Difference between revisions of "Risk"

From Securipedia
Jump to navigation Jump to search
 
(46 intermediate revisions by 4 users not shown)
Line 3: Line 3:
 
[[Category:Threat]]
 
[[Category:Threat]]
   
 
[[File:ae.png|25px|right|This is a page providing background in a specific field of expertise]]'''Risk''' is a measure for the expectation of undesirable outcome ([[impact]]) to realise. This expectation concerns both the [[likelihood]] and [[impact]] of the undesired outcome. Quantified levels of risk are often used to enable an assessment of risk in order to establish if they fall within acceptable limits or to determine which risks pose the highest [[threat]].
= Risk =
 
'''Risk''' is a measure for the expectation of undesirable outcome [[has attribute::impact]] to realise. This expectation concerns both the [[has attribute::likelihood]] and magnitude of the undesired outcome. Quantified levels of risk are often used to enable an assessment of risk in order to establish if they fall within acceptable limits or to determine which risks pose the highest [[has attribute::threat]].
 
 
   
 
== Definitions ==
 
== Definitions ==
There is no one, universally accepted definition for risk. A prominent definition of risk is provided in the ISO 31000:2009 risk management standard <ref name="iso31000">[See: http://en.wikipedia.org/wiki/ISO_31000]</ref>, where risk is defined as the ‘effect of uncertainty on objectives’ and both positive and negative effects are included. As this definition is of a high conceptual level and can be counter-intuitive, for the purpose of this wiki, the definition as mentioned above will be used.
+
There is no universally accepted definition for risk. A prominent definition of risk is provided in the ISO 31000:2009 risk management standard, <ref name="iso31000">See: http://en.wikipedia.org/wiki/ISO_31000</ref> where risk is defined as the ‘effect of uncertainty on objectives’ and both positive and negative effects are included. As this definition is of a high conceptual level and can be counter-intuitive, for the purpose of this wiki, the definition as mentioned above will be used. In the plan and detail level tools, these elements of risk are translated into terms of susceptibility and consequence (see [[Plan_level_tools#Calculation_method|Plan level tools]]).
 
   
 
== Objective and subjective risk==
 
== Objective and subjective risk==
There are two aspects of the determination of risks: the risks that are in fact present ([[consists of::Risk#About objective risk|objective risks]]), and the risks as they are perceived ([[consists of::Risk#Perception_of_risk|subjective risks]]). One would expect the two to be very similar, but studies have shown they can (and often do) differ quite a bit.
+
There are two aspects of the determination of risks: the risks that are in fact present ([[Risk#About objective risk|objective risks]]), and the risks as they are perceived ([[Risk#Perception_of_risk|subjective risks]]). One would expect the two to be very similar, but studies have shown they can (and often do) differ quite a bit.
 
   
 
===About subjective risk===
 
===About subjective risk===
Results from urban planning decisions can influence citizens’ perception of risk including the distraction of risk perception for more objective risk levels. Conversely, citizens’ risk perception can result in societal demands on urban planning. Several specific aspects as addressed in the following are worth consideration in strategic urban planning. These aspects among others include indicators for citizens’ subjective perception of criticality of infrastructure and need to protect it, including by appropriate urban planning measures. Conversely, infrastructure that results from urban planning may also influence subjective assessment of its criticality and contribution to security or susceptibility to natural or anthropogenic (“man made”) risk.
+
Results from urban planning decisions can influence citizens’ perception of risk including the distraction of their risk perception for more objective risk levels. Conversely, citizens’ risk perception can result in societal demands on urban planning. Several specific aspects as addressed in the following are worth consideration in strategic urban planning. These aspects among others include indicators for citizens’ subjective perception of criticality of infrastructure and need to protect it, including by appropriate urban planning measures. Conversely, infrastructure that results from urban planning may also influence subjective assessment of its criticality and contribution to security or susceptibility to natural or anthropogenic (“man made”) risk.
   
Risk perception is strongly influenced by various subjective factors that drag it from objective risk figures. Factors such as overconfidence, loss aversion, individual experience, temporal factors, capacity of remembering, level of information and knowledge, public discourse, stigmatization, cultural factors, orientation of values, confidence in institutions, etc.<ref>cf. V. T. Covello et. al.: Risk Communication, the West Nile Virus Epidemic, and Bioterrorism: Responding to the Communication Challenges Posed by the Intentional or Unintentional Release of a Pathogen in an Urban Setting. Journal of Urban Health: Bulletin of the New York Academy of Medicine, Volume 78, No. 2, 2001, p. 382-391.
+
Risk perception is strongly influenced by various subjective factors that drag it from objective risk figures. Factors such as overconfidence, loss aversion, individual experience, temporal factors, capacity of remembering, level of information and knowledge, public discourse, stigmatisation, cultural factors, orientation of values, confidence in institutions, etc. <ref>Cf. Covello V. T. et. al.: Risk Communication, the West Nile Virus Epidemic, and Bioterrorism: Responding to the Communication Challenges Posed by the Intentional or Unintentional Release of a Pathogen in an Urban Setting. Journal of Urban Health: Bulletin of the New York Academy of Medicine, vol. 78, no. 2, 2001, 382-391.
   
OECD: OECD Reviews of Risk Management Policies. Future Global Shocks. Improving Risk Governance. Preliminary Version. OECD Publishing, 2011; D. Proske: Katalog Risiken. Risiken und ihre Darstellung. 1. Auflage. Eigenverlag: Dresden, 2004, p.167-174. Online: http://www.qucosa.de/fileadmin/data/qucosa/documents/71/1218786958574-1736.pdf.
+
Organisation for Economic Co-operation and Development (OECD): OECD Reviews of Risk Management Policies. Future Global Shocks. Improving Risk Governance. Preliminary Version. OECD Publication Service, 2011; Proske D.: Katalog Risiken - Risiken und ihre Darstellung. Dresden: Eigenverlag, 2004, 167-174. Retrieved from: http://www.qucosa.de/fileadmin/data/qucosa/documents/71/1218786958574-1736.pdf.
   
P. Slovic et al.: Facts and Fears: Societal Perception of Risk. In: K.B. Monroe/A. Abor (eds.): Advances In Consumer Research. Volume 08, Association For Consumer Research, 1981, p. 497-502. Online: http://www.acrwebsite.org/volumes/display.asp?id=5844.
+
Slovic P. et al.: Facts and Fears: Societal Perception of Risk, in: Monroe K.B., Abor A. (eds.): Advances In Consumer Research, vol. 08, Association For Consumer Research, 1981, 497-502. Retrieved from: http://www.acrwebsite.org/volumes/display.asp?id=5844.
   
H. Sterr et al.: Risikomanagement im Küstenschutz in Norddeutschland. In: C. Felgentreff/T. Glade: Naturrisiken und Sozialkatastrophen. Berlin Heidelberg: Springer, 2008, p. 345-346.
+
Sterr H. et al.: Risikomanagement im Küstenschutz in Norddeutschland, in: Felgentreff C., Glade T.: Naturrisiken und Sozialkatastrophen. Berlin Heidelberg: Springer, 2008,345-346.
   
M. Zwick/O. Renn: Risikokonzepte jenseits von Eintrittswahrscheinlichkeit und Schadenserwartung. In: C. Felgentreff/T. Glade: Naturrisiken und Sozialkatastrophen. Berlin Heidelberg: Springer, 2008, p. 85-95.</ref>
+
Zwick M., Renn O.: Risikokonzepte jenseits von Eintrittswahrscheinlichkeit und Schadenserwartung, in: Felgentreff C., Glade T.: Naturrisiken und Sozialkatastrophen. Berlin Heidelberg: Springer, 2008, 85-95.</ref>
   
 
This is relevant to urban planners since they have some means to direct the perceived security or at the very least has means to predict it and account for it in planning.
 
Addressing of risk in planning should be coherent with societal risk perception and views.<ref>Organisation for Economic Co-operation and Development (OECD): OECD Reviews of Risk Management Policies. Future Global Shocks. Improving Risk Governance. Preliminary Version. OECD Publication Service, 2011
   
 
Organisation for Economic Co-operation and Development (OECD): Emerging Risks in the 21st Century. An Agenda for Action. Paris: OECD Publication Service, 2003, 54-56. Retrieved from: http://www.unisdr.org/eng/library/Literature/7754.pdf [last access: 2011 07 28].</ref>
Adequate risk management and adequate public communication can help urban planners to prevent negative effects from public risk (mis-)perception and related public demands on or acceptance of urban design. Addressing of risk in planning should be coherent with societal risk perception and views.<ref>Cf. OECD: OECD Reviews of Risk Management Policies. Future Global Shocks. Improving Risk Governance. Preliminary Version. OECD Publishing, 2011.</ref>
 
 
Adequate risk management and public communication can help urban planners to prevent negative effects from public risk perception or misperception, and related public demands on or acceptance of urban design. However, effects of urban planning decisions can also distract citizens’ risk perception from more objective risk levels.
 
To do so, the complexity of individual and social mechanisms of risk perception has to be appreciated.<ref>D. P. Coppola: Introduction to International Disaster Management. Oxford: Butterworth-Heinemann, 2007, p. 162.</ref> Humans usually do not fear statistically highly ranked threats to life and health (such as car accidents, food poisoning, cancer and others), whereas they are disproportionately wary of spectacular hazards, even if related vulnerabilities are low.
 
   
 
To do so, the complexity of individual and social mechanisms of risk perception has to be appreciated.<ref> Coppola D. P.: Introduction to International Disaster Management. Oxford: Butterworth-Heinemann, 2007, 162. </ref> Humans usually do not fear statistically highly ranked threats to life and health (such as car accidents, food poisoning, cancer and others), whereas they are disproportionately wary of spectacular hazards, even if related vulnerabilities are low.
   
 
===About objective risk===
 
===About objective risk===
Line 38: Line 36:
 
A simple, but widely used definition of risk is therefore
 
A simple, but widely used definition of risk is therefore
   
<big>'''Risk''' = '''Likelihood'''</big> of event realizing <big>'''X''' '''Impact'''</big> (expected loss in case the accident realizes).
+
<big>'''Risk''' = '''Likelihood'''</big> of event realizing <big>'''X''' '''Impact'''</big> (expected loss in case the accident realises).
   
Many variations exist, for example by distinguishing between the likelihood of a threat realizing (also called probability) and the likelihood that that threat will affect an object ([[has attribute::vulnerability]]). An example would be storm damage: the probability would reflect the likelihood of a storm at the object, the vulnerability would reflect the likelihood that this storm would cause damage and the impact would reflect the extent of damage that would occur if the storm would cause damage. The quantified risk formula associated with this definition is
+
Many variations exist, for example by distinguishing between the likelihood of a threat realizing (also called probability) and the likelihood that that threat will affect an object ([[vulnerability]]). An example would be storm damage: The probability would reflect the likelihood of a storm at the object, the vulnerability would reflect the likelihood that this storm would cause damage and the impact would reflect the extent of damage that would occur if the storm would cause damage. The quantified risk formula associated with this definition is
   
<big>'''Risk''' = '''Likelihood'''</big> of event realizing <big>'''X''' '''vulnerability'''</big> (probability of realized event impacting object) <big>'''X''' '''Impact'''</big> (expected loss in case the accident realizes and impacting object).
+
<big>'''Risk''' = '''Likelihood'''</big> of event realising <big>'''X''' '''Vulnerability'''</big> (probability of realised event impacting object) <big>'''X''' '''Impact'''</big> (expected loss in case the accident realises and impacting object).
   
  +
Most commonly, likelihood can be quantified by statistical analysis. The likelihood of weather events occurring, for example, has been the subject of long and well-established study and has a solid statistical basis. Wherever statistical data can predict the future, likelihood can be interpreted to equal probability.
   
====The estimation of likelihood in security====
+
====Problems with the use of probability====
  +
A precondition for statistical analysis to be valid is that the future can be predicted on the basis of events in the past and this does not hold for all situations. Particularly in security analysis, the use of statistical analysis for the determination of likelihood is highly debatable as:
The use of probability relies on the ability to make reliable predictions. This is most often based on the analysis of past occurrences and identification of trends. When determining risk in the field of threats related to [[is caused by::human intent]], the use of trend analysis to determine likelihood is criticised<ref>Add reference</ref> for threats actively seeking harm (for example [[is caused by::Urban terrorism|terrorism]]). This is due to the fact that
 
  +
* The likelihood of occurrence is influenced by the vulnerability (compare the risk of flooding with the risk of burglary: Whereas the likelihood of high water occurring is independent of dykes being erected, the likelihood of a burglary attempt occurring at a building depends on the doors having visible locks or not).
 
  +
* The likelihood is influenced by external factors (measures taken at one place can influence the likelihood for burglary at another place (crime displacement or waterbed effect))
* these events occur relatively infrequently, making the recognition of trends difficult;
 
  +
* The likelihood is subject to rational beings who can act against trends (a criminal will actively look for the weakest link, irrespective of choices made in the past if the last three attacks where (unsuccessful) hostage takings, is that an indication that the next one will also be a hostage taking, or is it likely that the next one will be a different attack method?)
* in contrast to for instance natural threats, the results of past events does influence the likelihood of future events: potential perpetrators will actively seek ‘the weakest link’. This means that the predicting value of trends in past occurrences is in doubt.
 
  +
* Some forms of crime (particularly the more extreme forms, such as mass killing or destructions by fanatics) have a very low rate of occurrence, which is a problem for the accumulation of enough data to assure the validity of statistical analysis.
 
A way to overcome these problems is to substitute [[has attribute::attractivity]] for probability and [[has attribute::conceivability]] for vulnerability. In this way, assumptions about historical data predicting future events can be avoided.
 
   
 
A way to overcome these problems is to substitute '''attractiveness''' (the extent to which criminals are likely to choose the object over another object) for probability and '''conceivability''' (the extent to which criminals are deemed able to be successful) for vulnerability. In this way, assumptions about historical data predicting future events can be avoided.
   
 
===Uses of risk assessment===
 
===Uses of risk assessment===
  +
Risk assessment is used to get a good understanding of the various circumstances that might have a negative impact on the realisation of your goals. In other words, it can be used as a systematic way to survey the weak spots in your plans and do something about it before they cause problems.
t.b.d.
 
   
  +
The [[Concept level tools#Risk Assessment tool (SecuRbAn|SecuRbAn]] tool is a tool to quickly do a high-level risk assessment on planned urban development, developed in the context of the VITRUV project.
   
 
==Sources of risk==
 
==Sources of risk==
One way to typify types of risk, is by their causes. A cause for risk is called a [[is caused by::threat]]. Threats can be classified into [[has attribute::safety]] threats, consisting of [[is caused by::natural threat|natural threat]]s, [[is caused by::human failure]], [[is caused by::technical failure]], [[is caused by::failure of critical services]] and [[has attribute::security]] threats which are due to [[is caused by::human intent]].
+
One way to typify types of risk is by their causes. A cause for risk is called a [[threat]]. Threats can be classified into [[safety]] threats, consisting of [[natural threat|natural threat]]s, [[human failure]], [[technical failure]], [[failure of critical services]] and [[security]] threats which are due to [[human intent]].
 
 
==Perception of risk and affecting factors==
 
 
 
What people perceive, is real for them; so their behaviour will be influenced not by the actual level of security, but of their perception of it.
 
 
This is relevant to urban planners since they have some means to direct the perceived security or at the very least has means to predict it and account for it in planning.
 
Addressing of risk in planning should be coherent with societal risk perception and views (cf. OECD 2003: 54-56)<ref>OECD (2003): Emerging Risks in the 21st Century. An Agenda for Action. OECD Publication Service: Paris. Retrieved from: http://www.unisdr.org/eng/library/Literature/7754.pdf [last access: 2011 07 28]: 54-56.</ref>.
 
Adequate risk management and public communication can help urban planners to prevent negative effects from public risk perception, or misperception, and related public demands on or acceptance of urban design. However, effects of urban planning decisions can also distract citizens’ risk perception from more objective risk levels.
 
 
 
Factors that affect the individual and [[Social risk perception and communication of risk|social perception of risk]]<ref>World Health Organization (WHO): Effective Media Communication during Public Health Emergencies. A WHO Handbook. Geneva. World Health Organization, 2005, p. 110-111. Online: http://www.who.int/csr/resources/publications/WHO%20MEDIA%20HANDBOOK.pdf; Security research project results from CPSI. Online: http://www.cpsi-fp7.eu; KIRAS project SFI@SFU work. Online: http://www.sfi-sfu.eu</ref>:
 
 
* Voluntariness
 
Risks from activities considered to be involuntary or imposed (for example, exposure to chemicals and radiation from a terrorist attack using chemical weapons or dirty bombs) are judged to be greater, and are therefore less readily accepted, than risks from voluntary activities (such as smoking, sunbathing or mountain climbing).
 
* Controllability
 
Risks from activities considered to be under the control of others (such as the release of nerve gas in a coordinated series of terrorist attacks) are judged to be greater, and are less readily accepted than those from activities considered to be under the control of the individual (such as driving an automobile or riding a bicycle).
 
* Familiarity
 
Risks resulting from activities viewed as unfamiliar (such as travel leading to exposure to exotic-sounding infectious diseases) are judged greater than risks resulting from activities viewed as familiar (such as household work).
 
* Fairness
 
Risks from activities believed to be unfair or to involve unfair processes (such as inequities in the location of medical facilities) are judged greater than risks from “fair” activities (such as widespread vaccinations).
 
* Benefits
 
Risks from activities that seem to have unclear, questionable or diffused personal or economic benefits (for example, proximity to waste-disposal facilities) are judged to be greater than risks resulting from activities with clear benefits (for example, employment or automobile driving).
 
* Catastrophic potential
 
Risks from activities associated with potentially high numbers of deaths and injuries grouped in time and space (for example, major terrorist attacks using biological, chemical or nuclear weapons) are judged to be greater than risks from activities that cause deaths and injuries scattered (often apparently randomly) in time and space (for example, household accidents).
 
* Understanding
 
Poorly understood risks (such as the health effects of long-term exposure to low doses of toxic chemicals or radiation) are judged to be greater than risks that are well understood or self-explanatory (such as pedestrian accidents or slipping on ice).
 
* Uncertainty
 
Risks that are relatively unknown or highly uncertain (such as those associated with genetic engineering) are judged to be greater than risks from activities that appear to be relatively well known to science (such as actuarial risk data related to automobile accidents).
 
* Effects on children
 
Activities that appear to put children specifically at risk (such as drinking milk contaminated with radiation or toxic chemicals or pregnant women exposed to radiation or toxic chemicals) are judged to carry greater risks than more-general activities (such as employment).
 
* Victim identity
 
Risks from activities that produce identifiable victims (such as an individual worker exposed to high levels of toxic chemicals or radiation, or a child who falls down a well) are judged to be greater than risks from activities that produce statistical victim profiles (such as automobile accidents).
 
* Dread
 
Risks from activities that evoke fear, terror or anxiety due to the horrific consequences of exposure (for example to HIV, radiation sickness, cancer, Ebola or smallpox) are judged to be greater than risks from activities that do not arouse such feelings or emotions regarding exposure (for example to common colds or household accidents).
 
* Trust
 
Risks from activities associated with individuals, institutions or organizations lacking in trust and credibility (for example, chemical companies or nuclear power plants with poor safety records) are judged to be greater than risks from activities associated with trustworthy and credible sources (for example, regulatory agencies that achieve high levels of compliance from regulated industries).
 
* Media attention
 
Risks from activities that generate considerable media attention (such as anthrax attacks using the postal system or accidents at nuclear power plants) are judged to be greater than risks from activities that generate little media attention (such as occupational accidents).
 
* Accident history
 
Activities with a history of major accidents or incidents, or frequent minor accidents or incidents (such as leaks from waste-disposal facilities) are judged to carry greater risks than activities with little or no such history (such as recombinant DNA experimentation).
 
* Reversibility
 
The risks of potentially irreversible adverse effects (such as birth defects from exposure to a toxic substance or radiation) are judged to be greater than risks considered to be reversible (for example, sports injuries).
 
* Personal stake
 
Activities viewed as placing people or their families personally and directly at risk (such as living near a waste-disposal site) are judged to carry greater risks than activities that appear to pose no direct or personal threat (such as the disposal of waste in remote areas).
 
* Ethical and moral status
 
Risks from activities believed to be ethically objectionable or morally wrong (such as providing diluted or outdated vaccines for an economically distressed community) are judged to be greater than the risks from ethically neutral activities (such as the side-effects of medication).
 
* Human versus natural origin
 
Risks generated by human action, failure or incompetence (such as negligence, inadequate safeguards or operator error) are judged to be greater than risks believed to be caused by nature or “acts of god” (such as exposure to geological radon or cosmic rays).”
 
 
   
 
==Related subjects==
 
==Related subjects==
[http://en.wikipedia.org/wiki/Risk_analysis Risk analysis]
+
* [http://en.wikipedia.org/wiki/Risk_analysis Risk analysis]
[http://en.wikipedia.org/wiki/Risk_assessment Risk assessment]
+
* [http://en.wikipedia.org/wiki/Risk_assessment Risk assessment]
[http://www.who.int/healthinfo/global_burden_disease/global_health_risks/en/ Health risks]
+
* [http://www.who.int/healthinfo/global_burden_disease/global_health_risks/en/ Health risks]
  +
* [[Risk communication]]
 
   
 
{{references}}
 
{{references}}
 
= MAP =
 
<websiteFrame>
 
website=http://securipedia.eu/cool/index.php?wiki=securipedia.eu&concept=Risk
 
height=1023
 
width=100%
 
border=0
 
scroll=auto
 
align=middle
 
</websiteFrame>
 
 
<headertabs/>
 

Latest revision as of 00:34, 20 January 2018


This is a page providing background in a specific field of expertise

Risk is a measure for the expectation of undesirable outcome (impact) to realise. This expectation concerns both the likelihood and impact of the undesired outcome. Quantified levels of risk are often used to enable an assessment of risk in order to establish if they fall within acceptable limits or to determine which risks pose the highest threat.

Definitions

There is no universally accepted definition for risk. A prominent definition of risk is provided in the ISO 31000:2009 risk management standard, [1] where risk is defined as the ‘effect of uncertainty on objectives’ and both positive and negative effects are included. As this definition is of a high conceptual level and can be counter-intuitive, for the purpose of this wiki, the definition as mentioned above will be used. In the plan and detail level tools, these elements of risk are translated into terms of susceptibility and consequence (see Plan level tools).

Objective and subjective risk

There are two aspects of the determination of risks: the risks that are in fact present (objective risks), and the risks as they are perceived (subjective risks). One would expect the two to be very similar, but studies have shown they can (and often do) differ quite a bit.

About subjective risk

Results from urban planning decisions can influence citizens’ perception of risk including the distraction of their risk perception for more objective risk levels. Conversely, citizens’ risk perception can result in societal demands on urban planning. Several specific aspects as addressed in the following are worth consideration in strategic urban planning. These aspects among others include indicators for citizens’ subjective perception of criticality of infrastructure and need to protect it, including by appropriate urban planning measures. Conversely, infrastructure that results from urban planning may also influence subjective assessment of its criticality and contribution to security or susceptibility to natural or anthropogenic (“man made”) risk.

Risk perception is strongly influenced by various subjective factors that drag it from objective risk figures. Factors such as overconfidence, loss aversion, individual experience, temporal factors, capacity of remembering, level of information and knowledge, public discourse, stigmatisation, cultural factors, orientation of values, confidence in institutions, etc. [2]

This is relevant to urban planners since they have some means to direct the perceived security or at the very least has means to predict it and account for it in planning. Addressing of risk in planning should be coherent with societal risk perception and views.[3] Adequate risk management and public communication can help urban planners to prevent negative effects from public risk perception or misperception, and related public demands on or acceptance of urban design. However, effects of urban planning decisions can also distract citizens’ risk perception from more objective risk levels.

To do so, the complexity of individual and social mechanisms of risk perception has to be appreciated.[4] Humans usually do not fear statistically highly ranked threats to life and health (such as car accidents, food poisoning, cancer and others), whereas they are disproportionately wary of spectacular hazards, even if related vulnerabilities are low.

About objective risk

Although terminology may vary, two widely accepted elements in the definition of risk are the inclusion of likelihood and magnitude and to a lesser extent, the fact that to arrive at a measure of risk, the two should be multiplied. A simple, but widely used definition of risk is therefore

Risk = Likelihood of event realizing X Impact (expected loss in case the accident realises).

Many variations exist, for example by distinguishing between the likelihood of a threat realizing (also called probability) and the likelihood that that threat will affect an object (vulnerability). An example would be storm damage: The probability would reflect the likelihood of a storm at the object, the vulnerability would reflect the likelihood that this storm would cause damage and the impact would reflect the extent of damage that would occur if the storm would cause damage. The quantified risk formula associated with this definition is

Risk = Likelihood of event realising X Vulnerability (probability of realised event impacting object) X Impact (expected loss in case the accident realises and impacting object).

Most commonly, likelihood can be quantified by statistical analysis. The likelihood of weather events occurring, for example, has been the subject of long and well-established study and has a solid statistical basis. Wherever statistical data can predict the future, likelihood can be interpreted to equal probability.

Problems with the use of probability

A precondition for statistical analysis to be valid is that the future can be predicted on the basis of events in the past and this does not hold for all situations. Particularly in security analysis, the use of statistical analysis for the determination of likelihood is highly debatable as:

  • The likelihood of occurrence is influenced by the vulnerability (compare the risk of flooding with the risk of burglary: Whereas the likelihood of high water occurring is independent of dykes being erected, the likelihood of a burglary attempt occurring at a building depends on the doors having visible locks or not).
  • The likelihood is influenced by external factors (measures taken at one place can influence the likelihood for burglary at another place (crime displacement or waterbed effect))
  • The likelihood is subject to rational beings who can act against trends (a criminal will actively look for the weakest link, irrespective of choices made in the past if the last three attacks where (unsuccessful) hostage takings, is that an indication that the next one will also be a hostage taking, or is it likely that the next one will be a different attack method?)
  • Some forms of crime (particularly the more extreme forms, such as mass killing or destructions by fanatics) have a very low rate of occurrence, which is a problem for the accumulation of enough data to assure the validity of statistical analysis.

A way to overcome these problems is to substitute attractiveness (the extent to which criminals are likely to choose the object over another object) for probability and conceivability (the extent to which criminals are deemed able to be successful) for vulnerability. In this way, assumptions about historical data predicting future events can be avoided.

Uses of risk assessment

Risk assessment is used to get a good understanding of the various circumstances that might have a negative impact on the realisation of your goals. In other words, it can be used as a systematic way to survey the weak spots in your plans and do something about it before they cause problems.

The SecuRbAn tool is a tool to quickly do a high-level risk assessment on planned urban development, developed in the context of the VITRUV project.

Sources of risk

One way to typify types of risk is by their causes. A cause for risk is called a threat. Threats can be classified into safety threats, consisting of natural threats, human failure, technical failure, failure of critical services and security threats which are due to human intent.

Related subjects

Footnotes and references

  1. See: http://en.wikipedia.org/wiki/ISO_31000
  2. Cf. Covello V. T. et. al.: Risk Communication, the West Nile Virus Epidemic, and Bioterrorism: Responding to the Communication Challenges Posed by the Intentional or Unintentional Release of a Pathogen in an Urban Setting. Journal of Urban Health: Bulletin of the New York Academy of Medicine, vol. 78, no. 2, 2001, 382-391. Organisation for Economic Co-operation and Development (OECD): OECD Reviews of Risk Management Policies. Future Global Shocks. Improving Risk Governance. Preliminary Version. OECD Publication Service, 2011; Proske D.: Katalog Risiken - Risiken und ihre Darstellung. Dresden: Eigenverlag, 2004, 167-174. Retrieved from: http://www.qucosa.de/fileadmin/data/qucosa/documents/71/1218786958574-1736.pdf. Slovic P. et al.: Facts and Fears: Societal Perception of Risk, in: Monroe K.B., Abor A. (eds.): Advances In Consumer Research, vol. 08, Association For Consumer Research, 1981, 497-502. Retrieved from: http://www.acrwebsite.org/volumes/display.asp?id=5844. Sterr H. et al.: Risikomanagement im Küstenschutz in Norddeutschland, in: Felgentreff C., Glade T.: Naturrisiken und Sozialkatastrophen. Berlin Heidelberg: Springer, 2008,345-346. Zwick M., Renn O.: Risikokonzepte jenseits von Eintrittswahrscheinlichkeit und Schadenserwartung, in: Felgentreff C., Glade T.: Naturrisiken und Sozialkatastrophen. Berlin Heidelberg: Springer, 2008, 85-95.
  3. Organisation for Economic Co-operation and Development (OECD): OECD Reviews of Risk Management Policies. Future Global Shocks. Improving Risk Governance. Preliminary Version. OECD Publication Service, 2011 Organisation for Economic Co-operation and Development (OECD): Emerging Risks in the 21st Century. An Agenda for Action. Paris: OECD Publication Service, 2003, 54-56. Retrieved from: http://www.unisdr.org/eng/library/Literature/7754.pdf [last access: 2011 07 28].
  4. Coppola D. P.: Introduction to International Disaster Management. Oxford: Butterworth-Heinemann, 2007, 162.