Lecture 7 was an intense lecture (and not to mention a new one for SRA 311).  The lecture began with a short quiz focused on the assigned reading “Bogus!” by Michael Pecht and Sanjay Tiku (published in the May 2006 Issue of IEEE Spectrum).  This quiz sought to leverage the context of the readings (i.e., counterfeit electronics) to discuss topics from previous lectures (e.g., security context, scoping a risk study, and risk awareness).  In addition, I also quizzed the students on extracting a single point of view from the paper, suggesting an alternative point of view, and then generating a question that these alternative views attempt to answer.

In attempt to provide students with advice on where to go for additional information on set theory (and probability theory, which will come up in a few lectures), the book of the day was the ever-popular Discrete Mathematics with Applications, Third Edition, by Susana Epp (2003, ISBN: 978-0534359454).  This book is commonly required for the IST 230 course on discrete mathematics and Penn State.  I, too, was a proud user of this book when I taught discrete mathematics at Howard Community College in Columbia, MD in Fall 2006.

The meat of lecture 7 began with a review of the probabilistic expression for objective risk and introduced the “security bow-tie.”  Then we went on to discuss set inclusion, cardinality of a set, the power set, generalization and specialization, the cross product of two sets, and what I call the susceptibility function (i.e., the function that returns a zero for a particular pairing of initiating event and outcome that doesn’t make sense in the current context, or returns a non-zero value, usually 1, when such a pairing is plausible; for example, SQL injection causing physical damage to the building structure is an example of a non-sensical pairing of event and outcome in many contexts).  The content from this lecture was essential for students to finish homework #2, which was a continuation of the in-class exercise began in lecture 5.

To make the topic as interesting and engaging as it could possibly get, I decided to hand out a sheet containing identified elements of an attempted event set and outcome set (see below).  My goal was to apply the concepts to these example sets real-time so as to help students learn these relatively simple concepts through practice.  In addition, and perhaps without the students realizing it, this in-class example was designed to get the students to start thinking about vulnerability, in particular through the use of the susceptibility function.  In general, I think this approach worked ok.  However, I admit that it could have gone MUCH better had I actually afforded students time to work the problems on their own.  Or at the very least I should have exercised a bit more patience and gone slower through the material.  Hopefully the students will use a future opportunity to question me about any material that did not come across clearly.

Send article as PDF to