[SecurityRatty] tag: valuation

So Logically, If She Weighs The Same As A DuckShes A Witch!

Thu, 18 Sep 2008 10:59:47 +0000

I usually try to stay far away from politics and current events, but my friend Rich has put up a blog post blaming the credit crisis on quantitative analysis, and then positing that because the economy sucks, Information Security should be only qualitative.

Now I’ve been “accused” of being a quant in the past (hi rybolov!) but in reality the only dogs I have in this fight are the model and the application of scientific method - and really, ethically speaking, I have to be tied to the latter while applying the former.

And I see a false dichotomy in this whole Quant vs. Qual thing. We, as a profession, tend to create a political divide between the two which, if it even exists, I’d say is based more on our ignorance rather than our expertise. After all, we are the profession that regularly multiplies across ordinal scales and uses wonderful models like R=VxTxI. As someone learning to deal in probabilities and rationalism, I have to recognize that this discussion is really just about the act of observation using different metrics of measurement.

But how we’re going about observing does not change the fact that there is measurement based on observation. So if I’m working with you I can easily turn your qualitative scale into a quantitative one, and vice-versa. Yes, Shrdlu, if we had the time, even your most seemingly Qual things could be Quant! (This flexible world view, btw, is an outcome of that new-fangled Bayesian thing).

COGNITIVE BIAS A-PLENTY

But back to what Rich is saying there about information security and risk - and he isn’t/won’t be the only one saying these sorts of things - we should try to understand what’s really going on rather than get caught up in the emotional hurricane. Our profession suffers several forms of cognitive bias. The nature of our jobs and what we do can cause us to be focused on the outcome and not the quality of the decision at the time it was made. We want to bring in things from other professions that are useful, but at times we do view things outside our profession with false correlation to our own (unfortunately for those who write these sorts of articles, financial risk is completely different than operational risk). We also have the tendency to focus on negative outcomes without acknowledging the positive outcomes (For example, I hear that Alan Greenspan’s new firm is up a couple of $billion in all this mess since he joined them, short sellers are doing quite well - must be because they have qualitative models or something -grin-). The effect of these biases are compounded by the facts that proper correlation takes more work than we usually give it, and rational thought is not that easy when there’s a witch-hunt mentality.

What also floats in water? (link to Youtube)

WHAT SHOULD WE BE THINKING ABOUT?

So as you and I read opinions that seem to be the polar opposite of irrational exuberance (and there will be plenty between now and the election) we’ll have to ask ourselves, “what really failed here?” At the risk (pun) of over-simplification:

Was There an Error on the part of Probability Theory?

After all, Probability Science like all other fields of knowledge is always “advancing” as they say. So perhaps probability theory is wrong somehow?

I’m personally disinclined to put the blame here, primarily because I would think that there would be evidence from other fields (like Quantum Mechanics) that something is amiss waaaaay before it hit a field like economics.

Was There Error In The Model Used to Determine Risk?

Some people who understand real estate valuation and complex derivatives and financial risk want to put the blame here. It’s a little too early to tell, but one thing is for sure - Financial risk is so different from operational risk I couldn’t begin to hazard an opinion on the subject. But it would seem that this is really somewhere we might look.

Was There Error In The Scale Used (Quantitative vs. Qualitative)?

Honestly? I find it extremely difficult to understand how this could be the source of financial ruin.

Was There Error on the part of the Decision Maker?

What if all of the above were just fine, and the decision maker chose short term gain over long term stability? What if this was (to simplify the matter greatly) a choice of “heads” over “tails” and the coin landed on tails? What if the model represented the right risk (probability of negative outcome vs. positive outcome), but the complex derivative was sold to someone else who had poor “risk management” (ability to make a good decisions)?

Now I have no clue about complex derivatives, and I’m oversimplifying to be sure - chances are like most things, there are several problems that helped create the primary cause. But it seems to me that as we go into incident response mode for the economy, it’s more helpful to do so in a rational, logical manner.

OTHER THINGS WE MIGHT WANT TO CONSIDER

Consider the Source
Some authors (who I think tend to exploit outcome and hindsight bias,and then combine those with indirect ad hominem attacks in order to sell their books), are actually putting forth arguments against the use of analytics. The source of this is a current epistemic debate between those who believe that only falsification is certain, and those who maintain that neither proof nor falsification are certain, there are only probabilities. So before you go believing any “quadrants” of usefulness on faith - I encourage you to understand what is at the heart of the discussion.

We All Have to Live In The Real World
The sun will rise tomorrow, and someone will try to find the source of the problem and do a better job. Now chances are, they’ll be doing it in a quantitative manner. Chances are also that at some point their models will fail and we’ll need to build new ones. And this will happen whether the field is cosmology, economics, meteorology, information security, or professional baseball.

WHAT ABOUT YOU, ALEX?

I’m far from certain and subject to change, but these days I lean towards Robin Hanson & MIchael Lewis w/regards to placing blame.

A Commercial Web Site Defacement Tool

Tue, 01 Apr 2008 02:25:00 +0000

On the look for creative approaches to cash out of selling commodity tools and services, malicious parties within the underground economy continue applying basic market approaches to further commercialize what was once a tax free area. Commercial click fraud tools, managed spamming services and fast-fluxing on demand, botnets and DDoS attacks as a service, malware pitched as a remote access tool with limited functionality to prompt the user to buy the full version, malware crypting as a service, and the very latest indication for this trend is the availability of commercial web site defacement tools.

There's a common misunderstanding regarding web site defacement tools, namely that of a defacer on purposely targeting a specific domain. That's at least the way it used to be, before defacers started embracing the efficiency model, namely deface anyone, anywhere, than parse the successful defacements logs, come across a high profile site and make sure the entire defacers community knows that they've defaced it - well at least their automated web sites defacement tools did in a combination with remotely included web backdoors.

This particular commercial web site defacement tool's main differentiation factor compared to others is it's efficiency centered functionability, namely it has a built-in Zone-H defacement archive submission. Moreover, within the functions changelog we see :

"Choose number of perm folder to check it and go another site with out load all perm it cause to deface with more speed; Working back proxy and cache servers; Get Connect back with php in all servers that safe mode is Off ( with out need any command same as system() ; Auto Detect Open Command"

It is such kind of commercialization approaches of commodity goods that increase the market valuation of the underground economy in general, one thing for sure though - while certain parties are messing up with entry barriers making it damn easy to launch a phishing or a malware attack, others are trying to prove themselves as aspiring entrepreneurs. In the long-term, I'd rather we have defacers deface than consolidate with phishers, spammers and malware authors for the purpose of malware embedded attacks, hosting and sending of scams, a development that is slowly starting to take place despite my wishful thinking.

Related posts:

Hacktivism Tensions

Hacktivism Tensions - Israel vs Palestine Cyberwars

Mass Defacement by Turkish Hacktivists

Overperforming Turkish Hacktivists

Losing Money When There is No Volatilty

Mon, 29 Jan 2007 06:40:00 +0000

It is common knowledge that there is more risk when there is more volatility. But it is also possible to lose (a lot of) money in the absence of volatility as well. This case was illustrated in a recent article published by Financial Engineering News. It was reported that Credit Suisse recently lost $120 million in Korean Derivatives -- particularly reverse convertible bonds.

A conventional convertible bond offers lower interest rates but gives the investors an option to call a company's stock. The bondholder is effectively the owner of the option and the issuer is the option writer. A reverse convertible bond gives investors higher interest rates but gives the issuer the right to put shares to the investor. In this case, the bondholder is the seller of the option and the issuer is the option buyer. When volatility increases, option prices increase as well. This added value stems from a higher possibility of going in-the-money. Conversely, a decrease in volatility will lower the option value. So if Credit Suisse was the one who "bought" the stock options via the reverse convertible structure, a decrease in volatility will decrease option value and will result into a mark-to-market loss on their end.

Now as market makers (structurers), shouldn't Credit Suisse be hedging their exposure? The problem with this particular structure is that the option is not based on one stock. It issued reverse convertibles on a number of shares. Hedging proved to be quite difficult and luck was not on their side, as stated in the article:

The problem however came in the hedging. Credit Suisse no longer had a single put option, nor did it have a portfolio of put options, since it could exercise its put into only one share. Instead it had an option on an option, a put option under which it could choose the share on which the option would be exercised. This instrument could be reasonably hedged by an appropriate portfolio of the shares provided volatility remained approximately constant, but it was effectively unhedgeable against a sharp change in volatility. If volatility in Korean shares had increased, there would be no problem; Credit Suisse’s multiple put option would be more valuable. There was, however, no effective way to hedge against a decline in volatility, which is what happened.

The lessons that we can learn here are the following:

1) You can lose when there is less volatility -- particularly in options since volatility is explicitly included in valuation.
2) When building a structure, one should know how to hedge it properly.

Tags: derivatives financial engineering investments valuation volatility structured products options

Making Risk Measures Agree with Accounting 100%

Tue, 26 Dec 2006 02:27:00 +0000

In my consulting experience, there are clients that use risk software to compliment financial reporting (accounting). Instead of being used solely by the risk department, even financial controllers use it. This is due to the current trend of making financial reporting reflective of the firm's economic value based on the risks it is taking (IAS 39 and even Basel II). As a consequence, they expect the results form the risk software to be consistent with accounting results to the last cent. I guess this is the ideal state that everyone wants to achieve but is this really necessary?

Though related, I believe that risk measurement and accounting are serving different purposes. Risk measurement need not be exact because of the uncertainty of risk. Because of the future-centric nature of risk measurement, generalizations and simplifications in the models are made and may not necessarily result into exact market values, etc. In risk measurement, benchmark results are acceptable as long as they are reasonable (where you can see the degree of sensitivity to different types of risks). So what is important in risk measurement is not the valuation of your positions to the exact cent but the model on how this value reacts with different types of risk. Contrary to risk measurement, accounting focuses on past performance. People tend to be very meticulous in this field to the point that they want things to be correct to the last cent. This is because in most organizations, even in today's banks, profit and loss (past performance) is still more important.

Nowadays, with all the innovation in software and the computing power of currently availabe hardware, people tend to assume that risk software can double as accounting software. But in reality, these two fields have different requirements (although they may be similar in some ways). It is true that a software can be made flexible enough to accommodate both requirements. Results may not be exact but good enough. But getting values to agree with the accounting system would result into more computing time due to the increase in inputs, variables, and complexity of models. Is the additional cost justifiable given that additional benefit is only to reconcile a few dollars and cents? Probably not today but probably (and hopefully) in the near future when hardware specs get better while prices get cheaper.

Tags: accounting finance risk measurement software

An Option with a Negative Implied Volatility?

Mon, 14 Aug 2006 02:27:00 +0000

Previously, we talked about cases when an option will have a negative value. This time, it was asked in Wilmott if there are real-life cases where options have negative implied vols.

Here's my take on the subject matter:

Since implied volatilities are derived values, based on observed market parameters and a model or formula, it is indeed possible to have negative results. But does it make sense? Intuitively, we would think that the volatility measure should only be positive and it does not make sense if negative. I think negative implied vols are a result of either a misspecification in the model, or mispricing by the market (an arbitrage opportunity, as mutley pointed out).

Tags: finance derivatives options valuation volatility

An Option with a Negative Value?

Fri, 28 Jul 2006 04:38:00 +0000

A recent post in the Wilmott forums asked "Can an option have a negative value?"

Conceptually, an option with a negative value does not make sense. A negative value means that the option seller (writer) pays the option buyer. This results into a "free lunch" as described by one of the posters (waiter222). The option buyer will always win out in this case. He can exercise and make money when "in-the-money". He also has an instant gain even when the option expires worthless due to the initial cash flow. Indeed it is unfair.

Mathematically, an option value cannot be less than zero as well. (Please correct me if I'm wrong). I've played with several scenarios using the Black-Scholes and Binomial methods and the least value of an option is zero ("worthless").

But it is possible for an option position (note that I'm talking about an option position) to have a negative value when doing mark-to-market valuation. Marking-to-market is getting the close out (unwind) value of the position. And it can result into a loss (negative value). Here's an example, an option writer sells an option for $5. After some time, the value of an option at the same strike and expiration date rises to $6. This could mean that the option is getting more "in-the-money" and the possibility of an exercise increases. This is bad news for the option seller. The value of his position is obtained by assuming an offsetting transaction (he buys an option at $6) . The net result is -$1.

The point that I'm getting at here is that is quite unthinkable to have negative option value. So far no one has disputed that fact. But depending on one's position (P&L standpoint), the treatment of that option can be negative or positive depending on whether you treat is as an asset or liability. Does this make sense?

Tags: finance derivatives options valuation

Brushing up on my math skills...

Fri, 21 Jul 2006 00:38:00 +0000

I'm somewhat amazed on how I got myself into the world of Financial Derivatives. I do not have a quantitative degree (I majored in Management Economics) and didn't pay much attention to my math and statistics classes in college. Yet I find financial markets (derivatives in particular) fascinating. And becoming knowledgeable in them actually gave me an edge in the industry.

Looking back, it seems that I chose the wrong college course. But my interest in the subject matter and the willingness to learn did not stop me from attaining my goal. Although not for quants, the CFA program gave me a good background on the financial markets in general; as well as valuation methods for plain vanilla derivatives.

I searched the net for papers. Marketing and research papers published by the big banks are of great help. Sites like DefaultRisk has loads of papers on Risk Management and Derivatives. But reading them is no simple feat as most of them are written by PhDs or PhD students. My lack of academic foundation in mathematics do get in the way, especially when I encounter a lot of greek symbols.

Finding like-minded individuals to discuss topics of interests and ask for advice also did a lot of good. I am an active member of Wilmott -- an online community of quants (Username: Jomni). At first, I was the one asking questions, and now I give answers and advice myself (on topics that are not mathematically deep).

I never stop reading. Part II of the PRMIA Professional Risk Managers' Handbook is a good refresher on quantitative finance topics. It covers Matrix Algebra, Differential and Integral Calculus, Probability, and Statistics. Other good books would be Hull's Options, Futures and Other Derivatives and Paul Wilmott on Quantitative Finance.

Tags: derivatives finance math quant books cfa