Risk Assessment. Marvin Rausand
to carry out a successful attack. The weakness may have been introduced during design, installation, operation, or maintenance.
Vulnerability refers to the security flaws in a system that allow an attack to be successful. These weaknesses may be categorized as physical, technical, operational, and organizational. A vulnerability in security terms can be, for example, an unlocked door, allowing unauthorized people to access a computer that is not protected by a password. We can see that a vulnerability in many respects can be compared to what we would call “lack of” or “weak” barriers when we are talking about risk.
Vulnerability is also used in relation to safety, but then more as an opposite to resilience (see next section). Security and security assessment are discussed in more detail in Chapter 17.
2.6.4.1 An Illustration
Figure 2.7 shows that a threat agent may use a threat to launch an attack intended to exploit a vulnerability in the system. If the vulnerability is “penetrated” a hazardous event will occur. The threat actor may in some cases get information about vulnerabilities in the system and choose the type of threat that most likely will make the attack successful (from her point of view).
2.6.5 Resilience
Resilience is in many respects the opposite of vulnerability. Foster (1993) defines resilience as:
Definition 2.37 (Resilience)
The ability to accommodate change without catastrophic failure, or the capacity to absorb shocks gracefully.
The word resilience conveys the ability to recover and to be brought back into shape or position after being stressed. Resilience is a broader term than robustness, which is a static concept that is basically synonymous with damage tolerance. In addition to the ability to withstand damage, resilience also has a dynamic component, that is, adaptation to a new situation. Resilience is therefore a pervasive property that influences a system's response to a wide range of stressors and threats (e.g. see Rosness et al. 2004 ; Hollnagel et al. 2006).
2.7 Problems
1 2.1 Describe the main difference between the concepts of hazard and threat.
2 2.2 What is the difference between a probability and a frequency?
3 2.3 In Table 2.1 , various uses of the word “risk” from media are shown. Look at the statements and see if risk should be replaced with another term if we were to apply the definitions used in this book.
4 2.4 Search for the term “hazard” on the Internet and see if it is used in accordance with our definition.
5 2.5 List the possible failure modes of the driver's door on a modern car.
6 2.6 Start with the following situation: You are cycling down a steep road at high speed and approach a major crossing road. Describe a few possible accident scenarios that can develop from this situation. What are the hazards, initiating events and enabling events and conditions in the scenarios that you have described?
7 2.7 Consider the following events related to a ship:The ship hits an obstruction.The crew abandons ship.The captain of a ship is planning a voyage and fails to identify an obstruction in the planning process.The ship sets sail from port.The ship starts sinking.All crew drowns.During the voyage, the person on the bridge of the ship falls asleep.(a) Order these events into a logical accident scenario.(b) Use the definitions of hazardous event and initiating event and identify the steps in the sequence that could be classified as hazardous events and initiating events. Different answers may be relevant, but provide arguments for why you choose as you do.
8 2.8 In this chapter, reference accident scenario, worst‐case accident scenario, and worst credible accident scenario are defined.(a) What are the differences between these three?(b)b Do you see any challenges in defining these scenarios in a practical case?
9 2.9 What are the differences between the two concepts robustness and vulnerability?
10 2.10 There are numerous definitions of the word “risk” and Section 2.2 provides a definition and lists some alternatives. Compare the alternative definitions of risk provided and see how they differ from the definition used in the book.
11 2.11 Search the Internet for the word “risk” to see how this is used in different contexts, e.g. in media, and how the everyday use of the word compares to the formal definition. Some examples to look for are situations where risk is used synonymous with hazard, safety performance, and frequency.
12 2.12 Compare the terms incident and hazardous event and discuss the similarities and differences between these terms. Use practical examples and discuss the terms based on these rather than discussing purely from a theoretical viewpoint.
13 2.13 Assume that a bicycle has a brake system with a handle on the handlebars, a wire running from the handle to the brake pads, and finally brake pads that make contact with the wheel when the handle is pulled. Identify relevant failures, failure modes, and failure mechanisms for the brake system. Classify the failures according to the cause of the failure and the degree of the failure.
14 2.14 Consider the hazardous event “Car hits back of car in front while driving” and describe this event in a bow‐tie. Identify relevant barriers.
15 2.15 Consider the hazardous event “Fire in student flat” and describe this event in a bow‐tie. Identify relevant barriers.
16 2.16 Compare Definitions 2.31 and 2.33 for safety and security, respectively. Discuss the difference between these two definitions and suggest an alternative definition for security.
References
1 ARAMIS (2004). Accidental Risk Assessment Methodology for Industries in the Context of the Seveso II Directive. Technical report EVSG1‐CT‐2001‐00036. Fifth Framework Programme of the European Community, Energy, Environment and Sustainable Development.
2 Aven, T. and Renn, O. (2009). On risk defined as an event where the outcome is uncertain. Journal of Risk Research 12 (1): 1–11.
3 Bayes, T. (1763). An essay towards solving a problem in the doctrine of chances. Philosophical Transactions of the Royal Society of London 53: 370–418.
4 Bernstein, P.L. (1998). Against the Gods: The Remarkable Story of Risk. Hoboken, NJ: Wiley.
5 Foster, H.D. (1993). Resilience theory and system evaluation. In: Verification and Validation of Complex Systems: Human Factors Issues (ed. J.A. Wise, V.D. Hopkin, and P. Stager), 35–60. Berlin: Springer.
6 Garrick, B.J. (2008). Quantifying and Controlling Catastrophic Risks. San Diego, CA: Academic Press.
7 Herrera, I.A., Håbrekke, S., Kråkenes, T. et al. (2010). Helicopter Safety Study (HSS‐3). Research report SINTEF A15753. Trondheim, Norway: SINTEF.
8 Hollnagel, E., Woods, D.D., and Leveson, N. (2006). Resilience Engineering: Concepts and Precepts. Aldershot: Ashgate.
9 IAEA (2002). Procedures for Conducting Probabilistic Safety Assessment for Non‐Reactor Nuclear Facilities. Technical report IAEA‐TECDOC‐1267. Vienna,