| |
| Page
6
|
| RECENTLY
COMPLETED EPP DOCTORAL THESIS...(CONTINUED)
|
Karen E. Jenni,
Attributes for Risk Evaluation.
Committee: Paul Fischbeck (SDS/EPP), Baruch Fischhoff - chair (SDS/EPP),
Granger Morgan (EPP/ECE/Heinz), and Paul Slovic (Decision Research)
What attributes
should be used to characterize risks in risk ranking? The most
thorough treatment of risk dimensions is found in the psychometric risk
studies. However, a comprehensive review of these studies, and
an exploration of previously unexamined shortcomings in the research,
cast some doubt on the generality of the psychometric methods and results,
and on their appropriateness for use in a normative or prescriptive
process. In addition to reviewing this descriptive evidence for
attribute importance, a set of criteria by which to judge the appropriateness
of risk policies is proposed. A risk attribute or dimension should:
reflect what people care about; be specified in a way that reflects
the normative basis of those concerns; and be measurable.
Two original empirical studies of risk perceptions
consider the relative importance of various risk attributes in two different
decision contexts. These studies examine attribute importance
implicitly through a set of psychometric tasks and policy-capturing
analysis, and directly through a set of importance questions and hazards
comparisons. One study is of diverse technological hazards, and
the other is of risks to students in schools. The results of the
second study, in particular, are used to recommend a set of variables
to be used in risk-ranking for school-related risks. The results
have implications for risk policy generally, as an approach for determining
what risk variables people value and believe should be used for establishing
differential risk policies.
The work was supported by an NSF graduate research
fellowship, by NSF grant SRB-9512023, by EPRI grant WO2955-12 and by
a grant from CMA. |
|
Stuart A.
Siegel, Evaluating the Cost Effectiveness of the Title IV Acid Rain Provisions
of the 1990 Clean Air Act Amendments.
Committee: Urmila Diwekar (EPP/CEES), Jayant Kalagnanam (IBM; EPP Adjunct
Faculty), Lester Lave (GSIA/EPP), and Edward Rubin - chair (EPP/MechE)
The
Title IV Acid Rain Provisions of the 1990 Clean Air Act Amendments instituted
a number of regulatory mechanisms designed to lower the cost of reducing
emissions of acid rain-causing pollution from electric utility power plants.
As the first large-scale implementation of a flexible incentive-based
environmental regulatory framework, Title IV is often looked upon as a
test case for evaluating the cost-savings potential of innovative policies
for controlling industrial pollution. It is therefore important
to evaluate the success of the program in achieving its goal of obtaining
cost-effective pollution control.
This thesis evaluates the cost-savings associated with three flexibility-enhancing
provisions that were instituted by Title IV: intra-utility allowance
trading; allowance banking; and inter-utility allowance trading.
Utility compliance costs under each provision were estimated and compared
with the compliance costs of less flexible environmental regulatory policies.
Electric utility behavior was predicted using a dynamic optimization-based
model that assumes utility managers minimize the cost of producing electricity
subject to environmental and other constraints.
The results of the analysis indicate that each of the flexibility enhancing
provisions analyzed can contribute to significant cost-savings.
An important result is that substantial cost-savings are possible even
in the absence of an active inter-utility allowance trading market.
This work was supported by DoE grant DE-FG02-95ER30242 under the auspices
of the National Acid Precipitation Assessment Project.
|
| John
D. Howard, An Analysis of Security Incidents on the Internet.
Committee: Paul Fischbeck - chair (SDS/EPP), Alex Hills (Vice Provost
for Computing/EPP), Thomas Longstaff (CERT®/CC), and Granger Morgan
(EPP/ECE/Heinz)
This
research analyzed trends in Internet security through an investigation
of 4,299 security-related incidents on the Internet reported to the CERT"
Coordination Center (CERT"/CC) from 1989 to 1995. Prior to this
research, our knowledge of security problems on the Internet was limited
and primarily anecdotal. Such information could not be effectively
used to determine what government policies and programs should be, or
to determine the effectiveness of current policies and programs.
The thesis develops a taxonomy for the classification of Internet attacks
and incidents. It then organizes, classifies and analyzes incident
records available at the CERT"/CC; and, develops recommendations to improve
Internet security, and to gather and distribute information about Internet
security.
With the exception of denial-of-service attacks,
security incidents were generally found to be decreasing relative to the
size of the Internet. The probability of any severe incident not
being reported to the CERT"/CC was estimated to be between 0% and 4%.
The probability that an incident would be reported if it was above average
in terms of duration and number of sites, was around 1 out of 2.6.
Estimates based on this research indicated that a typical Internet domain
as involved in no more than around one incident per year, and a typical
Internet host in around one incident every 45 years.
The taxonomy of computer and network attacks
developed for this research was used to present a summary of the relative
frequency of various methods of operation and corrective actions.
This was followed by an analysis of three subgroups:
1) a case study of one site that reported all incidents
2) 22 incidents that were identified by various measures as being the
most severe in the records
3) denial-of-service incidents.
Data from all incidents and these three subgroups were used to estimate
the total Internet incident activity during the period of the research.
This was followed by a critical evaluation of the utility of the taxonomy
developed for this research. The analysis concludes with recommendations
for Internet users, Internet suppliers, response teams, and the US. government.
The work was supported by IPS academic funds
from Carnegie Mellon University and by the CERT® Coordination Center.
_____________________________________________________________________ |
|
page : [1]
[2] [3]
[4] [5]
[6] [7]
[8] [9]
[10] [11]
[12]
[Home]
|
