Full Title or Meme
Risk Assessment can take many forms depending on the principal that bears the risk of loss and the metric that is to be minimized.
While this topic focuses just on the risk of Identity Management there are still many principals that can suffer loss in any digital interchange.
- Identifier and Appribute Providers
- Relying Partiers
- Tursted Third Parties
There are several objective:
- Liability to tort actions
- Fines from Government bodies
- Loss of reputation
- Loss of Privacy
- The appearance of fairness in the court of public opinion.
The goal of a Risk Management system will have major implications for the type of Risk Assessment performed.
For example, it has been shown that it is not possible for predictions to be made about the likelihood of future events without a series of assumptions, which have been shown to be unlikely to all be simultaneously true
- the base statistics need to be the same for different
Mark Twain had it right when he declared that there are liers, there are damn liers and there are statisticians. It isn't so much that the statisticians are lying as that they are not capable of explain the mathematics to the people that are reading the statistics.
Pro Publica Article
A good example of the problem with statistics was highlighted in the Pro Popublica Article<ref> Julia Angwin +3, Machine Bias (2016-05-23) ProPublica https://www.propublica.org/article/machine-bias-risk-assessments-in-criminal-sentencing </reff>