<![CDATA[[SecurityRatty] tag: volatility]]>

<![CDATA[[SecurityRatty] tag: volatility]]> http://securityratty.com/tag/volatility Mon, 14 Aug 2006 02:27:00 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[Live from the 20th Annual FIRST Conference]]> http://securityratty.com/article/8f5b32eca2e471054acd118ae718ad31 http://securityratty.com/article/8f5b32eca2e471054acd118ae718ad31 FIRST conference in Vancouver, BC this week presenting, attending great presentations, and meeting a fantastic group of people.
I'd like to applaud some great presenters I've seen so far, including Par Osterberg Medina (Detecting Intrusions), Anton Chuvakin (Log Analysis), Raffael Marty (Applied Security Visualization), and Steve Mancini (RAPIER).
I've also been advised of some tools for your consideration, to aid in the security analysis / incident response cause, as well as possible topics for toolsmith.
Take a look at these, if you aren't already familiar with them:
BitBlaze - Binary Analysis for COTS Protection and Malicious Code Defense
F-Response - The First Truly Vendor Agnostic Solution for Remote Forensics and eDiscovery
Maltego - Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.
The Volatility Framework - Volatile memory artifact extraction utility framework
Thanks to Richard Bejtlich for pointing out F-Response and Volatility and Steve Mancini for BitBlaze and Maltego.

On another front, in support of Eva Chen's (Trend Micro) recent claim that the anti-virus industry sucks, John Stewart of Cisco, in his keynote this morning, reiterated the premise that the fight against malware is a lost cause. The point he was really driving at is the downfall of blacklisting and that whitelisting is essential given that "the total good is smaller than the total unknown and bad". This, as his fourth postulate of many good postulates this morning, truly supports my own beliefs. I'm more focused on whitelisting in the web application security space, but the premise is the same. If the vast majority of requests to secured elements of your applications are bad, then simply deny all, and allow only that which you trust.

More to come...

del.icio.us | digg]]> Thu, 26 Jun 2008 04:53:00 +0000 steve mancini volatility volatility framework anti-virus industry sucks total unknown maltego par osterberg medina vendor agnostic solution total Live from the 20th Annual FIRST Conference <![CDATA[Smart Cards and Risk ]]> http://securityratty.com/article/2abd10dbee483ee8a82f27bf5aa497e3 http://securityratty.com/article/2abd10dbee483ee8a82f27bf5aa497e3 risk. For some, risk has a negative connotation, such as the chance of suffering some type of loss or damage. From a finance perspective, risk is perhaps a more neutral term in that with increased risks (there is a relationship to volatility), one expects a greater return. This has relevance in information-centric security as well...]]> Sun, 28 Oct 2007 21:00:00 +0000 risk neutral term finance perspective negative connotation volatility damage relationship emc focus Smart Cards and Risk <![CDATA[Quantitative Analysis = "Highly" Technical Analysis (?)]]> http://securityratty.com/article/98de01490e860699e1e908499040c8da http://securityratty.com/article/98de01490e860699e1e908499040c8da Quantitative Analysis as "Technical Analysis" will probably bring in some violent reactions from quants. But I just want to point out the similarities that they share. In fact, it can be seen that Quantitative Analysis is a higher form of Technical Analysis.

Technical Analysis is commonly described as Charting. It is the study of charts (graphical representation of past price movements) and finding patterns in them. Investment decisions are then based on these patterns. People say this is superstition as price moves randomly and just forms these patterns by chance. Technical analysis also utilize quantitative techniques via Technical Indicators. Technical Indicators aren't just numbers, they are results of some statistical modelling. Indicators like MACD and Bollinger Bands are actually similar to statistical measures used by quants today (mean and standard deviation respectively). These measures are used for momentum and mean reversion strategies. Technical analysis also looks into other quantifiable variables found in the market like traded volume, open interest, bid ask spreads, etc. Technical analysis gives rise to automatic trading rules which is also done with quantitative analysis.

In the Jan/Feb 2007 Issue of CFA Magazine, there is an article ("Perpetual Motion by Susan Trammell, CFA") about a recent study on trends in quantitative investing. Below are some findings:

Phenomena Being Modeled:

Fund Capacity: 20%
Impact of Trades: 24%
Textual Data: 2%
Higher Moments: 2%
Regime Shifts: 10%
Volatility: 20%
Extreme Events: 10%
Momentum / Reversal: 31%
Trends: 28%

Modeling Methodologies Used:

Shrinkage / Averaging: 9%
Regime Shifting: 4%
Nonlinear: 7%
Contegration: 7%
Cash Flow: 17%
Behavioral: 16%
Momentum / Reversal: 28%
Regression: 36%

As seen in the survey results, trends, momentum, and reversal models are quite popular in quantitative analysis. These are also the same phenomena being modeled by technical analysis but at a less "scientific" degree.

The relationship of Technical and Quantitative analysis can be likened to the relationship between Astrology and Astronomy. One is seen as superstition while the other as a science. Astrology came about due to the lack of sophisticated tools and theories. The same with Technical Analysis -- people relied on charts because it was easier to analyze than numbers. But in the advent of faster and more powerful computers, large amounts of numbers can be analyzed with ease.

To see the survey results, please refer to www.theintertekgroup.com.

Tags: financial engineering investments quant technical analysis]]> Wed, 07 Feb 2007 06:34:00 +0000 technical technical analysis quantitative analysis quantitative technical indicators indicators survey results results reversal models Quantitative Analysis = "Highly" Technical Analysis (?) <![CDATA[Losing Money When There is No Volatilty]]> http://securityratty.com/article/b2d53d52e893165a4172d34270e6b473 http://securityratty.com/article/b2d53d52e893165a4172d34270e6b473 article published by Financial Engineering News. It was reported that Credit Suisse recently lost $120 million in Korean Derivatives -- particularly reverse convertible bonds.

A conventional convertible bond offers lower interest rates but gives the investors an option to call a company's stock. The bondholder is effectively the owner of the option and the issuer is the option writer. A reverse convertible bond gives investors higher interest rates but gives the issuer the right to put shares to the investor. In this case, the bondholder is the seller of the option and the issuer is the option buyer. When volatility increases, option prices increase as well. This added value stems from a higher possibility of going in-the-money. Conversely, a decrease in volatility will lower the option value. So if Credit Suisse was the one who "bought" the stock options via the reverse convertible structure, a decrease in volatility will decrease option value and will result into a mark-to-market loss on their end.

Now as market makers (structurers), shouldn't Credit Suisse be hedging their exposure? The problem with this particular structure is that the option is not based on one stock. It issued reverse convertibles on a number of shares. Hedging proved to be quite difficult and luck was not on their side, as stated in the article:

The problem however came in the hedging. Credit Suisse no longer had a single put option, nor did it have a portfolio of put options, since it could exercise its put into only one share. Instead it had an option on an option, a put option under which it could choose the share on which the option would be exercised. This instrument could be reasonably hedged by an appropriate portfolio of the shares provided volatility remained approximately constant, but it was effectively unhedgeable against a sharp change in volatility. If volatility in Korean shares had increased, there would be no problem; Credit Suisse’s multiple put option would be more valuable. There was, however, no effective way to hedge against a decline in volatility, which is what happened.

The lessons that we can learn here are the following:

1) You can lose when there is less volatility -- particularly in options since volatility is explicitly included in valuation.
2) When building a structure, one should know how to hedge it properly.

Tags: derivatives financial engineering investments valuation volatility structured products options]]> Mon, 29 Jan 2007 06:40:00 +0000 option prices increase option option buyer option writer investments valuation volatility valuation volatility decrease option volatility increases Losing Money When There is No Volatilty <![CDATA[An Option with a Negative Implied Volatility?]]> http://securityratty.com/article/e3e2d77d2635093d28a03c4e180d10fc http://securityratty.com/article/e3e2d77d2635093d28a03c4e180d10fc negative value. This time, it was asked in Wilmott if there are real-life cases where options have negative implied vols.

Here's my take on the subject matter:

Since implied volatilities are derived values, based on observed market parameters and a model or formula, it is indeed possible to have negative results. But does it make sense? Intuitively, we would think that the volatility measure should only be positive and it does not make sense if negative. I think negative implied vols are a result of either a misspecification in the model, or mispricing by the market (an arbitrage opportunity, as mutley pointed out).

Tags: finance derivatives options valuation volatility]]> Mon, 14 Aug 2006 02:27:00 +0000 negative negative results market market parameters volatility measure model subject matter option arbitrage opportunity An Option with a Negative Implied Volatility?