Recently, I floated the idea to use a portfolio approach to risk management its controls aspects, highlighting (positive or negative) correlations in their (positive or negative) effectiveness, individually and overall. This could be extended to include derivation of an optimal portfolio given a max of e.g., costs which must include the cost of harrassing your users with those controls, not possibly but most probably far outweighing the costs of controls-in-a-narrow-sense plus the benefits … But still, one could imagine some form of ‘efficient frontier‘ or so; including calculating the greeks. Yes I did graduate in Finance in the heydays of the Yuppies.
But I also had a long time ago (in an internet era far, far away; 2013) already, discussed the possibilities of better fighting of the kill chain (then, almost avant la lettre), through the use of cleverer controls, here (near the bottom of that one) in a matrix where the above userhinder could be reduced significantly. Probably through [haven’t digested this idea-that-came-while-typing-it fully yet] improving the portfolio by naturally limiting correlations, much improving inherent hedging that leads to a. a jump up in effectiveness, b. efficiency gains, c. easier acceptance by end users since security is more natural, more easy to maybe not even noticing to do the right thing.
Is there any grad student out there that needs to write a thesis / paper? Here’s your subject; I’d love to advise.
Others, may also comment please…
For the time being:
[Winter’s coming, do this it’s fun (and much harder than you think!!) no need to brace yourself (before…); Peterborough Curling Club]