This report is intended to be used by researchers working on decision support tools in flood risk management. It describes the construction of a GIS-based flood risk assessment tool and reviews each feature in turn, making up the hazard, vulnerability and risk interface of the tool. Feedback from emergency professionals is presented in a companion report, alongside some practical recommendation...

Risk scoring models assume that confidentiality evaluation is based on user estimations. Confidentiality evaluation incorporates the impacts of various factors including systems' technical configuration, on the processes relating to users' confidentiality. The assumption underlying this research is that system users are not capable of estimating systems' confidentiality since they lack the know...

Information security risk assessments (ISRAs) are of great importance for organisations. Current ISRA methods identify an organisation’s security risks and provide a measured, analysed security risk profile of critical information assets in order to build plans to treat risk. However, despite prevalent use in organisations today, current methods adopt a limited view of information assets during...

Quantifying security risk is an important and yet difficult task in enterprise network risk management, critical for proactive mission assurance. Even though metrics exist for individual vulnerabilities, there is currently no standard way of aggregating such metrics. We developed a quantitative model that can be used to aggregate vulnerability metrics in an enterprise network, with a sound comp...

1. Economies differ in their vulnerability to climate change. How does climate change– both in terms of market and non-market damages – affect economic growth, structure and distribution of income? 2. Climate change stipulates capital flows and migration. How does this affect regional economies? 3. The risk of climate disruption induces mitigation as well as on anticipated adaptation to climate...

Industrial Control Systems (ICS) monitor and control industrial processes, and enable automation in industry facilities. Many of these facilities are regarded as Critical Infrastructures (CIs). Due to the increasing use of Commercial-Off-The-Shelf (COTS) IT products and connectivity offerings, CIs have become an attractive target for cyberattacks. A successful attack could have significant cons...

The authors present an assessment of risk from river bank erosion in the Brahmaputra river basin. The concept of risk is conceptualised in the context of socio-economic vulnerability, and the potential for exposure to hazard. By addressing both the physical hazard and the variations across the socio-economic surface the approach presented attempts to spatially combine these parameters to provid...

Some of the key aspects of vulnerability—discovery, dissemination, and disclosure—have received some attention recently. However, the role of interaction among the vulnerability discoverers and vulnerability acquirers has not yet been adequately addressed. Our study suggests that a major percentage of discoverers, a majority in some cases, are unaffiliated with the software developers and thus ...