Lisa Rajbhandari is associated to NISlab (Norwegian Information Security laboratory) at Gjøvik University College. Title of the dissertation: «Risk Analysis Using “Conflicting Incentives” as an Alternative Notion of Risk»
She is the second student affiliated with COINS Research School of Computer and Information Security that graduates with a Ph.D. degree.
The term risk usually means the outcome of events that may be hazardous or that may cause loss. In our daily life, we make decisions taking account of the “risk” we might face, e.g. when crossing the road, baking a cake, driving, etc. These decisions are guided by our intuitive sense and we feel we understand the underlying risks associated with these events. With an evolving nature of information systems environment e.g. social media, cloud, etc, there is also an increase in the number of threats. Thus, it is important that we can identify and determine risks logically, and this is where risk analysis comes into play. Risk Analysis is a systematic process or guidelines that usually consists of three steps: risk identification, risk estimation and risk evaluation.
This thesis contributes by developing a new approach for risk analysis: Conflicting Incentives Risk Analysis (CIRA). In CIRA, the stakeholders, their actions, and their perceived expected consequences are identified and used to characterize the risk situation. Risk is modeled in terms of conflicting incentives between the stakeholders in regards to the execution of actions. Thus, CIRA does not rely on the concept of incident likelihood, unlike most of the classical methods. Moreover, CIRA focuses on human related risks.
This dissertation also contributes by presenting the theoretical concepts of risk acceptance and rejection, addressing both threat and opportunity risks in the context of CIRA. Furthermore, an initial insight into how CIRA can be extended to risk management is given by explaining the risk treatment (response) measures for threat (opportunity) risks.
The picture above shows Lisa with the evaluation committe and the conductor of the public defense. Picture from left: Dean Terje Stafseng (conductor of public defense), Prof. Dr. Steven Furnell, Faculty of Science and Technology, School of Computing and Mathematics, Plymouth University (First external opponent), Lisa Rajbhandari, Prof. Dr. Stephen Wolthusen, Faculty of Computer Science and Media Technology, Gjøvik University College (Head of committee), Adj. Ass. Prof. Karin Sallhammar Bernsmed, NTNU, Research Scientist SINTEF (Second external opponent) and Prof. Dr. Stewart Kowalski, Faculty of Computer Science and Media Technology, Gjøvik University College (Internal opponent)