Degree Type


Date of Award


Degree Name

Master of Science


Theses & dissertations (Interdisciplinary)


Information Assurance

First Advisor

James Davis


The quantification of risk has received a great deal of attention in recently published literature, and there is an opportunity for the DoD to take advantage of what information is currently available to fundamentally improve on current risk assessment and management processes. The critical elements absent in the current process are the objective assessment of likelihood as part of the whole risk scenario and a visual representation or acknowledgement of uncertainty. A proposed framework would incorporate selected elements of multiple theories and axiomatic approaches in order to: (1) simultaneously examine multiple objectives of the organization, (2) limit bias and subjectivity during the assessment process by converting subjective risk contributors into quantitative values using tools that measure the attack surface and adversarial effort, (3) present likelihood and impact as real-time objective variables that reflect the state of the organization and are grounded on sound mathematical and scientific principles, (4) aggregate and function organization-wide (strategic, operational, and tactical) with maximum transparency, (5) achieve greater representation of the real scenario and strive to model future scenarios, (6) adapt to the preferred granularity, dimensions, and discovery of the decision maker, and (7) improve the decision maker’s ability to select the most optimal alternative by reducing the decision to rational logic. The proposed solution is what I term "Risk Management Framework 2.0", and the expected results of this modernized framework are reduced complexity, improved optimization, and more effective management of risk within the organization. This study introduces a Decision Support System (DSS) concept to aid implementation, maximize transparency and cross-level communication, and keep members operating within the bounds of the proposed framework.


Copyright Owner

Brent F. Richey



File Format


File Size

157 pages