II

From Contextual Permission to Dynamic Pre-obligation: An Integrated

Approach...70 Yehia Elrakaiby, Frédéric Cuppens, and Nora Cuppens-Boulahia

2-clickAuth—Optical Challenge-Response Authentication ...79 Anna Vapen, David Byers, and Nahid Shahmehri

Architecture-Aware Adaptive Deployment of Contextual Security Policies...87 Stere Preda, Nora Cuppens-Boulahia, Frédéric Cuppens, and Laurent Toutain

vi

Availability and Reliability I

Using Smart Cards for Tamper-Proof Timestamps on Untrusted Clients...96 Guenther Starnberger, Lorenz Froihofer, and Karl M. Goeschka

A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant

Database Systems ...104 Alex Hai Wang, Su Yan, and Peng Liu

Availability and Reliability II

FaT2D: Fault Tolerant Directed Diffusion for Wireless Sensor Networks...112 Fatima Zohra Benhamida and Yacine Challal

An Adaptive Redundancy Oriented Method to Tolerate Soft Errors

in SRAM-Based FPGAs Using Unused Resources...119 Somayeh Bahramnejad and Hamid Reza Zarandi

Analysis of Transient Faults on a MIPS-Based Dual-Core Processor...125 Iman Faraji, Moslem Didehban, and Hamid Reza Zarandi

Risk and Security Management I

Visualizing Past Personal Data Disclosures...131 Jan Kolter, Michael Netter, and Günther Pernul

Strategies for Reducing Risks of Inconsistencies in Access Control Policies...140 Bernard Stepien, Stan Matwin, and Amy Felty

Multi-dimensional Uncertainty Analysis in Secure and Dependable Domain...148 Yudistira Asnar and Paolo Giorgini

Risk and Security Management II

Information Flow in Disaster Management Systems...156 Achim D. Brucker and Dieter Hutter

Formal Specification and Analysis of an E-voting System...164 Komminist Weldemariam, Richard A. Kemmerer, and Adolfo Villafiorita

Towards a Privacy-Enhanced Social Networking Site...172 Esma Aïmeur, Sébastien Gambs, and Ai Ho

Risk and Security Management III

A Formal Approach Towards Risk-Aware Service Level Analysis

and Planning...180 Stefan Jakoubi, Simon Tjoa, Sigrun Goluch, and Gerhard Kitzler

Threat- and Risk-Analysis During Early Security Requirements Engineering...188 Holger Schmidt

An Analysis of Information Security Awareness within Home and Work

Environments...196 Shuhaili Talib, Nathan L. Clarke, and Steven M. Furnell

vii

ARES 2010 Short Papers Security and Privacy

Trust Based Multi Path DSR Protocol...204 Poonam Gera, Kumkum Garg, and Manoj Misra

Enhanced Chaotic Stream Cipher for WSNs...210 Rui Miguel Soares Silva, Rui Gustavo Nunes Pereira Crespo,

and Mário Serafim dos Santos Nunes

Zone Based Systems Design Framework for the Realisation of Efficient Block

Cipher Based Message Authentication Code Algorithms...216 A.A. Adekunle and S.R. Woodhead

Identity Management, Authentication, and Authorization

A Semantic Security Architecture for Web Services—The Access-eGov

Solution...222 Stefan Dürbeck, Christoph Fritsch, Günther Pernul, and Rolf Schillinger

FedWare: Middleware Services to Cope with Information Consistency

in Federated Identity Management...228 Thorsten Hoellrigl, Jochen Dinger, and Hannes Hartenstein

Owner-Based Role-Based Access Control OB-RBAC...236 Mohsen Saffarian and Babak Sadighi

Cryptography and Secure Protocols

Program Obfuscation by Strong Cryptography...242 Željko Vrba, Pål Halvorsen, and Carsten Griwodz

Pitfalls in Formal Reasoning about Security Protocols ...248 Nina Moebius, Kurt Stenzel, and Wolfgang Reif

Secure Group Communication Using Fractional Public Keys ...254 Sigurd Eskeland and Vladimir Oleshchuk

Risk and Security Management

Extending the Gordon and Loeb Model for Information Security Investment...258 Jan Willemson

Risk-Based Methodology for Real-Time Security Monitoring

of Interdependent Services in Critical Infrastructures...262 Jocelyn Aubert, Thomas Schaberreiter, Christophe Incoul, Djamel Khadraoui,

and Benjamin Gâteau

Planning Dynamic Activity and Resource Allocations Using a Risk-Aware

Business Process Management Approach...268 Simon Tjoa, Stefan Jakoubi, Sigrun Goluch, and Gerhard Kitzler

viii

Miscellaneous

Security and Usability: Analysis and Evaluation...275 Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Recovery of Skype Application Activity Data from Physical Memory...283 Matthew Simon and Jill Slay

Rejuvenating High Available Virtualized Systems...289 Arash Rezaei and Mohsen Sharifi

Fifth International Workshop on Frontiers in Availability, Reliability, and Security (FARES 2010 )

Fraud and Misuse Detection

Detection of Spyware by Mining Executable Files...295 Raja Khurram Shahzad, Syed Imran Haider, and Niklas Lavesson

A Probabilistic Approach for On-Line Sum-Auditing...303 Gerardo Canfora and Bice Cavallo

Towards an Ontology-Based Solution for Managing License Agreement Using

Semantic Desktop...309 Mansoor Ahmed, Amin Anjomshoaa, Muhammad Asfandeyar, A. Min Tjoa, and Abid Khan

Intrusion Detection

Optimising IDS Sensor Placement...315 Hao Chen, John A. Clark, Siraj A. Shaikh, Howard Chivers, and Philip Nobles

Layered Higher Order N-grams for Hardening Payload Based Anomaly

Intrusion Detection...321 Neminath Hubballi, Santosh Biswas, and Sukumar Nandi

Improving Network Intrusion Detection by Means of Domain-Aware Genetic

Programming...327 Jorge Blasco, Agustín Orfila, and Arturo Ribagorda

Privacy and Trust

On the Simulation of a Software Reputation System...333 Martin Boldt, Anton Borg, and Bengt Carlsson

Model-Driven Application-Level Encryption for the Privacy of E-health Data...341 Yun Ding and Karsten Klein

Communal Reputation and Individual Trust (CRIT) in Wireless Sensor

Networks...347 Tanveer A Zia and Md Zahidul Islam

ix

Global Information Security

A Multi-stage Methodology for Ensuring Appropriate Security Culture

and Governance...353 Solange Ghernouti-Hélie, Igli Tashi, and David Simms

Development of ICT Infrastructure for Local Socio-Economic System

in Japan—Another Approach Toward Cybersecurity in the Non-Urban Area...361 Hiroshi Nagano

A National Strategy for an Effective Cybersecurity Approach and Culture...370 Solange Ghernouti-Hélie

Software Security and Authentication

Choosing Authentication Techniques in E-procurement System in Serbia...374 Miloš Milovanović, Marija Bogićević, Miroslav Lazović, Dejan Simić, and Dušan Starčević

A Continuous Authentication System Based on User Behavior Analysis...380 Ines Brosso, Alessandro La Neve, Graça Bressan, and Wilson Vicente Ruggiero

Identifying Security Relevant Warnings from Static Code Analysis Tools

through Code Tainting...386 Dejan Baca

Digital Content Security

Reselling Digital Content...391 Laila El Aimani and Yona Raekow

A New DRM Architecture with Strong Enforcement...397 Sascha Müller and Stefan Katzenbeisser

A Secure and Scalable Grid-Based Content Management System...404 Benjamin Aziz, Alvaro Arenas, Giovanni Cortese, Bruno Crispo, and Silvio Causetti

A Design Pattern for Event-Based Processing of Security-Enriched SOAP

Messages...410 Nils Gruschka, Meiko Jensen, and Luigi Lo Iacono

The Second International Workshop on Organizational Security Aspects (OSA 2010)

Organizational Aspects of Security: Session 1

Challenging IS and ISM Standardization for Business Benefits...416 Juhani Anttila and Jorma Kajava

Managing the Asset Risk of SMEs...422 Luís Enrique Sánchez, Carlos Ruiz, Eduardo Fernández-Medina, and Mario Piattini

x

Organizational Aspects of Security: Session 2

A Generic Metamodel for IT Security—Attack Modeling for Distributed

Systems...430 André Miede, Nedislav Nedyalkov, Christian Gottron, André König, Nicolas Repp,

and Ralf Steinmetz

Combining Misuse Cases with Attack Trees and Security Activity Models...438 Inger Anne Tøndel, Jostein Jensen, and Lillian Røstad

External Insider Threat: A Real Security Challenge in Enterprise Value Webs...446 Virginia N.L. Franqueira, Andre van Cleeff, Pascal van Eck, and Roel Wieringa

Organizational Aspects of Security: Session 3

Secure Monitoring of Service Level Agreements...454 K.P. Clark, M.E. Warnier, F.M.T. Brazier, and T.B. Quillinan

Fighting Phishing with Trusted Email...462 Jordan Crain, Lukasz Opyrchal, and Atul Prakash

Application and Economic Implications of an Automated

Requirement-Oriented and Standard-Based Compliance Monitoring

and Reporting Prototype...468 Matthias Kehlenbeck, Thorben Sandner, and Michael H. Breitner

Organizational Aspects of Security: Session 4

A Taxonomy Refining the Security Requirements for Electronic Voting:

Analyzing Helios as a Proof of Concept...475 Lucie Langer, Axel Schmidt, Johannes Buchmann, and Melanie Volkamer

Secured Key Distribution Scheme for Cryptographic Key Management System...481 Kyawt Kyawt Khaing and Khin Mi Mi Aung

One Size Fits None: The Importance of Detector Parameterization...487 Natasha Bodorik and A. Nur Zincir-Heywood

Fourth International Workshop on Secure Software Engineering (SecSE 2010 ) Agile Development and Hot Patching

Supporting Authorization Policy Modification in Agile Development of Web

Applications...495 Steffen Bartsch

The Road to Hell is Paved with Good Intentions: A Story of (In)secure

Software Development...501 Richard Sasson, Martin Gilje Jaatun, and Jostein Jensen

Katana: A Hot Patching Framework for ELF Executables...507 Ashwin Ramaswamy, Sergey Bratus, Sean W. Smith, and Michael E. Locasto

xi

Testing, Monitoring, and Validation

Investigating the Limitations of Java Annotations for Input Validation...513 Federico Mancini, Dag Hovland, and Khalid A. Mughal

Classification of Buffer Overflow Vulnerability Monitors...519 Hossain Shahriar and Mohammad Zulkernine

Configuration Fuzzing for Software Vulnerability Detection...525 Huning Dai, Christian Murphy, and Gail Kaiser

Security Modeling and Vulnerabilites

Practical Experience Gained from Modeling Security Goals: Using SGITs

in an Industrial Project...531 Christian Jung, Frank Elberzhager, Alessandra Bagnato, and Fabio Raiteri

Security Modeling and Tool Support Advantages...537 Egil Trygve Baadshaug, Gencer Erdogan, and Per Håkon Meland

Analysing and Visualising Security and Usability in IRIS...543 Shamal Faily and Ivan Fléchais

Security and Performance Aspects of an Agent-Based Link-Layer

Vulnerability Discovery Mechanism...549 Ziyad S. Al-Salloum and Stephen D. Wolthusen

Fourth International Workshop on Secure Systems Methodologies Using Patterns (SPattern 2010 )

SPattern Application

Model-Driven Security Patterns Application Based on Dependences

among Patterns...555 Yuki Shiroma, Hironori Washizaki, Yoshiaki Fukazawa, Atsuto Kubo,

and Nobukazu Yoshioka

Refining the Pattern-Based Reference Model for Electronic Invoices

by Incorporating Threats ...560 Michael Netter, Eduardo B. Fernandez, and Günther Pernul

Measuring the Level of Security Introduced by Security Patterns...565 Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, and Michael VanHilst

SPattern Development

Patterns for Secure Boot and Secure Storage in Computer Systems...569 Hans Löhr, Ahmad-Reza Sadeghi, and Marcel Winandy

xii

Fourth International Workshop on Advances in Information Security (WAIS 2010) Identity and Privacy

A Consideration of the Reliability of Registration and Attribute Exchange...574 Yoshio Kakizaki and Keiichi Iwamura

Binomial-Mix-Based Location Anonymizer System with Global Dummy

Generation to Preserve User Location Privacy in Location-Based Services...580 Minh-Triet Tran, Isao Echizen, and Anh-Duc Duong

Multiple Designated Verifiers Signatures Reconsidered...586 Mebae Ushida, Tetsuya Izu, Masahiko Takenaka, and Kazuo Ohta

System Security

LSM-Based Secure System Monitoring Using Kernel Protection Schemes...591 Takamasa Isohara, Keisuke Takemori, Yutaka Miyake, Ning Qu, and Adrian Perrig

Formalization of Viruses and Malware Through Process Algebras...597 Grégoire Jacob, Eric Filiol, and Hervé Debar

Heuristics for Detecting Botnet Coordinated Attacks...603 Kazuya Kuwabara, Hiroaki Kikuchi, Masato Terada, and Masashi Fujiwara

Experimental and Physical Security

An Improvement of Robustness Against Physical Attacks and Equipment

Independence in Information Hiding Based on the Artificial Fiber Pattern...608 Kitahiro Kaneda, Yuki Fujii, Keiichi Iwamura, and Seiichiro Hangai

Large Scale Demonstration Experiments Towards Acheiving Practical

Traceback on the Internet...613 Ken Wakasa, Hiroaki Hazeyama, Toshifumi Kai, Akira Hashiguchi, Masaya Yamagata,

Masahiko Fujinaga, Ryunosuke Ohshima, and Takashi Shintani

Quantum Detection of Wavelength Division Multiplexing Optical Coherent

Signals in Lossy Channels...619 Atsushi Waseda, Masahide Sasaki, Masahiro Takeoka, Mikio Fujiwara,

Morio Toyoshima, and Hidema Tanaka

Experimental Results on Cheon’s Algorithm...625 Tetsuya Izu, Masahiko Takenaka, and Masaya Yasuda

Third International Workshop on Digital Forensics (WSDF 2010) Digital Forenisc Workshop: Session 1

The ‘Explore, Investigate and Correlate’ (EIC) Conceptual Framework

for Digital Forensics Information Visualisation ...629 Grant Osborne, Benjamin Turnbull, and Jill Slay

A Model for Computer Profiling...635 Andrew Marrington, George Mohay, Hasmukh Morarji, and Andrew Clark

xiii

Using Normalized Compression Distance for Classifying File Fragments...641 Stefan Axelsson

Digital Forenisc Workshop: Session 2

A Multi-component View of Digital Forensics...647 C.P. Grobler, C.P. Louwrens, and SH von Solms

Blind Steganalysis: A Countermeasure for Binary Image Steganography...653 Kang Leng Chiew and Josef Pieprzyk

Log Analysis Towards an Automated Forensic Diagnosis System...659 Jorge Herrerías and Roberto Gómez

Digital Forenisc Workshop: Session 3

A Function Oriented Methodology to Validate and Verify Forensic Copy

Function of Digital Forensic Tools...665 Yinghua Guo and Jill Slay

A Complexity Based Model for Quantifying Forensic Evidential Probabilities...671 Richard E. Overill, Jantje A.M. Silomon, and Kam-Pui Chow

A Framework to Guide the Implementation of Proactive Digital Forensics

in an Organisation...677 C.P. Grobler, C.P. Louwrens, and S.H. von Solms

Estimating Hidden Message Length in Binary Image Embedded by Using

Boundary Pixels Steganography...683 Kang Leng Chiew and Josef Pieprzyk

Digital Forenisc Workshop Session 4

Information Flow Control Using the Java Virtual Machine Tool Interface

(JVMTI)...689 Jason Howarth, Irfan Altas, and Barney Dalgarno

A Prototype for Support of Computer Forensic Analysis Combined with the Expected Knowledge Level of an Attacker to More Efficiently Achieve

Investigation Results...696 Maximilian Bielecki and Gerald Quirchmayr

A Novel Image Hiding Scheme Using Content Aware Seam Carving Method ...702 Zahra Toony and Mansour Jamzad

Author Index

...708

xiv

0DQDJLQJWKHDVVHWULVNRI60(V

 /XtV(QULTXH6iQFKH]&DUORV5XL]

'HSDUWPHQWRI5'

6,&$0$11XHYDV7HFQRORJtDV

-XDQ-RVp5RGULJR7RPHOORVR&LXGDG5HDO6SDLQ

^/HVDQFKH]&DUORV`#VLFDPDQQWFRP

(GXDUGR)HUQiQGH]0HGLQD0DULR3LDWWLQL

$/$5&265HVHDUFK*URXS76,'HSDUWPHQW

8QLYHUVLW\RI&DVWLOOD/D0DQFKD8&/0 3DVHRGHOD8QLYHUVLGDG±&LXGDG5HDO6SDLQ

^(GXDUGR)GH]0HGLQD0DULR3LDWWLQL`#XFOPHV





$EVWUDFW²7KH LQIRUPDWLRQ VRFLHW\ LV EHFRPLQJ LQFUHDVLQJO\

GHSHQGHQWRQ V\VWHPV IRU PDQDJLQJ DQG DQDO\VLQJ WKHULVNWR

ZKLFK LWV PDLQ LQIRUPDWLRQ DVVHWV DUH H[SRVHG DQG KDYLQJ

DFFHVV WR WKHVH V\VWHPV KDV EHFRPH YLWDO IRU WKH HYROXWLRQ RI

60(V+RZHYHUWKLVW\SHRIFRPSDQ\UHTXLUHVWKHV\VWHPVWR

EHDGDSWHGWRWKHLUVSHFLDOFKDUDFWHULVWLFVDQGWREHRSWLPLVHG

IURPWKHSRLQWRIYLHZRIUHVRXUFHVUHTXLUHGWRVHWWKHPXSDQG

PDLQWDLQ WKHP 7KLV DUWLFOH SUHVHQWV D SURSRVHG PHWKRG IRU

FDUU\LQJ RXW ULVN DQDO\VLV DGDSWDWLRQ ZKLFK LV VXLWDEOH IRU

60(V VHW ZLWKLQ WKH IUDPHZRUN RI WKH PHWKRGRORJ\ IRU

VHFXULW\ PDQDJHPHQW LQ VPDOO DQG PHGLXPVL]HG HQWHUSULVHV

06060( 7KLV PRGHO LV EHLQJ DSSOLHG GLUHFWO\ WR UHDO

FDVHV DQG WKHUHIRUH LWV DSSOLFDWLRQ LV FRQVWDQWO\ EHLQJ

LPSURYHG

60(0DQDJHPHQW5LVN$VVHW,606

,1752'8&7,21

6WXGLHV FRQGXFWHG >@ KDYH VKRZQ WKDW LQ RUGHU IRU

FRPSDQLHV WR XVH LQIRUPDWLRQ DQG FRPPXQLFDWLRQ

WHFKQRORJLHV ZLWK JXDUDQWHHV LW LV QHFHVVDU\ WR KDYH WKH

JXLGHV PHWULFV DQG WRROV WKDW HQDEOH WKHP WR NQRZ WKHLU

VHFXULW\ OHYHO DW DOO WLPHV DQG WKH YXOQHUDELOLWLHV ZKLFK DUH

\HW WR EH FRYHUHG 7KH SUREOHP RI DVFHUWDLQLQJ WKH ULVN WR

ZKLFKDFRPSDQ\VPDLQDVVHWVDUHH[SRVHGLVPRUHPDUNHG

LQ VPDOO DQG PHGLXPVL]HG HQWHUSULVHV ZKLFK KDYH WKH

DGGLWLRQDO OLPLWDWLRQ RI LQVXIILFLHQW KXPDQ DQG HFRQRPLF

UHVRXUFHVWRDGHTXDWHO\PDQDJHWKHLUDVVHWV>@

%XW ZLWK WKH DUULYDO RI WKH LQWHUQHW LW LV EHFRPLQJ

LQFUHDVLQJO\ FULWLFDO IRU FRPSDQLHV WR LPSOHPHQW VHFXULW\

FRQWUROV WKDW HQDEOH WKHP WR NQRZ DQG FRQWURO WKH ULVNV WR

ZKLFKWKH\PD\EHH[SRVHG>@$ODUJHSDUWRIWKLVFKDQJH

LQPHQWDOLW\ZLWKLQFRPSDQLHVVWHPVIURPWKHVRFLDOFKDQJH

EURXJKW DERXW E\ WKH LQWHUQHW DQG WKH VSHHG ZLWK ZKLFK

LQIRUPDWLRQ LV H[FKDQJHG ZKLFK KDV OHG WR D JUHDWHU

DZDUHQHVVDPRQJFRPSDQLHVRIWKHYDOXHRILQIRUPDWLRQIRU

WKHLU RUJDQLVDWLRQ DQG WR FRPSDQLHV HQVXULQJ WKH\ SURWHFW

WKHLU GDWD ,Q WKLV ZD\ FRPSDQLHV KDYH DOUHDG\ WDNHQ RQ

ERDUGWKHIDFWWKDWWKHLQIRUPDWLRQDQGSURFHVVHVWKDWVXSSRUW

WKHLU V\VWHPV DQG QHWZRUNV DUH WKHLU PRVW LPSRUWDQW DVVHWV

>@7KHVHDVVHWVDUHH[SRVHGWRDZLGHYDULHW\RIULVNVZKLFK

FRXOGKDYHDFULWLFDOHIIHFWRQWKHFRPSDQ\7KHLPSRUWDQFH

RIVHFXULW\LQLQIRUPDWLRQV\VWHPVLVEDFNHGXSE\QXPHURXV

VWXGLHV>@WRFLWHMXVWDIHZ

6RPHDXWKRUV>@VXJJHVWFRQGXFWLQJDULVNDQDO\VLVDV

D IXQGDPHQWDO SDUW RI VHFXULW\ PDQDJHPHQW LQ 60(VVLQFH

WKHRZQHUVRIWKHVHDVVHWVVKRXOGEHDZDUHWKDWWKHYDOXHDQG

VDQFWLRQRIWKHVWROHQRUILOWHUHGGDWDLQDVPDOORUJDQLVDWLRQ

LVWKHVDPHDVLWLVLQDODUJHRUJDQLVDWLRQDQGFRQVHTXHQWO\

WKH\ VKRXOG PRQLWRU WKH YDOXH DQG WKH ULVNV WR ZKLFK WKHVH

DVVHWV DUH H[SRVHG 2WKHU DXWKRUV >@ VXJJHVW WKH QHHG WR

GHYHORS D QHZ ULVN DQDO\VLV PRGHO 5$ DLPHG GLUHFWO\ DW

60(VJLYHQWKDWWKHFKDUDFWHULVWLFVRIWKHVHHQWHUSULVHVDUH

GLIIHUHQW IURP WKRVH RI ODUJH FRPSDQLHV 7KLV QHZ PRGHO

VKRXOGWDNHLQWRDFFRXQWWKHIDFWWKDWWKHXVHVRIULVNDQDO\VLV

DQGPDQDJHPHQWWHFKQLTXHVDQGWKHUROHRIWKLUGSDUWLHVDUH

QHFHVVDU\WRJXDUDQWHHWKHVHFXULW\RIWKH60(VLQIRUPDWLRQ

V\VWHP

6WXGLHVFHQWUHGRQULVNHYDOXDWLRQ>@FDUULHGRXWRQ

RUJDQLVDWLRQV LQ (XURSH DQG WKH 86$ VKRZ WKDW 60(V DUH

FKDUDFWHULVHG E\ LQVXIILFLHQW GHGLFDWLRQ WR WKH VHFXULW\ RI

LQIRUPDWLRQ WHFKQRORJLHV GXH WR WKH IDFW WKDW WKHVH

UHVSRQVLELOLWLHV DUH DVVLJQHG WR VWDII ZKR GR QRW KDYH WKH

ULJKWWUDLQLQJ/LNHZLVHWKHPDMRULW\RIRUJDQLVDWLRQVGRQRW

KDYHVHFXULW\SROLFLHVDQGULVNHYDOXDWLRQV\VWHPVZLWK

RI 8. 60(V LQWHUYLHZHG VD\LQJ WKH\ FDUU\ RXW ULVN

HYDOXDWLRQV LQ KRXVH /HVV WKDQ  RI WKRVH LQWHUYLHZHG

VDLG WKDW WKH\ XVH D ULVN DQDO\VLV WRRO DQG QRQH XVHG D

UHIHUHQFH JXLGH VXFK DV WKH ,62,(& >@ 7KLV

WRJHWKHUZLWKWKHVPDOO QXPEHURI RUJDQLVDWLRQVZKR UHDOO\

HPSOR\ VHFXULW\ VSHFLDOLVWV OHDGV WR GRXEWV RYHU WKH

H[KDXVWLYHQHVVRUHIIHFWLYHQHVVRIWKHDQDO\VLVWKH\FRQGXFW

$VVXFKRQHRIWKHLVVXHVDULVLQJIURPWKHFRQFOXVLRQVLV

WKH QHHG WR FRPH XS ZLWK QHZ PHWKRGRORJLHV DQG ULVN

DQDO\VLV DQG PDQDJHPHQW PRGHOV ZKLFK DUH DGDSWHG WR WKH

SDUWLFXODUFKDUDFWHULVWLFVRI60(V>@LQRUGHUWRHOLPLQDWH

RUDWOHDVWUHGXFHWKHSUREOHPVDQGKHOSWKHVHFRPSDQLHVWR

HYDOXDWH WKH ULVNV WR ZKLFK WKHLU DVVHWV DUH H[SRVHG DQG WR

HVWDEOLVKVXLWDEOHVHFXULW\FRQWUROV

&RQVHTXHQWO\FRQVLGHULQJWKDW60(VDFFRXQWIRUDODUJH

PDMRULW\ RI FRPSDQLHV ERWK DW D QDWLRQDO DQG LQWHUQDWLRQDO

OHYHODQGDUHDYHU\LPSRUWDQWSDUWRIWKHEXVLQHVVIDEULFRI

DQ\FRXQWU\>@ZHEHOLHYHLWFRXOGEHKLJKO\EHQHILFLDOWR

FRQGXFWPRUHUHVHDUFKLQRUGHUWRLPSURYHWKHULVNDQDO\VLV

DQG PDQDJHPHQW SURFHVVHV IRU WKLV W\SH RI FRPSDQ\ 7KLV

FRXOGFRQWULEXWHWRLPSURYHPHQWVQRWRQO\LQWKHVHFXULW\RI

60(V EXW DOVR LQ WKHLU FRPSHWLWLYHQHVV OHYHOV )RU WKLV

UHDVRQ RYHU WKH ODVW IHZ \HDUV ZH KDYH EHHQ ZRUNLQJ RQ

GHYLVLQJ DGDSWHG SURFHVV WKDW HQDEOHV WKH VHFXULW\ ULVN RI

60(V WR EH DQDO\VHG DQG PDQDJHG > @ DQG ZH KDYH

DOVRGHYHORSHGDWRROWKDWFRPSOHWHO\DXWRPDWHVWKLVSURFHVV

>@ DQG ZH KDYH DSSOLHG LW LQ UHDO FDVHV >@ ZKLFK KDV

HQDEOHGXVWRYDOLGDWHERWKWKHPHWKRGRORJ\DQGWKHWRRO

2010 International Conference on Availability, Reliability and Security

978-0-7695-3965-2/10 $26.00 © 2010 IEEE DOI 10.1109/ARES.2010.52

422

,Q WKLV SDSHU ZH SUHVHQW D ]RRP RI WKH 5$0 5LVN

$QDO\VLV DQG 0DQDJHPHQW IRU D FRPSUHKHQVLYH

PHWKRGRORJ\ 06060( GHYHORSPHQW DQG PDLQWHQDQFH

RI 6*6,V 7KH DUWLFOH FRQWLQXHV LQ 6HFWLRQ  ZLWK D EULHI

GHVFULSWLRQ RI WKH H[LVWLQJ PHWKRGRORJLHV DQG PRGHOV IRU

DQDO\VLQJDQG PDQDJLQJ VHFXULW\ ULVNDQGFXUUHQW WUHQGV ,Q

6HFWLRQZHEULHIO\LQWURGXFHRXUSURSRVHGSURFHVVIRUWKH

DQDO\VLV DQG PDQDJHPHQW RI VHFXULW\ ULVN DLPHG DW 60(V

DQG LW UHXVDELOLW\ RI NQRZOHGJH ,Q 6HFWLRQ  ZH LQWURGXFH

WKH WRROV WKDW VXSSRUW WKH ULVN DQDO\VLV DQG PDQDJHPHQW

SURFHVV DQG ZH RIIHU VRPH RI WKH UHVXOWV REWDLQHG ZKHQ

DSSO\LQJWKHSURFHVVLQDUHDOFDVH)LQDOO\LQ6HFWLRQZH

FRQFOXGHE\LQGLFDWLQJWKHZRUNWKDWZHZLOOEHXQGHUWDNLQJ

LQWKHIXWXUH



5(/$7(':25.

,Q RUGHU WR ILOO VRPH RI WKH JDSV KLJKOLJKWHG LQ WKH

SUHYLRXV VHFWLRQ ZLWK UHJDUG WR VHFXULW\ PDQDJHPHQW LQ

FRPSDQLHV D ODUJH QXPEHU RI SURFHVVHV ZRUN IUDPHZRUNV

DQG PHWKRGV IRU ULVN PDQDJHPHQW KDYH HPHUJHG DQG WKH

QHHGWRXVHWKHVHWRHIIHFWLYHO\SURWHFWDFRPSDQ\VDVVHWVLV

LQFUHDVLQJO\ EHLQJ DFNQRZOHGJHG DQG FRQVLGHUHG E\

RUJDQLVDWLRQVEXWQRW\HWLQWKHFDVHRI60(V

'HVSLWH WKLV VHFXULW\ PDQDJHPHQW FDQQRW EH OLPLWHG WR

WKH DQDO\VLV DQG PDQDJHPHQW RI ULVN >@ ,Q DGGLWLRQ WR

LGHQWLI\LQJ DQGHOLPLQDWLQJULVNVWKHSURFHVVVKRXOGDOVREH

FDUULHG RXW HIILFLHQWO\ OHDGLQJ WR JUHDW FRVW VDYLQJV IRU WKH

FRPSDQ\ DV D GLUHFW UHVXOW RI WKH LPSURYHG VHFXULW\

PDQDJHPHQW >@ 7KURXJK ULVN DQDO\VLV DVVHWV FDQ EH

LGHQWLILHGDQGWKHOHYHORIVHFXULW\ZKLFKQHHGVWREHDSSOLHG

FDQEHDVFHUWDLQHG

7KHPRVWSURPLQHQWVHFXULW\PDQDJHPHQWVWDQGDUGVKDYH

LQFOXGHG SURFHVVHV IRU ULVN DQDO\VLV DQG PDQDJHPHQW EXW

WKHVHKDYHSURYHGGLIILFXOWWRDSSO\LQWKHFDVHRI60(VDV

WKH\ UHTXLUH D ODUJH LQYHVWPHQW DQG DUH GLIILFXOW WR PDQDJH

>@7KHPDLQSURSRVDOV IRUULVNDQDO\VLVDQG PDQDJHPHQW

LQFOXGH0$*(5,7>@2&7$9(>@DQG&5$00>@

2Q WKH RWKHU KDQG VRPH RI WKH PDLQ VHFXULW\

PDQDJHPHQWVWDQGDUGVKDYHWULHGWRLQFRUSRUDWHULVNDQDO\VLV

DQGPDQDJHPHQWLQWRWKHLUSURFHVVHV

x ,62,(& >@ (VWDEOLVKHV WKH JXLGHOLQHV IRU

PDQDJLQJULVN LQLQIRUPDWLRQVHFXULW\6XSSRUWVWKH

JHQHUDO FRQFHSWV VSHFLILHG LQ UHJXODWLRQ

,62,(&>@DQGLVGHVLJQHGWRKHOSZLWKWKH

VDWLVIDFWRU\DSSOLFDWLRQRILQIRUPDWLRQVHFXULW\EDVHG

RQ D ULVN PDQDJHPHQW DSSURDFK .QRZOHGJH RI WKH

FRQFHSWV PRGHOV SURFHVVHV DQG WHUPV GHVFULEHG LQ

UHJXODWLRQ ,62,(& >@ DQG ,62,(&

>@ LV LPSRUWDQW WR IXOO\ XQGHUVWDQG UHJXODWLRQ

,62,(&>@

x ,62,(&66(±&00 >@ $ FDSDEOH DQG

PDWXUHPRGHOLQWKHHQJLQHHULQJRIVHFXULW\V\VWHPV

LW GHVFULEHV WKH HVVHQWLDO IHDWXUHV RI WKH SURFHVV

ZKLFK D FRPSDQ\ PXVW KDYH LQ SODFH LQ RUGHU WR

HQVXUH D JRRG OHYHO RI VHFXULW\ IRU WKHLU V\VWHPV

LQFOXGLQJLQWKHSULRUVWDJHVDSURFHVVDLPHGDWULVN

ZLWK  VXESURFHVVHV 66(3$ 'HWHUPLQH WKH

LPSDFW 66(3$ ,GHQWLI\ VHFXULW\ ULVNV 66(

3$ ,GHQWLI\ WKUHDWV 66(3$ ,GHQWLI\

YXOQHUDELOLWLHV

x &2%,7 7KLV LV D PHWKRGRORJ\ IRU WKH VXLWDEOH

FRQWURO RI WHFKQRORJ\ SURMHFWV LQIRUPDWLRQ IORZV

DQGWKHULVNVDVVRFLDWHGZLWKQRWKDYLQJDSSURSULDWH

FRQWUROV,WLQFOXGHVDSURFHVVIRUHYDOXDWLQJULVNVLQ

WKH GRPDLQ 32 7KLV SURFHVV FHQWUHV PDLQO\ RQ

FULWHULD RI FRQILGHQWLDOLW\ LQWHJULW\ DQG DYDLODELOLW\

DQGDWDVHFRQGDU\OHYHORQFULWHULDRIHIIHFWLYHQHVV

HIILFLHQF\ FRPSOLDQFH DQG UHOLDELOLW\ /DVWO\ WKLV

SURFHVV LQYROYHV D QXPEHU RI SURILOHV +XPDQ

5HVRXUFHV ,QIRUPDWLRQ 7HFKQRORJ\ ,QVWDOODWLRQV

DQG 'DWD 6\VWHPV ZKLFK IRUP SDUW RI WKH

LQIRUPDWLRQV\VWHP

7KHUHLVDOVRDVPDOOVHWRIULVNDQDO\VLVWRROV&XUUHQWO\

WKHPRVWZLGHO\XVHGDUH3,/$5DQG($5EDVHGRQ0DJHULW

Y>@2WKHUWRROVXVHGLQFOXGHWKHSURSRVDOIURP(1,6$

ZKLFK LQFOXGHV D FRPSDUDWLYH V\VWHP 2&7$9(±6 DQG

2FWDYH $XWRPDWHG 7RRO ZKLFK LPSOHPHQW WKH ULVN

HYDOXDWLRQ PHWKRGRORJ\ 2&7$9( >@ &5$00 DQG

&2%5$

7KH PDLQ SUREOHP ZLWKWKHVHSURFHVVHVDQGWRROVLV WKH

FRPSOH[LW\IRUDSSO\LQJWKHPWR60(VVLQFHWKH\KDYHEHHQ

FRQFHLYHG IRU XVH LQ ODUJH FRPSDQLHV >@ 7KH H[FXVH LV

RIWHQ PDGH > @ WKDW DSSO\LQJ WKLV W\SH RI SURFHVV WR

60(V LV GLIILFXOW DQG FRVWO\ $OVR RUJDQLVDWLRQV LQFOXGLQJ

ODUJH RUJDQLVDWLRQV WHQG WR DGRSW VHWV RI UHODWHG SURFHVVHV

UDWKHUWKDQGHDOLQJZLWKSURFHVVHVLQGHSHQGHQWO\>@

&RQVHTXHQWO\ DQG DV D FRQFOXVLRQ WR WKLV VHFWLRQ ZH

FRQVLGHU WKDW LW LV SHUWLQHQW DQG DSSURSULDWH WR WDFNOH WKH

SUREOHPRIGHYHORSLQJDQHZVHFXULW\ULVNPDQDJHPHQWDQG

DQDO\VLV SURFHVV IRU 60( LQIRUPDWLRQ V\VWHPV DQG D WRRO

WKDW VXSSRUWV WKLV SURFHVV EDVHG RQ WKH SUREOHPV WKDW WKLV

W\SHRIFRPSDQ\IDFHZKLFKKDYHOHGWRFRQWLQXDOIDLOXUHVLQ

>@DWWHPSWVWRLQWURGXFHDQ,606LQ60(V$QXPEHURI

WKHPRVWDSSURSULDWHLQWHUQDWLRQDOUHJXODWLRQVDQGGRFXPHQWV

ZLOO EH XVHG IRU WKLV SXUSRVH VXFK DV WKH VHFXULW\

PDQDJHPHQW JXLGHOLQHV ,62,(&  >@ DQG WKH

0$*(5,7^ULVN DQDO\VLV DQG PDQDJHPHQW PHWKRGRORJ\

>@



0$1$*,1*$66(75,6.,160(6

7R UHVROYH WKH SUREOHPV GHWHFWHG LQ ULVN DQDO\VLV DQG

PDQDJHPHQWZKHQDSSOLHGWR60(VDQHZSURFHVVKDVEHHQ

GHYHORSHGDLPHGDWPDQDJLQJULVNLQWKLVW\SHRIFRPSDQ\

FDOOHG 5$060( ZKLFK LV SDUW RI WKH PHWKRGRORJ\ IRU

LPSOHPHQWDWLRQ DQG PDLQWHQDQFH RI VDIHW\ PDQDJHPHQW

V\VWHPV06060(ZKLFKKDVWZREDVLFSUHPLVHVLLWLV

DLPHG DW 60(V DQG LL LV IRFXVHG RQ UHGXFLQJ WKH FRVWV RI

JHQHUDWLQJ DQG PDLQWDLQLQJ WKH ULVN DQDO\VLV DQG

PDQDJHPHQWSURFHVV

7KLV SURFHVV KDV EHHQ UHDFKHG E\ DSSO\LQJ WKH DFWLRQ

UHVHDUFKPHWKRG>@DQGLVVHWZLWKLQWKHIUDPHZRUNRIWKH



0$*(5,7 LV WKH 6SDQLVK 6WDWH &HQWUDO $GPLQLVWUDWLRQ¶V ULVN

PDQDJHPHQWPHWKRGRORJ\ZKLFKLVUHFRJQL]HGE\1$720LOLWDU\

DOOLDQFHRIGHPRFUDWLFVWDWHVLQ(XURSHDQG1RUWK$PHULFD

423

PHWKRGRORJ\06060(>@ZKLFKFRYHUVDOODVSHFWVRI

VHFXULW\PDQDJHPHQW

:LWKLQ WKLV PHWKRGRORJ\ WKH ULVN DQDO\VLV DQG

PDQDJHPHQWSURFHVVFRQVLVWVRIWZRDFWLYLWLHV

x $FWLYLW\,$VWUXFWXUHRIUHODWLRQVKLSVLVHVWDEOLVKHG

EHWZHHQ WKH GLIIHUHQW HOHPHQWV LQYROYHG LQ WKH ULVN

DQDO\VLV DQG WKH FRQWUROV QHHGHG IRU VHFXULW\

PDQDJHPHQW 7KHVH UHODWLRQVKLSV DUH HVWDEOLVKHG

XVLQJ NQRZOHGJH DFTXLUHG LQ WKH GLIIHUHQW

LPSOHPHQWDWLRQV7KLVLVVWRUHGLQDVWUXFWXUHFDOOHG

D VFKHPD WR EH UHXVHG DW D ODWHU GDWH UHGXFLQJ WKH

SURGXFWLRQFRVWVRIWKLVSURFHVV

x $FWLYLW\ ,, %\ VHOHFWLQJ WKH PRVW VXLWDEOH VFKHPD

DQG LGHQWLI\LQJ D VPDOO VHW RI WKH PDLQ DVVHWV \RX

JHW D GHWDLOHG PDS RI WKH FXUUHQW VLWXDWLRQ ULVN

DQDO\VLVDQGDSODQRIUHFRPPHQGDWLRQVRQKRZWR

LPSURYHLWULVNPDQDJHPHQW

,Q WKH ILUVW DFWLYLW\ ZH FRQVWUXFWHG D ULVN PRGHO WKDW

VWRUHVNQRZOHGJHDQGWKDWFDQEHLQVWDQWLDWHGDQGUHXVHGE\

RWKHUFRPSDQLHVZKRVKDUHWKHVDPHFKDUDFWHULVWLFVVL]HDQG

EXVLQHVVVHFWRUXVLQJWKHDFWLYLW\WZR

7R SURSHUO\ XQGHUVWDQG WKLV SURFHVV LW LV LPSRUWDQW WR

XQGHUVWDQGWKHFRQFHSWRID6FKHPD7KLVLVDVWUXFWXUHPDGH

XS RI WKH PDLQ HOHPHQWV RI DQ ,606 DQG WKH UHODWLRQVKLSV

WKDW FDQ EH HVWDEOLVKHG EHWZHHQ WKHP WKURXJK WKH .QRZ

+RZ DFTXLUHG LQ GLIIHUHQW LPSOHPHQWDWLRQV 7KLV VWUXFWXUH

FDQ EH UHXVHG E\ D JURXS RI FRPSDQLHV ZLWK FRPPRQ

FKDUDFWHULVWLFV VDPH VHFWRU DQG VL]H EDVHG RQ WKH

NQRZOHGJHDFTXLUHGZLWKWKHLPSOHPHQWDWLRQRIWKH060±

60(PHWKRGRORJ\DQGVXEVHTXHQWUHILQHPHQWV

7KLV VHFWLRQ LV GLYLGHG LQWR WZR VXEVHFWLRQV ZKLFK

FRUUHVSRQGWRWKHWZRDFWLYLWLHVLQYROYHGLQWKHSURFHVV



 5$060( $FWLYLW\  5LVN DQDO\VLV DV SDUW RI D

6FKHPD

7KH PDLQ REMHFWLYH RI WKLV DFWLYLW\ LV WR VHOHFW WKH

HOHPHQWVQHHGHGWRFDUU\RXWDEDVLFORZFRVWULVNDQDO\VLV

DGDSWHG WR WKH UHTXLUHPHQWV RI 60(V RQ WKH DVVHWV WKDW

PDNH XS WKH FRPSDQ\V LQIRUPDWLRQ V\VWHP LQ DFWLYLWLHV

VXEVHTXHQWWRWKHPHWKRGRORJ\

7KLVDFWLYLW\LVEDVHGRQWKHFRQFOXVLRQVREWDLQHG ZKHQ

WKH DFWLRQ UHVHDUFK PHWKRG LV DSSOLHG >@ WR GLIIHUHQW FDVH

VWXGLHV ZKLFK KDYHHQDEOHGD KLJK GHJUHHRI FRUUHODWLRQWR

EH GHWHUPLQHG EHWZHHQ WKH HOHPHQWV LQYROYHG LQ D ULVN

DQDO\VLVDQGWKHUHODWLRQVKLSVEHWZHHQWKHPZKHQDSSOLHGWR

60(V ZLWK VLPLODU FKDUDFWHULVWLFV VDPH VHFWRU DQG VDPH

VL]H PDNLQJ LW SRVVLEOH WR HVWDEOLVK VDLG UHODWLRQVKLSV D

SULRUL HOLPLQDWLQJ WKH FRVW RI KDYLQJ WR DQDO\VH WKHP

LQGLYLGXDOO\ WKURXJK D FRQVXOWDWLRQ (YHQ ZKHQ WKHUH DUH

GLIIHUHQFHV EHWZHHQ WKHP WKHVH GLIIHUHQFHV DUH LUUHOHYDQW

ZLWKUHJDUGWRWKHILQDOFRQILJXUDWLRQRIWKH,606REWDLQHG

IRU60(VJLYHQWKDWWKLVW\SHRIFRPSDQ\SULRULWLHVFRVWWR

JHWDKLJKO\DFFXUDWHUHVXOW

$OWKRXJKULVNDQDO\VLVLVRQHRIWKHIXQGDPHQWDOSDUWVRI

UHJXODWLRQ ,62,(& >@ DQG LV GHVFULEHG LQ GHWDLO LQ

VWDQGDUG,62,(&>@WKH PDLQREMHFWLYHRIWKHULVN

DQDO\VLV LQFOXGHG LQ WKH PHWKRGRORJ\ GHYHORSHG LV WR EH DV

ORZFRVW DV SRVVLEOH ZKLOVW VWLOO JHWWLQJ D UHVXOW RI D

VXIILFLHQWO\KLJKTXDOLW\

,Q)LJXUH\RXFDQVHHWKHEDVLFVFKHPDRILQSXWVWDVNV

DQGRXWSXWVZKLFKPDNHXSWKLVDFWLYLW\

x ,QSXWV$VDQLQSXW\RXUHFHLYHWKHNQRZOHGJHRIWKH

JURXS RI VHFXULW\ GRPDLQ H[SHUWV (*' REWDLQHG

GXULQJWKHSURFHVVRILPSOHPHQWLQJ,606VDQGDOVR

D VHW RI FRQWUROV IRU PDQDJLQJ VHFXULW\ ZKLFK DUH

VWRUHGLQWKHVFKHPDUHSRVLWRU\DQGDVHWRIHOHPHQWV

QHHGHGWRSURGXFHWKHULVNDQDO\VLV

x 7DVNV7KHVXESURFHVVFRQVLVWVRIHLJKWWDVNVZKLFK

ZLOOEHDQDO\VHGLQGHWDLOIXUWKHURQ

x 2XWSXWV 7KH RXWSXW EURXJKW DERXW E\ WKLV VXE

SURFHVV LV D VXEVHW RI WKH LQSXW HOHPHQWV DQG WKH

UHODWLRQVKLSV HVWDEOLVKHG EHWZHHQ WKHP ZKLFK ZLOO

EHVWRUHGLQWKHVFKHPDUHSRVLWRU\DQGZKLFKPDNH

XS D WKLUG RI WKH HOHPHQWV RI WKH VFKHPD EHLQJ

JHQHUDWHG



*(*6±$

7

.QRZ+RZRI 7

VHFXULW\H[SHUWV

5LVNDQDO\VLV

PHWKRGRORJLHV 6FKHPD

5HSRVLWRU\

3DUWRI 6FKHPD 1HZHOHPHQW

,QSXW 7DVN 2XWSXW

7

7

7

7

7

7

6FKHPD 5HSRVLWRU\

3DUWRI 6FKHPD

)LJXUH6LPSOLILHGVFKHPDIRUDFWLYLW\$WDVN

 1RZ ZH VKDOO DQDO\VH WKH GLIIHUHQW WDVNV LQ WKH SURFHVV

WKDWLQYROYHWKHGLIIHUHQWHOHPHQWVRIWKHULVNDQDO\VLV

x 7DVN7±6HOHFWLQJW\SHVRIDVVHWV7KLVLQYROYHV

VHOHFWLQJWKHVHWRIDVVHWW\SHVWKDWZLOOIRUPSDUWRI

WKH VFKHPD EHLQJ FRQVWUXFWHG 7KH DVVHW W\SHV ZLOO

WKHQ EH XVHG IRU D QXPEHU RI WDVNV L WR JURXS WKH

LQIRUPDWLRQV\VWHPDVVHWVLLWKH\ZLOOEHOLQNHGXS

ZLWK RWKHU ULVN DQDO\VLV HOHPHQWV WR HQDEOH WKLV

SURFHVVWREHDXWRPDWHG

x 7DVN 7 ± 6HOHFWLQJ WKUHDWV 7KLV LQYROYHV

VHOHFWLQJWKHVHWRIWKUHDWVWKDWZLOOIRUPSDUWRIWKH

VFKHPDEHLQJFRQVWUXFWHG$WKUHDWLVGHILQHGDVDQ

HYHQW WKDW FRXOG OHDG WR DQ LQFLGHQW LQ WKH

RUJDQLVDWLRQ SURGXFLQJ PDWHULDO GDPDJH RU

LPPDWHULDO ORVVHV LQ LWV DVVHWV >@ ,Q VXEVHTXHQW

WDVNVWKHVHWKUHDWVZLOOEHOLQNHGXSZLWKRWKHUULVN

DQDO\VLV HOHPHQWV ZLWK WKH DLP RI DXWRPDWLQJ WKH

SURFHVVDQGUHGXFLQJFRVWVZKHQHYDOXDWLQJWKHULVNV

WR ZKLFK WKH DVVHWV RI DQ LQIRUPDWLRQ V\VWHP DUH

H[SRVHG

x 7DVN7±6HOHFWLQJYXOQHUDELOLWLHV7KLVLQYROYHV

VHOHFWLQJWKHVHWRIYXOQHUDELOLWLHVWKDWZLOOIRUPSDUW

RI WKH VFKHPD EHLQJ FRQVWUXFWHG $ YXOQHUDELOLW\ LV

GHILQHG DV D ZHDNQHVV RU FRQWURO IDXOW WKDW FRXOG

UHVXOWLQDWKUHDWDWWDFNLQJDQDVVHWLQWKHV\VWHPLQ

ZKLFK WKH ZHDNQHVV KDV EHHQ LGHQWLILHG >@ ,Q

424

VXEVHTXHQWWDVNVWKHVHYXOQHUDELOLWLHVZLOOEHOLQNHG

XSZLWKRWKHUULVNDQDO\VLVHOHPHQWVZLWKWKHDLPRI

DXWRPDWLQJ WKH SURFHVV DQG UHGXFLQJ FRVWV ZKHQ

HYDOXDWLQJ WKH ULVNV WR ZKLFK WKH DVVHWV RI DQ

LQIRUPDWLRQV\VWHPDUHH[SRVHG

x 7DVN 7 ± 6HOHFWLQJ ULVN FULWHULD 7KLV LQYROYHV

VHOHFWLQJWKHVHWRIULVNFULWHULDWKDWZLOOIRUPSDUWRI

WKH VFKHPD EHLQJ FRQVWUXFWHG 5LVN FULWHULD DUH

GHILQHGDVWKRVHFULWHULDWKDWHQDEOHDQHVWLPDWHWREH

PDGH RI WKH OLNHOLKRRG RI D WKUHDW PDWHULDOLVLQJ LQ

RQH RU PRUH DVVHWV FDXVLQJ GDPDJH WR WKH

RUJDQLVDWLRQ ,Q VXEVHTXHQW WDVNV WKHVH ULVN FULWHULD

ZLOO EH OLQNHG XS ZLWK RWKHU ULVN DQDO\VLV HOHPHQWV

ZLWKWKHDLPRIDXWRPDWLQJWKHSURFHVVDQGUHGXFLQJ

FRVWVZKHQHYDOXDWLQJWKHULVNVWRZKLFKWKHDVVHWVRI

DQLQIRUPDWLRQV\VWHPDUHH[SRVHG

x 7DVN7±(VWDEOLVKLQJUHODWLRQVKLSVEHWZHHQDVVHW

W\SHVDQGYXOQHUDELOLWLHV7KLVLQYROYHVHVWDEOLVKLQJ

WKHUHODWLRQVKLSVWKDWH[LVWEHWZHHQWKHHOHPHQWVWKDW

PDNHXSWKHVHWRIDVVHWW\SHVDQGWKHHOHPHQWVWKDW

PDNH XS WKH VHW RI YXOQHUDELOLWLHV IRU D SDUWLFXODU

VFKHPD

x 7DVN 7 ± (VWDEOLVKLQJ UHODWLRQVKLSV EHWZHHQ

WKUHDWV DQG YXOQHUDELOLWLHV 7KLV LQYROYHV

HVWDEOLVKLQJ WKH UHODWLRQVKLSV WKDW H[LVW EHWZHHQ WKH

HOHPHQWV WKDW PDNH XS WKH VHW RI WKUHDWV DQG WKH

HOHPHQWVWKDWPDNHXSWKHVHWRIYXOQHUDELOLWLHVIRUD

SDUWLFXODUVFKHPD

x 7DVN 7 ± (VWDEOLVKLQJ UHODWLRQVKLSV EHWZHHQ

WKUHDWV DQG FRQWUROV 7KLV LQYROYHV HVWDEOLVKLQJ WKH

UHODWLRQVKLSV WKDW H[LVW EHWZHHQ WKH HOHPHQWV WKDW

PDNH XS WKH VHW RI WKUHDWV DQG WKH HOHPHQWV WKDW

PDNHXSWKHVHWRIFRQWUROVIRUDSDUWLFXODUVFKHPD

x 7DVN7±(VWDEOLVKLQJUHODWLRQVKLSVEHWZHHQDVVHW

W\SHVYXOQHUDELOLWLHVDQGULVNFULWHULD7KLVLQYROYHV

HVWDEOLVKLQJ WKH UHODWLRQVKLSV WKDW H[LVW EHWZHHQ WKH

HOHPHQWV WKDW PDNH XS WKH VHW RI DVVHW W\SHV WKH

HOHPHQWVWKDWPDNHXSWKHVHWRIYXOQHUDELOLWLHVDQG

WKHHOHPHQWVWKDWPDNHXSWKHVHWRIULVNFULWHULDIRUD

SDUWLFXODUVFKHPD

7KH DVVRFLDWLRQV RI WDVNV 7 DUH HVWDEOLVKHG

E\ D JURXS RI GRPDLQ H[SHUWV (*' EDVHG RQ WKH

NQRZOHGJH DFTXLUHG WKURXJK GLIIHUHQW ,606

LPSOHPHQWDWLRQV



 5$060($FWLYLW\$SSO\LQJWKHULVNDQDO\VLV

7KHPDLQDLPRIWKLVDFWLYLW\LVWRHVWDEOLVKDQHYDOXDWLRQ

RI WKH ULVNV WR ZKLFK WKH PDLQ DVVHWV RI WKH LQIRUPDWLRQ

V\VWHP RI WKH FRPSDQ\ ZLVKLQJ WR VHW XS WKH ,606 DUH

H[SRVHG DQG WR SURSRVH D SODQ WR WKH KHDG RI VHFXULW\

&X56IRUPDQDJLQJWKHULVNLQWKHPRVWHIILFLHQWZD\

,Q)LJXUH\RXFDQVHHWKHEDVLFVFKHPDRILQSXWVWDVNV

DQGRXWSXWVZKLFKPDNHXSWKLVDFWLYLW\



6FKHPD

,QW

$VV5HS

505HS

,35HS

,QSXW 7DVN 2XWSXW

*6*6±$

7 7

,606 5HSRVLWRU\

,QI

,606

$VVHWV,6

)LJXUH6LPSOLILHGVFKHPDIRUDFWLYLW\$WDVN



x ,QSXWV $V DQ LQSXW \RX ZLOO UHFHLYH L D VFKHPD

IURP WKH VFKHPD UHSRVLWRU\ ZKLFK ZLOO EH VHOHFWHG

E\ WKH VHFXULW\ FRQVXOWDQW 6&R EDVHG RQ WKH

FKDUDFWHULVWLFV RI WKH FRPSDQ\ VHFWRU DQG VL]H

IURPZKLFKWKHHOHPHQWVQHHGHGWRFDUU\RXWWKHULVN

DQDO\VLVZLOOEHREWDLQHGLLWKHHOHFWHGGHOHJDWHIRU

WKH FRPSDQ\ ZKR ZLOO EH UHVSRQVLEOH IRU GHILQLQJ

WKH DVVHWV LLL D VHW RI DVVHWV IURP WKH LQIRUPDWLRQ

V\VWHPDVJHQHUDODVSRVVLEOHFRXUVHJUDLQ

x 7DVNV7KHVXESURFHVVFRQVLVWVRIWZRWDVNVZKLFK

ZLOOEHDQDO\VHGLQGHWDLOIXUWKHURQ

x 2XWSXWV 7KH RXWSXW SURGXFHG E\ WKLV VXESURFHVV

ZLOO EH D VHULHV RI KDQGRXWV UHSRUW RQ LQIRUPDWLRQ

V\VWHP DVVHWV PDWUL[ RI ULVNV WR ZKLFK WKH

LQIRUPDWLRQ V\VWHP DVVHWV DUH H[SRVHG DQG WKH

LPSURYHPHQW SODQ UHFRPPHQGHG E\ WKH

PHWKRGRORJ\ IRU WDFNOLQJ WKH ,606 VHFXULW\

PDQDJHPHQW LPSURYHPHQWV VR WKDW WKH VHFXULW\

FRQVXOWDQW6&RFDQDQDO\VHWKHP7KHLQIRUPDWLRQ

IRXQG LQWKHVHKDQGRXWVZLOO EHVWRUHGLQWKH,606

UHSRVLWRU\ WR EH XVHG DW D ODWHU GDWH WR JHQHUDWH WKH

HOHPHQWVWKDWPDNHXSWKHFRPSDQ\V,606

7KLV DFWLYLW\ LV EDVHG RQ WKH 6WHSKHQVRQ SURSRVDO >@

ZKLFKFHQWUHVRQWKHV\QHUJ\EHWZHHQWKHWHFKQLFDOWHVWDQG

WKH ULVN DQDO\VLV WDNLQJ ,62,(& DV D UHIHUHQFH>@

DQGRQWKHULVNDQDO\VLVPHWKRGRORJ\0DJHULWY>@7KHVH

PHWKRGRORJLHVDUHRIWHQUHMHFWHGE\60(VDVWKH\ DUHVHHQ

DVWRRFRPSOH[DQGUHTXLULQJDKXJHFRPPLWPHQWRQWKHSDUW

RI WKH FRPSDQ\ PHPEHUV DQG WKH DVVRFLDWHG FRVWV DUH QRW

DFFHSWHG E\ WKH 60(V )RU WKLV UHDVRQ WKH 060±60(

PHWKRGRORJ\ VLPSOLILHV WKLV ULVN HYDOXDWLRQ SURFHVV PDNLQJ

LWVXLWDEOHIRU60(V

7KH GHILQLQJ SULQFLSOHV RI WKLV DFWLYLW\ LQFOXGH WKH

IROORZLQJIOH[LELOLW\VLPSOLFLW\DQGFRVWHIILFLHQF\KXPDQ

DQGWLPHUHODWHG,WLVWKHUHIRUHDQDFWLYLW\ZKLFKDWWHPSWVWR

LGHQWLI\WKHFRPSDQ\VDVVHWVDQGDVVRFLDWHGULVNVLQWKHPRVW

FRVWHIIHFWLYH ZD\ SRVVLEOH XVLQJ WKH UHVXOWV JHQHUDWHG LQ

SUHYLRXVDFWLYLWLHVDQGVRPHVLPSOHDOJRULWKPV

7KH ULVN DQDO\VLV SDUW RI WKH PHWKRGRORJ\ WDNHV VRPH

DVSHFWV IURP 0DJHULW Y >@ DQG VRPH IURP FODVVLF ULVN

DQDO\VHVEXWDWDOOWLPHVWHQGVWRZDUGVVLPSOLILFDWLRQ

,QRUGHUIRUWKLVDFWLYLW\WRRSHUDWHFRKHUHQWO\WKHVSHFLDO

FRQGLWLRQV RI 60(V QHHG WR EH WDNHQ LQWR DFFRXQW VXFK DV

WKH IDFW WKDW WKH XVHUV GR QRW XVXDOO\ KDYH WKH WLPH RU

DSSURSULDWH NQRZOHGJH WR HIILFLHQWO\ DSSO\ ULVN DQDO\VLV

PHWKRGRORJLHVRUWRDGHTXDWHO\GHWHUPLQHWKHDVVHWVRIWKHLU

LQIRUPDWLRQV\VWHPV

425

$VLQWKHSUHYLRXVDFWLYLW\ZKHQLWFRPHVWR60(VLWLV

QRW WKH RSWLPDO RSWLRQ ZKLFK LV VRXJKW EXW UDWKHU D JRRG

UHDVRQDEOHRSWLRQZKLFKDOORZVIRUDVLJQLILFDQWUHGXFWLRQLQ

WKHWLPHLWWDNHVWRREWDLQWKHUHVXOW

7KH WDVNV IRU WKLV DFWLYLW\ DUH PDLQO\ VXSSRUWHG E\ WKH

GDWD ZKLFK PDNHV XS WKH VHOHFWHG VFKHPD JHQHUDWHG LQ

DFWLYLW\$DQGE\DOLVWRIVHFXULW\FRQWUROV

%HORZZHRIIHUDGHWDLOHGORRNDWWKHWDVNVZKLFKPDNH

XSWKLVDFWLYLW\

x 7DVN7±,GHQWLI\LQJDVVHWV7KHDLPRIWKLVWDVN

LV WR REWDLQ D VHW RI WKH DVVHWV WKDW PDNH XS WKH

FRPSDQ\VLQIRUPDWLRQV\VWHP7KH,606LVIRFXVHG

RQWKHDVVHWVGHILQHGDVWKHVHDUHWKHHOHPHQWVZKLFK

LWLVLQWHQGHGWRSURWHFWEHFDXVHWKH\DUHRIYDOXHWR

WKH FRPSDQ\ DQG LQ PRVW FDVHV DUH WKH

GLVWLQJXLVKLQJIDFWRULQWHUPVRIFRPSHWLWLYHQHVV

2QH RI WKH PDLQ GLIIHUHQFHV RIIHUHG E\ WKH

PHWKRGIRUULVNHYDOXDWLRQLQWKHPHWKRGRORJ\LVWKDW

LW WULHV WR PDNH VXUH WKH DVVHWV DUH DV JHQHUDO DV

SRVVLEOH FRXUVH JUDLQ UDWKHU WKDQ >@  WU\LQJ WR

LGHQWLI\WKHPFOHDUO\DQGSUHFLVHO\ILQHJUDLQ

)RU60(VDWWHPSWVVKRXOGEHPDGHWRLGHQWLI\D

YHU\ VPDOO DQG EDVLF VHW RI DVVHWV VLQFH WKHLU

LQIRUPDWLRQ V\VWHPV GR QRW SHUPLW WKH GLVFULPLQDWH

SURWHFWLRQ RI DVVHWV ZKLFK FDQQRW EH HDVLO\

IUDJPHQWHG DQG WKH\ FDQQRW VXSSRUW WKH FRVW RI

PDQDJLQJWKHVHDVVHWV7KHUHIRUHWKLVWDVNORRNVIRU

JHQHUDODVVHWVZKLFKDUHVLPSOHWRYDOXHIURPERWKD

TXDQWLWDWLYHDQGTXDOLWDWLYHSRLQWRIYLHZ

,QWKLVWDVNWKHVHFXULW\FRQVXOWDQW6&RVKRXOG

KHOS WKH HOHFWHG GHOHJDWH WR LGHQWLI\ WKH VHW RI

YDOXDEOH DVVHWV WKDW PDNH XS WKH FRPSDQ\V

LQIRUPDWLRQV\VWHP

x 7DVN 7 ± *HQHUDWLQJ WKH ULVN PDWUL[ DQG

LPSURYHPHQW SODQ 7KH DLP RI WKLV WDVN LV WR FDUU\

RXWDQHYDOXDWLRQRIWKHULVNVWRZKLFKWKHDVVHWVRI

WKHFRPSDQ\GHILQHGLQWDVN7DUHH[SRVHG

7KHGDWDJHQHUDWHGLQDFWLYLW\$DQGWKHDVVHWV

LGHQWLILHG LQ WDVN 7 DUH UHTXLUHG LQ WKLV WDVN WR

JHQHUDWHDULVNPDWUL[ZKLFKJLYHVDGHWDLOHGDFFRXQW

RI WKH ULVNV WR ZKLFK HDFK DVVHW LV H[SRVHG DQG DQ

LPSURYHPHQW SODQ WKDW GHWHUPLQHV KRZ WKHVH ULVNV

DUHWREHWDFNOHG

7KHLPSURYHPHQWSODQLVVXSSRUWHGE\WKHUHVXOWV

REWDLQHGLQWKHULVN PDWUL[7KHULVNPDWUL[DQGWKH

LPSURYHPHQW SODQ DUH XVHG E\ WKH VHFXULW\

FRQVXOWDQW6&RWRGHWHUPLQHDQGDQDO\VHDGGLWLRQDO

DQGXUJHQWPHDVXUHVZKLFKWKHFRPSDQ\VKRXOGWDNH

LQRUGHUWRPLWLJDWHKLJKOHYHOULVNVWRWKHFRPSDQ\V

LQIRUPDWLRQDVVHWV

7KH ILUVW DLP RI WKLV WDVN LV WR JHQHUDWH D ULVN

PDWUL[WKDWHQDEOHVXVWRILQGRXWZKDWULVNVHDFKRI

WKHFRPSDQ\VDVVHWVDUHH[SRVHGWRDWHDFKOHYHORI

PDWXULW\ DQG IRU HDFK ULVN DVVHVVPHQW HOHPHQW

WKUHDWV YXOQHUDELOLWLHV DQG ULVN FULWHULD 7KH UHVXOW

ZLOOEHDWDEOHZLWKWKHIROORZLQJFROXPQV

R /HYHO6HFXULW\PDWXULW\OHYHO

R 1DPHDQGGHVFULSWLRQRIDVVHW

R &RVW RI DVVHW TXDQWLWDWLYH YDOXH WKDW WKH

ORVV RI WKH DVVHW ZRXOG KDYH IRU WKH

FRPSDQ\

R 6WUDWHJLF YDOXH TXDOLWDWLYH YDOXH WKDW WKH

ORVVRIWKHDVVHWZRXOGKDYH

R $VVHWW\SH

R 7KUHDW

R 9XOQHUDELOLW\

R 5LVNFULWHULD

R /HYHORIWKUHDW/77KLVLVGHWHUPLQHGE\

WDNLQJLQWRDFFRXQWWKHLPSDFWWKDWDWKUHDW

ZRXOG KDYH RQ DQ DVVHW 7KH VFDOH YDOXHV

UDQJH IURP  >ORZ   PHGLXP   KLJK

@

R 3UREDELOLW\OHYHO37KLVLVGHILQHGDVWKH

SUREDELOLW\RIRFFXUUHQFHRIDYXOQHUDELOLW\

EDVHG RQ WKH HPSLULFDO FULWHULD 7KH VFDOH

YDOXHVUDQJHIURP>ORZ PHGLXP 

KLJK @

R 5LVN OHYHO 5/ VHH HTXDWLRQ  7KH

GHILQLWLRQRIWKHULVNOHYHO5/LVREWDLQHG

IURP WKH SUREDELOLW\ 3 RI RFFXUUHQFH

YXOQHUDELOLW\DQGWKHWKUHDWOHYHO/7

5/ 3 /7 

:LWK

x 5/5LVNOHYHO

x 33UREDELOLW\RIRFFXUUHQFHRIWKHYXOQHUDELOLWLHV

x /77KUHDWOHYHO



R /HYHO RI FRQWURO RU FRYHUDJH 7KLV LV WKH

FRPSOLDQFH OHYHO RI D VHFXULW\ FRQWURO LQ

UHODWLRQWRDSDUWLFXODUDVVHWH[SRVHGWRD

WKUHDW DW D SDUWLFXODU PDWXULW\ OHYHO VHH

HTXDWLRQVDQG7KLVGDWDLVHVVHQWLDOLQ

RUGHU WR FRPH XS ZLWK DQ LPSURYHPHQW

SODQVLQFHWKHV\VWHPZLOOXVHWKLVGDWDWR

SODQWKHRUGHULQZKLFKWKHFRQWUROVVKRXOG

EHLPSURYHGLQRUGHUWRPLQLPLVHULVNV

1&&$$[\] Ȉ9$&$01&$0  :LWK

x 1&&$$/HYHORIFRYHUDJHWKDWWKHFRQWUROVLQWKH

V\VWHPFXUUHQWO\RIIHUWRDVVHW;DJDLQVWWKUHDW<LQ

UHODWLRQWRVHFXULW\OHYHO=

x 1&$0 1XPEHU RI FRQWUROV DIIHFWHG E\ WKH WKUHDW

IRUWKDWPDWXULW\OHYHO

x 9$&$0 &XUUHQW YDOXH RI WKH FRQWURO DIIHFWHG E\

WKHWKUHDWIRUHDFKRIWKHPDWXULW\OHYHOV



1&&$ Ȉ1&&$$1$$ 



426

:LWK

x 1&$$ /HYHO RI FRYHUDJH RIIHUHG E\ WKH FXUUHQW

FRQWUROVLQWKHV\VWHPIRUDVVHW;DJDLQVWDQ\WKUHDW

x 1&&$$/HYHORIFRYHUDJHWKDWWKHFRQWUROVLQWKH

V\VWHPFXUUHQWO\RIIHUWRDVVHW;DJDLQVWWKUHDW<LQ

UHODWLRQWRVHFXULW\OHYHO=

x 1$$ :LWK 1$$ EHLQJ WKH QXPEHU RI WKUHDWV WKDW

DIIHFWWKHDVVHW



7KHYDOXHREWDLQHGIRUULVNOHYHO5/ZLOOEHPDQDJHGLQ

DFFRUGDQFH ZLWK 7DEOH , DQG ZLOO UDQJH EHWZHHQ  ORZHVW

ULVN DQG  KLJKHVW ULVN ,W KDV EHHQ GHWHUPLQHG WKDW WKH

UHVLGXDO ULVN OHYHO 55/ WKDW LV WKH OHYHO WKH FRPSDQ\

FXUUHQWO\KDVZLOOQHYHUEHJUHDWHUWKDQ WKHDFFHSWDEOH ULVN

OHYHO $5/ ZKLFK LV WKH OHYHO WKH FRPSDQ\ VKRXOG EH

DLPLQJWRZDUGV)RUWKH5$060(SURFHVVLWLVFRQVLGHUHG

WKDWWKH$5/VKRXOGEHOHVVWKDQRUHTXDOWR,IWKH5/LV

JUHDWHUWKDQWKH$5/VDIHJXDUGVDUHWKHQVHOHFWHGWRUHGXFH

WKHULVNDQGWKHSURFHVVLVFDUULHGRXWUHVRXUFHIXOO\XQWLOWKH

FRPSDQ\UHDFKHVWKHULJKWULVNOHYHO



7$%/(, 7$%/()25'(7(50,1,1*5,6./(9(/

/7 /RZ 0HGLXP +LJK

$5/ 

3 / 0 + / 0 + / 0 +

         

         

$VVHW

YDOXH

         



7RDVFHUWDLQWKHULVNWRZKLFKHDFKDVVHWLVH[SRVHGDQG

WKHFRYHUDJHOHYHORIHDFKFRQWUROLQDVLPSOHZD\WKH5LVN

0DWUL[50DDOJRULWKPZLOOEHXVHGVHH7DEOH,,



7$%/(,, 36(8'2&2'(2)7+(5,6.0$75,;$/*25,7+0

$OJRULWKP5LVNPDWUL[

*LYHQD6FKHPD&RPSDQ\,606DQG,606$SSOLFDWLRQ



±$VFHUWDLQWKHFRYHUDJHOHYHORIHDFKVHFXULW\FRQWURO

±$VFHUWDLQWKHLPSDFWRIWKHWKUHDWVIRUHDFKDVVHWDQGOHYHO

± $VFHUWDLQ WKH SUREDELOLW\ RI RFFXUUHQFH RI D YXOQHUDELOLW\ RQ DQ DVVHW

DQGPDWXULW\OHYHO

±2EWDLQWKHULVNPDWUL[WRDVFHUWDLQWKHULVNOHYHOIRUHDFKDVVHW





2QFH \RX KDYH WKH ULVN PDWUL[ WKLV ZLOO EH XVHG 

WRJHWKHUZLWKWKHLQIRUPDWLRQJHQHUDWHGLQWKHSUHYLRXVWDVNV

WRZRUNRXWWKHLPSURYHPHQWSODQWKURXJKWKHDSSOLFDWLRQ

RI WKH ,PSURYHPHQW 3ODQ DOJRULWKP D30 VHH 7DEOH ,,,

7KLVDOJRULWKPRSHUDWHVUHVRXUFHIXOO\GHWHUPLQLQJWKHDVVHW

ZLWK WKH KLJKHVW ULVN OHYHO DW WKH ORZHVW PDWXULW\ OHYHO DQG

DSSO\LQJWKHFRQWUROWKDWHQDEOHV WKLVWREHLPSURYHGDWWKH

ORZHVWFRVW,WWKHQUHFDOFXODWHVWKHZKROHSURFHVVDQGVHOHFWV

WKH QH[W EHVW RSWLRQ XQWLO UHDFKLQJ WKH RSWLPDO VHFXULW\

PDQDJHPHQWOHYHO



7$%/(,,, 36(8'2&2'(2)7+(,03529(0(173/$1$/*25,7+0

$OJRULWKP,PSURYHPHQWSODQ

*LYHQD6FKHPD&RPSDQ\,606DQG,606$SSOLFDWLRQ



±:KHQWKHULVNOHYHOLVKLJKHUWKDQWKHDVVXPDEOHULVN

±7KHULVNPDWUL[ LVUHFDOFXODWHG ZLWKDVFHQGLQJPDWXULW\

OHYHODQGGHVFHQGLQJULVNOHYHO

±7KHILUVWUHFRUGRQWKHPDWUL[LVVHOHFWHG

±7KHFRQWUROVIRUWKDWPDWUL[UHFRUGDUHREWDLQHG

±7KHFRQWUROZLWKWKHORZHVWFRYHUDJHOHYHOLVVHOHFWHG

± ,W LVVXHV WKH IXOO UHFRPPHQGDWLRQ RI WKH LPSURYHPHQW

WKDWFRPSOLDQFHZLWKWKHFRQWUROZRXOGUHVXOWLQ

±7KHPDWUL[LVUHFDOFXODWHGDQGWKHZHLJKWVDUHXSGDWHG





722/$1',76$33/,&$7,21,15($/&$6(6

$Q DSSOLFDWLRQ KDV EHHQ GHYHORSHG ZKLFK LV DEOH WR

VXSSRUWWKHULVNDQDO\VLVDQGPDQDJHPHQWSURFHVVGHVLJQHG

IRU60(V7KLVDSSOLFDWLRQLVGLYLGHGLQWRWZR]RQHVZKLFK

SURYLGH VXSSRUW WR HDFK RI WKH DFWLYLWLHV LQ WKH 5$060(

SURFHVV

:LWKLQWKHPDQDJHPHQW]RQHRIWKHDSSOLFDWLRQVVFKHPD

LV WKH ULVN DQDO\VLV PDQDJHPHQW ZKLFK HQDEOHV WKH

GLIIHUHQW FRPSRQHQWV RI WKH EDVLF ULVN DQDO\VLV WR EH

FRQILJXUHGE\DGGLQJRUUHPRYLQJQHZHOHPHQWVWRRUIURP

WKHVHFRPSRQHQWV7KLV]RQHFRUUHVSRQGVWRWKHILUVWDFWLYLW\

LQWKH5$0SURFHVV

%HFDXVH LW LV EDVHG RQ WKH GHYHORSHG PHWKRGRORJ\ WKH

RQO\QRWDEOHWDVNLQYROYHGLQFDUU\LQJRXWWKHULVNDQDO\VLVLV

WR HQWHU WKH FRPSDQ\V LQIRUPDWLRQ V\VWHP DVVHWV ZKLFK

PXVW EH TXDQWLILHG 7KLV ]RQH FRUUHVSRQGV WR WKH VHFRQG

DFWLYLW\LQWKH5$060(VXESURFHVV

8VLQJ WKHDVVHWVDQGWKH UHVXOWVREWDLQHG IRUWKHFRQWURO

FRPSOLDQFHOHYHOVZLWK,62,(&WKHPRGHOJHQHUDWHV

DFRPSOHWHULVNPDWUL[IRUWKHFRPSDQ\WRWDOO\DXWRPDWLFDOO\

VRWKDWWKHKHDGRIVHFXULW\FDQKDYHDFRPSOHWHPDSRIULVNV

YXOQHUDELOLWLHV WKUHDWV DQG FRYHUDJH OHYHO IRU HDFK RI WKH

DVVHWVWKDWPDNHXSWKHFRPSDQ\VLQIRUPDWLRQV\VWHP

7KHPDWUL[JHQHUDWHGE\WKH060±60(PRGHOIRUWKH

UHDO FDVH RI WKH FRPSDQ\ 6LFDPDQ 1XHYDV 7HFQRORJtDV

617 LQFOXGHV  UHFRUGV 7KH ULVN PDWUL[ LQFOXGHV

GHWDLOHGLQIRUPDWLRQRQWKHDVVHWVIRUHDFKPDWXULW\OHYHODQG

RQKRZWKHVHDUHDIIHFWHGDFFRUGLQJWRDVVHWW\SHWKHWKUHDWV

WR ZKLFK WKHVH DVVHWV DUH H[SRVHG YXOQHUDELOLWLHV DQG ULVN

FULWHULD ZKLFK KDYH EHHQ WDNHQ LQWR DFFRXQW IRU WKLV DVVHW

8VLQJWKLVLQIRUPDWLRQWKHLPSDFWRIHDFKWKUHDWRQDQDVVHW

DQG WKH SUREDELOLW\ RI RFFXUUHQFH RI HDFK YXOQHUDELOLW\ DUH

DVVHVVHG 7KLV HQDEOHV D ULVN OHYHO WR EH HVWDEOLVKHG ZKLFK

ZLOO EH DVVRFLDWHG WR WKH FRPSDQ\V FRQWURO OHYHO WR

GHWHUPLQHKRZWRWDFNOHDQLPSURYHPHQWSODQ

8VLQJ WKH ULVN PDWUL[ WKH V\VWHP LV DEOH WR GHYLVH DQ

LPSURYHPHQW SODQ DQG SURSRVH D VHULHV RI VWHSV WR LQFUHDVH

427

WKHFRPSDQ\VVHFXULW\OHYHOLQWKHVKRUWHVWWLPHVFDOH7DEOH

,9 VKRZV WKH ILUVW VWHS SURSRVHG LQ WKH LPSURYHPHQW SODQ

IRUWKHFDVHVWXG\,QWKHFDVHRI617WKHV\VWHPUHTXLUHV

VWHSV WR UHDFK DQ DFFHSWDEOH ULVN OHYHO IRU WKH FRPSDQ\V

LQIRUPDWLRQV\VWHP%HFDXVHRIOLPLWHGVSDFHRQO\WKHILUVW

VWHSRIWKHLPSURYHPHQWSODQLVVKRZQ



7$%/(,9 ,03529(0(173/$1)25617

6WHS 7KHFRPSDQ\VFXUUHQWOHYHOLVOHYHOZLWKDPD[LPXP

ULVN RI  DW WKLV OHYHO 7KH DVVHW PRVW DIIHFWHG E\ WKH ULVN LV

KDUGZDUHVHUYHUVWKHORVVRIZKLFKZRXOGFRVWWKHRUJDQLVDWLRQ

HXURVDQGWKHVWUDWHJLFYDOXHRIZKLFKIRUWKHFRPSDQ\LV

RYHUZLWKWKHDVVHWW\SHEHLQJKDUGZDUH7KHULVNOHYHOIRU

WKLVDVVHWIRUWKHWKUHDWKDUGZDUHIDLOXUHSK\VLFDOGHYLFHLV

DQGWKHV\VWHPFXUUHQWO\KDVDFRQWUROFRYHUDJHOHYHORIIRU

ZKLFKUHDVRQLWLVUHFRPPHQGHGWKDWFRQWURODFWLYDWLRQLVWDFNOHG

>@FRSLHVRILQIRUPDWLRQVHFXULW\«



&21&/86,216

,Q WKLV DUWLFOH ZH KDYH SUHVHQWHG WKH SURSRVDO IRU D

SURFHVVWRFDUU\RXWULVNDQDO\VLVDQGPDQDJHPHQWLQ60(V

FDOOHG 5$060( ZKLFK HQDEOHV WKH UHVXOWV JHQHUDWHG

GXULQJ WKH LQYHVWLJDWLRQ WR EH VXSSRUWHG DQG WKH GHVLUHG

REMHFWLYHVWREHPHW

7KHJHQHUDWLRQDQGPDLQWHQDQFHFRVWRIULVNDQDO\VLVIRU

60(VVKRXOGEHYHU\ORZHYHQLIWKLVPHDQVVDFULILFLQJWKH

DFFXUDF\RIWKHDQDO\VLVEXWWKHUHVXOWVVKRXOGDOZD\VEHRID

VXIILFLHQWO\KLJKTXDOLW\

:HKDYHGHILQHGKRZWKLVSURFHVVDQGWKHLPSURYHPHQWV

LWRIIHUVFDQEHXVHGDVFRPSDUHGWRRWKHUPRGHOVWKDWWDFNOH

WKH SUREOHP LQ D PRUH SUHFLVH DQG GHWDLOHG EXW DOVR PRUH

FRVWO\ZD\PDNLQJWKHPXQVXLWDEOHIRU60(V

7KH IHDWXUHV RIIHUHG E\ WKH SURFHVV DQG LWV RULHQWDWLRQ

WRZDUGV 60(V KDYH EHHQ YHU\ ZHOO UHFHLYHG DQG LWV

DSSOLFDWLRQ LV SURYLQJ WR EH YHU\ SRVLWLYH DV LW HQDEOHV WKLV

W\SH RI FRPSDQ\ WR DGHTXDWHO\ PDQDJH WKH ULVNV WR ZKLFK

WKHLU LQIRUPDWLRQ V\VWHP DVVHWV DUH H[SRVHG )XUWKHUPRUH

WKLVSURFHVVSURYLGHVVKRUWWHUPUHVXOWVDQGUHGXFHVWKHFRVWV

WKDW WKH XVH RI RWKHU SURFHVVHV HQWDLO DFKLHYLQJ KLJKHU

VDWLVIDFWLRQOHYHOVZLWKLQWKHFRPSDQ\

7KH 5$060( SURFHVV PHHWV WKH SURSRVHG REMHFWLYHV

DQG FRPSOLHV ZLWK WKH SULQFLSOHV WKDW DFFRUGLQJ WR WKH

2UJDQLVDWLRQ IRU (FRQRPLF &RRSHUDWLRQ DQG 'HYHORSPHQW

2(&'>@DOOULVNHYDOXDWLRQSURFHVVHVPXVWIROORZ7KLV

PHDQV WKDW WKH V\VWHP PXVW EH DEOH WR FRQWLQXDOO\ VHOI

HYDOXDWHULVNDQGSURSRVHPHDVXUHV

)LQDOO\LWLVFRQVLGHUHGWKDWWKHZRUNFDUULHGRXWVKRXOG

EH H[WHQGHG ZLWK QHZ VSHFLILFDWLRQV QHZ VFKHPDV

LPSURYHPHQWV WR WKH ULVN DQDO\VLV DQG PDQDJHPHQW

DOJRULWKPVHQDEOLQJWKHPWRRIIHUPRUHGHWDLOHGSODQVDQGD

PRUHLQGHSWKORRNLQWRWKHSURFHVVZLWKQHZFDVHVWXGLHV

0RVWRIWKHIXWXUHLPSURYHPHQWVWRWKHSURFHVVDUHDLPHG

DWLPSURYLQJDFFXUDF\EXWDOZD\VUHVSHFWLQJWKHSULQFLSOHRI

UHVRXUFH FRVWV WKDW LV VHHNLQJ WR LPSURYH WKH SURFHVV

ZLWKRXW LQFXUULQJ ULVN DQDO\VLV JHQHUDWLRQ DQG PDLQWHQDQFH

FRVWV

$&.12:/('*0(17

7KLV UHVHDUFK LV SDUW RI WKH IROORZLQJ SURMHFWV

%86,1(66 3(7 JUDQWHG E\ WKH ³0LQLVWHULR GH

&LHQFLD H ,QQRYDFLyQ´ 6SDLQ 48$6,02'2 3$&

 SURMHFW ILQDQFHG E\ WKH ³9LFHFRQVHMHUtD GH

&LHQFLD \ 7HFQRORJtD GH OD -XQWD GH &RPXQLGDGHV GH

&DVWLOOD/D 0DQFKD´ 6,67(0$6 3,,, SURMHFWILQDQFHGE\WKH³&RQVHMHUtDGH(GXFDFLyQ\&LHQFLD

GH OD -XQWD GH &RPXQLGDGHV GH &DVWLOOD/D 0DQFKD´ DQG

0('86$6,',SURMHFWILQDQFHGE\WKH&HQWUR

SDUD HO 'HVDUUROOR 7HFQROyJLFR ,QGXVWULDO 0LQLVWHULR GH

&LHQFLDH,QQRYDFLyQ&'7,



5()(5(1&(6

>@ :LDQGHU7,PSOHPHQWLQJWKH,62,(&VWDQGDUGLQSUDFWLFH±

H[SHULHQFHV RQ DXGLW SKDVHV LQ $,6&  3URFHHGLQJV RI WKH VL[WK

$XVWUDODVLDQFRQIHUHQFHRQ,QIRUPDWLRQVHFXULW\:ROORQJRQJ

$XVWUDOLD

>@ :LDQGHU 7 DQG - +RODSSD 7KHRUHWLFDO )UDPHZRUN RI ,62 

&RPSOLDQW ,QIRUPDWLRQ 6HFXULW\ 0DQDJHPHQW 6\VWHP 8VLQJ 1RYHO

$6'0HWKRGLQ7HFKQLFDO5HSRUW975&R)LQODQG(GLWRU

>@ 'KLOORQ * DQG - %DFNKRXVH ,QIRUPDWLRQ 6\VWHP 6HFXULW\

0DQDJHPHQWLQWKH1HZ0LOOHQQLXP&RPPXQLFDWLRQVRIWKH$&0

S

>@ .OXJH')RUPDO,QIRUPDWLRQ6HFXULW\6WDQGDUGVLQ*HUPDQ0HGLXP

(QWHUSULVHV LQ &21,6$5 7KH &RQIHUHQFH RQ ,QIRUPDWLRQ 6\VWHPV

$SSOLHG5HVHDUFK

>@ +DOO$DQG5&KDSPDQ&RUUHFWQHVVE\&RQVWUXFWLRQ'HYHORSLQJD

&RPPHUFLDO6HFXUH6\VWHP,(((6RIWZDUHS

>@ 0DVDFFL)03UHVWDQG1=DQQRQH8VLQJDVHFXULW\UHTXLUHPHQWV

HQJLQHHULQJPHWKRGRORJ\LQSUDFWLFH7KHFRPStODQVHZLWKWKH,WDOLDQ

GDWD SURWHFWLRQ OHJLVODWLRQ &RPSXWHU 6WDQGDUGV  ,QWHUIDFHV 

S

>@ :DONHU ( 6RIWZDUH 'HYHORSPHQW 6HFXULW\ $ 5LVN 0DQDJHPHQW

3HUVSHFWLYH7KH'R'6RIWZDUH7HFK6HFXUH6RIWZDUH(QJLQHHULQJ

S

>@ 9RORQLQR/DQG65RELQVRQ3ULQFLSOHVDQG3UDFWLFHRI,QIRUPDWLRQ

6HFXULW\LQHGLWLRQ$QGHUVRQ1DWDOLH(1HZ-HUVH\((88

>@ 0LFKDOVRQ / ,QIRUPDWLRQVHFXULW\ DQG WKH ODZWKUHDWVDQG KRZ WR

PDQDJHWKHP&RQYHUJHQFHS

>@ 6SLQHOOLV ' DQG ' *ULW]DOLV ,QIRUPDWLRQ 6HFXULW\ %HVW 3UDFWLVH

'LVVHPLQDWLRQ 7KH ,6$(81(7 $SSURDFK LQ :,6( )LUVW :RUOG

&RQIHUHQFHRQ,QIRUPDWLRQ6HFXULW\(GXFDWLRQ

>@ 'LPRSRXORV 9 HW DO $SSURDFKHV WR ,7 6HFXULW\ LQ 6PDOO DQG

0HGLXP (QWHUSULVHV LQ QG $XVWUDOLDQ ,QIRUPDWLRQ 6HFXULW\

0DQDJHPHQW&RQIHUHQFH6HFXULQJWKH)XWXUHE3HUWK:HVWHUQ

$XVWUDOLD

>@ +RODSSD-DQG7:LDQGHU3UDFWLFDO,PSOHPHQWDWLRQRI,62

&RPSOLDQW ,QIRUPDWLRQ 6HFXULW\ 0DQDJHPHQW 6\VWHP 8VLQJ 1RYHO

$6'0HWKRGLQ7HFKQLFDO5HSRUW975&R)LQODQG(GLWRU

>@ /OYRQHQ / ,QIRUPDWLRQ 6HFXULW\ 0DQDJHPHQW LQ )LQQLVK 60(V LQ

WK (XURSHDQ &RQIHUHQFH RQ ,QIRUPDWLRQ :DUIDUH DQG 6HFXULW\

1DWLRQDO'HIHQFH&ROOHJH+HOVLQNL)LQODQ-XQH

>@ ,62,(& ,62,(&  ,QIRUPDWLRQ 7HFKQRORJ\  6HFXULW\

7HFKQLTXHV&RGHRISUDFWLFHIRULQIRUPDWLRQVHFXULW\PDQDJHPHQW



>@ 7D\ORU0DQG$0XUSK\60(VDQGH%XVLQHVV6PDOO%XVLQHVVDQG

(QWHUSULVH'HYHORSPHQWS

>@ 7DZLOHK $ - +LOWRQ DQG 6 0F,QWRVK 0DQDJLQJ ,QIRUPDWLRQ

6HFXULW\ LQ 6PDOO DQG 0HGLXP 6L]HG (QWHUSULVHV $ +ROLVWLF

$SSURDFK LQ ,66(6(&85(  6HFXULQJ (OHFWURQLF %XVLQHVV

3URFHVVHV9LHZHJ(GLWRUS

428