Using the Wald Maximin Criterion for Risk Analysis of Hard-To-Predict Threats in the Context of Resilience

Abstract

The application of the Wald’s criterion for risk analysis and management within the context of ensuring resilience for mission-critical information systems, operations, and organizations in conditions of uncertainty is considered. The proposed method facilitates addressing risks asso-ciated with stochastic and HILF (high impact, low frequency) threats, the probability of which is challenging to predict. This approach is grounded in assessing potential damages and the cost of countermeasures concerning these types of threats. Notably, the focus is directed towards ex-amining the worst possible outcomes of the evaluated threats, reducing the need for accurate probability forecasting. Utilizing the maximin criterion allows for surpassing the constraints of the standard risk matrix, which is employed to determine the risk level by juxtaposing the threat’s probability category with the severity of its implications. Consequently, information security systems can attain heightened levels of efficiency, which, subsequently, bolsters the re-silience of the organizations they safeguard.