SecurityFundamentalsModels.ppt
合集下载
《公司理财》斯蒂芬A罗斯英文》PPT课件讲义
• The rate should be appropriate to the risk presented by the security.
5.1 Definition and Example of a Bond
• A bond is a legally binding agreement between a borrower and a lender: – Specifies the principal amount of the loan. – Specifies the size and timing of the cash flows:
• In dollar terms (fixed-rate borrowing) • As a formula (adjustable-rate borrowing)
5.1 Definition and Example of a Bond
• Consider a U.S. government bond listed as 6 3/8 of December 2009.
N I/Y PV PMT FV
12
5
– 1,070.52
31.875 = 1,000
1,000×0.06375 2
5.3 Bond Concepts
1. Bond prices and market interest rates move in opposite directions.
2. When coupon rate = YTM, price = par value. When coupon rate > YTM, price > par value (premium bond) When coupon rate < YTM, price < par value (discount bond)
5.1 Definition and Example of a Bond
• A bond is a legally binding agreement between a borrower and a lender: – Specifies the principal amount of the loan. – Specifies the size and timing of the cash flows:
• In dollar terms (fixed-rate borrowing) • As a formula (adjustable-rate borrowing)
5.1 Definition and Example of a Bond
• Consider a U.S. government bond listed as 6 3/8 of December 2009.
N I/Y PV PMT FV
12
5
– 1,070.52
31.875 = 1,000
1,000×0.06375 2
5.3 Bond Concepts
1. Bond prices and market interest rates move in opposite directions.
2. When coupon rate = YTM, price = par value. When coupon rate > YTM, price > par value (premium bond) When coupon rate < YTM, price < par value (discount bond)
企业安全风险评估培训课件知识
硬件 文档 设备 人员 其它
简称
解释/示例
Data
存在电子媒介的各种数据资料,包括源代码、 数据库数据,各种数据资料、系统文档、运行
管理规程、计划、报告、用户手册等
Software 应用软件、系统软件、开发工具和资源库等
Service
业务流程和各种业务生产应用、操作系统、 WWW、 SMTP、 POP3、 FTP 、 MRPII、 DNS
第二阶段:蓝图阶段
蓝图系列文档
第三阶段:安全风险评估阶段
×××公司系统综合风险分析报告
15
项目阶段主要成果及标志(2)
第四阶段:综合评估和策略阶段
×××公司系统网络安全现状 ×××公司系统安全策略建议 ×××公司系统安全解决方案
第五阶段:项目评审
项目验收报告
16
风险评估的模式
精简型风险评估 标准型评估 大型评估
17
今日议题
安全风险评估介绍
信息安全介绍 工作环节 评估的模式
安全风险评估流程
安全风险评估工具介绍
安全风险评估工具
18
安全风险评估流程
• 信息资产界定 • 安全弱点和威胁的评估 • 风险量化和计算 • 安全评估报告 • 安全解决方案
评估流程图
19
信息资产分类列表
类别 数据
软件 服务
人工评估报告 顾问访谈备忘录 网络架构评估报告 策略文档评估报告
白客测试分析报告 安全问卷调查报告 业务流程评估报告 策略文档评估报告总结
方
案
安全风险评估报告
阶
网络安全策略评估和改进建议
段
网络安全解决方案
14
项目阶段主要成果及标志(1)
第一阶段:项目准备阶段
简称
解释/示例
Data
存在电子媒介的各种数据资料,包括源代码、 数据库数据,各种数据资料、系统文档、运行
管理规程、计划、报告、用户手册等
Software 应用软件、系统软件、开发工具和资源库等
Service
业务流程和各种业务生产应用、操作系统、 WWW、 SMTP、 POP3、 FTP 、 MRPII、 DNS
第二阶段:蓝图阶段
蓝图系列文档
第三阶段:安全风险评估阶段
×××公司系统综合风险分析报告
15
项目阶段主要成果及标志(2)
第四阶段:综合评估和策略阶段
×××公司系统网络安全现状 ×××公司系统安全策略建议 ×××公司系统安全解决方案
第五阶段:项目评审
项目验收报告
16
风险评估的模式
精简型风险评估 标准型评估 大型评估
17
今日议题
安全风险评估介绍
信息安全介绍 工作环节 评估的模式
安全风险评估流程
安全风险评估工具介绍
安全风险评估工具
18
安全风险评估流程
• 信息资产界定 • 安全弱点和威胁的评估 • 风险量化和计算 • 安全评估报告 • 安全解决方案
评估流程图
19
信息资产分类列表
类别 数据
软件 服务
人工评估报告 顾问访谈备忘录 网络架构评估报告 策略文档评估报告
白客测试分析报告 安全问卷调查报告 业务流程评估报告 策略文档评估报告总结
方
案
安全风险评估报告
阶
网络安全策略评估和改进建议
段
网络安全解决方案
14
项目阶段主要成果及标志(1)
第一阶段:项目准备阶段
金融机构英文课件 (22)
Lessons for Non-Financial Corporations (page 585-586)
l It is important to fully understand the products you trade
l Beware of hedgers becoming speculators l It can be dangerous to make the
l Separate the front middle and back office l Do not blindly trust models l Be conservative in recognizing inception
profits l Do not sell clients inappropriate products l Beware easy profits
Treasurer’s department a profit center
A Final Point (page 586-587)
l Three types of risk
l Known l Unknown l Unknowable
l Flexibility is important
l Beware when many are following the same strategy
l Do not make excessive use of short-term borrowings for long-term needs
l Market transparency is important
Risk Limits (page 577-579)
l Risk must be quantified and risk limits set l Exceeding risk limits not acceptableesult l Do not assume that you can outguess the
Fundamentals_of_Cybersecurity_-_NACUSO_4.4.2016
Sheets Suppression
High Availability
CFPB: UDAAP (Unfair/Deceptive Practice)
2016 first action by CFPB on cybersecurity: Online payment processor Accused of lying about PCI Compliance Accused of lying about their security procedures (encryption) Released apps without testing security Fined $100,000 Firewall Run System Change Respect & Best DR/BR Program System Change Cease Sheets and Desist Order Controls Service for our Controls Customers Fix application release process
“Does the board of directors approve of and oversee the development, implementation, and maintenance of the program, including assigning specific responsibility for its implementation and 05 06 01
Logical (Computer ) Security
Identify systems with member info
Regularly determine who has access
Unit 3 Security PPT课件
Body:
1) Doors are not left unlocked either in cities or in rural areas. 2) Dead-bolt locks, security chains, electronic alarm systems and trip wires are widely in use. 3) Suburban families have steel bars built in sliding glass doors. 4) Small notices warning against burglary are commonly seen pasted on the windows of the most pleasant of homes.
Safe Tips:
Avoid walking or running alone at night. Always walk in well-lighted areas. Avoid the use of short cuts. Keep away from large bushes or doorways where someone could be lurking. If someone in a vehicle stops and asks for directions, answer from a distance. Do not approach the vehicle. If followed, go immediately to an area with lights and people. If needed, turn around and walk in the opposite direction.
《社会保障水平》
(2)保障水平超度:“不效率”
① 社会保障支出增长过快,加之人口
老龄化加剧和经济周期波动,使国民经济不
堪重负,危及社会保障制度的生存与发展;
② 政府财政赤字和债务增加,影响政
So府cia信l S誉ecu,rity使负担代际精选转ppt 嫁;
19
③ 作为消费支出,对于资本积累产生影 响,导致社会总投资不足;
Social Security
精选ppt
14
二、社会保障适度水平的测定
(一)社会保障水平“适度”的标准
1.社会保障水平是质和量的统一
社会保障水平适度标准既包括量的内容, 也包括质的特征。“度”是多少,是高低, 反应量的状况;“适”,是道德评价,是好 坏、优劣(相对于经济和社会发展及自身要 求是否适当),反应质的状况。所以说社会 保障水平是质和量的统一即质量标准。
中国:家庭养老“多子多孙”、“子 孙绕膝”、“天伦之乐”、“养儿防老” 等。
案例
Social Security
精选ppt
10
2.社会保障水平在多因素共同作用下的 特点
① 动态性特征:随经济发展、人口结构 变动、制度成熟而变动。
② 刚性特征:刚性增长,缺乏弹性或者 只具单向度的弹性,表现为规模只能扩不能 缩,项目只能上(增加)不能下(减少), 水平只能提高不能降低,缺乏灵活性和适应 性。
③避免社会保障资源供给不足所造成的危机, 以及由于过高水平而引发的资源浪费,有利于实现 社会保障制度自身的可持续发展,保证其良性运转;
④ 有助于发挥社会保障制度的调控经济的杠杆
作用,有利于经济发展和社会进步。
Social Security
精选ppt
18
2.社会保障水平的“不适度”的负面影 响
公司理财罗斯英文原书第九版第十一章.ppt
Chapter Outline
11.1 Individual Securities 11.2 Expected Return, Variance, and Covariance 11.3 The Return and Risk for Portfolios 11.4 The Efficient Set for Two Assets 11.5 The Efficient Set for Many Assets 11.6 Diversification 11.7 Riskless Borrowing and Lending 11.8 Market Equilibrium 11.9 Relationship between Risk and Expected Return (CAPM)
The rate of return on the portfolio is a weighted average of the returns on the stocks and bonds in the portfolio:
r w r w r P B B S S
5 % 50 % ( 7 %) 50 % ( 17 %)
“Deviation” compares return in each state to the expected return.
“Weighted” takes the product of the deviations multiplied by the probability of that state.
1 1 1 E ( r ) ( 7 %) ( 12 %) ( 28 % S 3 3 3 E ( r ) 11 % S
Variance
Scenario
CAPM(资本资产定价模型英文教程)PPT课件
22
结束语
当你尽了自己的最大努力时,失败也是伟大的, 所以不要放弃,坚持就是正确的。
When You Do Your Best, Failure Is Great, So Don'T Give Up, Stick To The End
23
谢谢大家
荣幸这一路,与你同行
It'S An Honor To Walk With You All The Way
market beta
14
Portfolio Betas
Weighted average of the individual asset's betas
May be more stable than individual stock betas
15
How Characteristic Line leads to CAPM?
6
Beta Coefficients
7
Interpretation of the Numerical Value of Beta
Beta = 1.0 Stock's return has same volatility as the market return
Beta > 1.0 Stock's return is more volatile than the market return
20
Beta Coefficients and The Security Market Line
The figure relating systematic risk (beta) and the return on a stock
21
Beta Coefficients and The Security Market Line
结束语
当你尽了自己的最大努力时,失败也是伟大的, 所以不要放弃,坚持就是正确的。
When You Do Your Best, Failure Is Great, So Don'T Give Up, Stick To The End
23
谢谢大家
荣幸这一路,与你同行
It'S An Honor To Walk With You All The Way
market beta
14
Portfolio Betas
Weighted average of the individual asset's betas
May be more stable than individual stock betas
15
How Characteristic Line leads to CAPM?
6
Beta Coefficients
7
Interpretation of the Numerical Value of Beta
Beta = 1.0 Stock's return has same volatility as the market return
Beta > 1.0 Stock's return is more volatile than the market return
20
Beta Coefficients and The Security Market Line
The figure relating systematic risk (beta) and the return on a stock
21
Beta Coefficients and The Security Market Line
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
IBM TJ Watson Research Center 1996-Present
– Operating Systems Research 1996-2001
L4 microkernel-based systems: L4Linux, Lava, JavaOS, SawMill Security policy: graphical access control, constraint models
Access Control is Hard Because
Access control requirements are domain-specific
– Generic approaches over-generalize
Access control requirements can change
– Anyone could be an administrator
The Safety Problem [HRU76]
– Can only know what is leaked right now
Access is fail-safe, but Constraints are not
– And constraints must restrict all future states
Prof Alice wants certain guarantees
– Students cannot modify objects written by Prof Alice – Students cannot read/modify objects of other groups
Prof Alice must be able to maintain access policy
– Ensure that individual rights do not violate guarantees – However, exceptions are possible – students may distribute their
results from previous assignments for an exam
Why are we still talking about access control?
An access control policy is a specification for an access decision function
The policy aims to achieve
– Systems Security Research 2001-Present
Linux Security: based on the Linux Security Modules framework Linux Security Analysis Project: source code and policy analysis –
Security Fundamentals: Models
Trent Jaeger January 12, 2004
Trent Jaeger -- Background
Graduated from UM with PhD
– Flexible Control of Downloaded Executable Content – Research Thread That Led to Java 2 Security Model
– Permit the principal’s intended function (availability) – Ensure security properties are met (integrity, confidentiality)
Limit to “Least Privilege,” Protect system integrity, Prevent unauthorized leakage, etc.
Compare to Other CS Problems
Processor design
– Hard, but can get some smart people together to construct one, fixed, testable design
/vali
Conference chair, programming chair of ACM SACMAT, CCS PC member of IEEE S&P, USENIX, ESORICS, etc.
Access Control
Determine whether a principБайду номын сангаасl can perform a requested operation on a target object
Also known as ‘constraints’
– Enable administration of a changeable system (simplicity)
“Simple” example
Prof Alice manages access to course objects
– Assign access to individual (principal: Bob) – Assign access to aggregate (course-students) – Associate access to relation (students(course)) – Assign students to project groups (student(course, project, group))
Principal: user, process, etc. Operation: read, write, etc. Object: file, tuple, etc. Lampson defined the familiar access matrix
and its two interpretations ACLs and capabilities [Lampson70]
– Operating Systems Research 1996-2001
L4 microkernel-based systems: L4Linux, Lava, JavaOS, SawMill Security policy: graphical access control, constraint models
Access Control is Hard Because
Access control requirements are domain-specific
– Generic approaches over-generalize
Access control requirements can change
– Anyone could be an administrator
The Safety Problem [HRU76]
– Can only know what is leaked right now
Access is fail-safe, but Constraints are not
– And constraints must restrict all future states
Prof Alice wants certain guarantees
– Students cannot modify objects written by Prof Alice – Students cannot read/modify objects of other groups
Prof Alice must be able to maintain access policy
– Ensure that individual rights do not violate guarantees – However, exceptions are possible – students may distribute their
results from previous assignments for an exam
Why are we still talking about access control?
An access control policy is a specification for an access decision function
The policy aims to achieve
– Systems Security Research 2001-Present
Linux Security: based on the Linux Security Modules framework Linux Security Analysis Project: source code and policy analysis –
Security Fundamentals: Models
Trent Jaeger January 12, 2004
Trent Jaeger -- Background
Graduated from UM with PhD
– Flexible Control of Downloaded Executable Content – Research Thread That Led to Java 2 Security Model
– Permit the principal’s intended function (availability) – Ensure security properties are met (integrity, confidentiality)
Limit to “Least Privilege,” Protect system integrity, Prevent unauthorized leakage, etc.
Compare to Other CS Problems
Processor design
– Hard, but can get some smart people together to construct one, fixed, testable design
/vali
Conference chair, programming chair of ACM SACMAT, CCS PC member of IEEE S&P, USENIX, ESORICS, etc.
Access Control
Determine whether a principБайду номын сангаасl can perform a requested operation on a target object
Also known as ‘constraints’
– Enable administration of a changeable system (simplicity)
“Simple” example
Prof Alice manages access to course objects
– Assign access to individual (principal: Bob) – Assign access to aggregate (course-students) – Associate access to relation (students(course)) – Assign students to project groups (student(course, project, group))
Principal: user, process, etc. Operation: read, write, etc. Object: file, tuple, etc. Lampson defined the familiar access matrix
and its two interpretations ACLs and capabilities [Lampson70]