Re: Please help with study on threat analysis

[Marty Manjak <mm376 () ALBANY EDU>]

Steve,

This looks like an interesting project and it's helpful to visually
represent the elements and their relationships in understanding risk
analysis.

In reviewing your diagram, I have a couple of comments.

I'm not sure that the concept of "frequency" adequately accounts for the
"likelihood" of an event occurring. Hurricanes might be a good example of
this. The likelihood of a hurricane striking is one set of probabilities.
The chance that more than one hurricane will strike the same location is a
different set of probabilities. There are some threats where a single
occurrence increases the chances that there will be multiple events.

The diagram also does not visually express how threats depend on
vulnerabilities to create risk. This may be a difficult concept to
represent in a 2-d drawing.

Finally, there is a typo (deturmine).

I hope this is of some value to your work.

Marty Manjak, CISSP
Information Security Officer
University at Albany



> Hi Everyone!!
>
> I am conducting a study examining how different instructional strategies
> help students learn threat analysis concepts.  More specifically, I am
> investigating the extent and nature of the influence of examples from
> multiple domains on increasing learners' conceptual understanding (as
> compared to using examples from just one domain or field).  Similar
> research has been done in the past, but it focuses on well-defined
> concepts and problems; my work is novel in that it focuses on
> ill-defined concepts and problems.  And as you know, many concepts and
> problems in the real world are ill-defined!
>
> <snip>
>
> Steve Rigby
>
> Faculty
>
> Computer and Information Technology Department
>
> BYU-Idaho