IDEAS home Printed from https://ideas.repec.org/a/sae/risrel/v231y2017i3p286-294.html
   My bibliography  Save this article

How the definition of security risk can be made compatible with safety definitions

Author

Listed:
  • Øystein Amundrud
  • Terje Aven
  • Roger Flage

Abstract

In safety settings, understood as situations involving the potential occurrence of unintentional events, it is common to define risk as a combination of consequences and associated probabilities or associated uncertainties. On the other hand, in security settings, understood as situations involving the potential occurrence of intentional malicious events, risk is commonly defined as the triplet asset/value, threat and vulnerability. One motivation often mentioned for the latter is that probability is considered inappropriate for intentional acts. In this article, we argue that it is unsuitable and unnecessary to define risk differently in these two settings. We show that risk, defined as the combination of future consequences and associated uncertainties, can be seen as compatible with the triplet definition of security risk. It also excludes probability from the definition of risk but explicitly includes uncertainty, which is more fundamental and present regardless of the type of events involved. The value dimension is integrated with the consequences as these are with respect to something that humans value. The purpose of the article is to contribute to a consolidation of the safety and security risk management fields at the fundamental level.

Suggested Citation

  • Øystein Amundrud & Terje Aven & Roger Flage, 2017. "How the definition of security risk can be made compatible with safety definitions," Journal of Risk and Reliability, , vol. 231(3), pages 286-294, June.
    • Handle: RePEc:sae:risrel:v:231:y:2017:i:3:p:286-294
    DOI: 10.1177/1748006X17699145
    as

    Download full text from publisher

    File URL: https://journals.sagepub.com/doi/10.1177/1748006X17699145
    Download Restriction: no
    File URL: https://libkey.io/10.1177/1748006X17699145?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Eugene A. Rosa, 1998. "Metatheoretical foundations for post-normal risk," Journal of Risk Research, Taylor & Francis Journals, vol. 1(1), pages 15-44, January.
    2. Elisabeth Paté‐Cornell, 2002. "Risk and Uncertainty Analysis in Government Safety Decisions," Risk Analysis, John Wiley & Sons, vol. 22(3), pages 633-646, June.
    3. Askeland, Tore & Flage, Roger & Aven, Terje, 2017. "Moving beyond probabilities – Strength of knowledge characterisations applied to security," Reliability Engineering and System Safety, Elsevier, vol. 159(C), pages 196-205.
    4. Terje Aven & Ortwin Renn, 2009. "The Role of Quantitative Risk Assessments for Characterizing Risk and Uncertainty and Delineating Appropriate Risk Management Options, with Special Emphasis on Terrorism Risk," Risk Analysis, John Wiley & Sons, vol. 29(4), pages 587-600, April.
    5. Roger Flage & Terje Aven & Enrico Zio & Piero Baraldi, 2014. "Concerns, Challenges, and Directions of Development for the Issue of Representing Uncertainty in Risk Assessment," Risk Analysis, John Wiley & Sons, vol. 34(7), pages 1196-1207, July.
    6. Stanley Kaplan & B. John Garrick, 1981. "On The Quantitative Definition of Risk," Risk Analysis, John Wiley & Sons, vol. 1(1), pages 11-27, March.
    7. Zio, Enrico, 2016. "Challenges in the vulnerability and risk analysis of critical infrastructures," Reliability Engineering and System Safety, Elsevier, vol. 152(C), pages 137-150.
    8. van Staalduinen, Mark Adrian & Khan, Faisal & Gadag, Veeresh & Reniers, Genserik, 2017. "Functional quantitative security risk analysis (QSRA) to assist in protecting critical process infrastructure," Reliability Engineering and System Safety, Elsevier, vol. 157(C), pages 23-34.
    9. Aven, Terje, 2016. "Risk assessment and risk management: Review of recent advances on their foundation," European Journal of Operational Research, Elsevier, vol. 253(1), pages 1-13.
    10. William L. McGill & Bilal M. Ayyub & Mark Kaminskiy, 2007. "Risk Analysis for Critical Asset Protection," Risk Analysis, John Wiley & Sons, vol. 27(5), pages 1265-1281, October.
    11. Aven, T. & Nøkland, T.E., 2010. "On the use of uncertainty importance measures in reliability and risk analysis," Reliability Engineering and System Safety, Elsevier, vol. 95(2), pages 127-133.
    12. Aven, Terje, 2013. "Probabilities and background knowledge as a tool to reflect uncertainties in relation to intentional acts," Reliability Engineering and System Safety, Elsevier, vol. 119(C), pages 229-234.
    13. Aven, Terje, 2007. "A unified framework for risk and vulnerability analysis covering both safety and security," Reliability Engineering and System Safety, Elsevier, vol. 92(6), pages 745-754.
    14. Kriaa, Siwar & Pietre-Cambacedes, Ludovic & Bouissou, Marc & Halgand, Yoran, 2015. "A survey of approaches combining safety and security for industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 139(C), pages 156-178.
    15. Eusgeld, Irene & Kröger, Wolfgang & Sansavini, Giovanni & Schläpfer, Markus & Zio, Enrico, 2009. "The role of network theory and object-oriented modeling within a framework for the vulnerability analysis of critical infrastructures," Reliability Engineering and System Safety, Elsevier, vol. 94(5), pages 954-963.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Aven, Terje & Kristensen, Vidar, 2019. "How the distinction between general knowledge and specific knowledge can improve the foundation and practice of risk assessment and risk-informed decision-making," Reliability Engineering and System Safety, Elsevier, vol. 191(C).
    2. Argenti, Francesca & Landucci, Gabriele & Reniers, Genserik & Cozzani, Valerio, 2018. "Vulnerability assessment of chemical facilities to intentional attacks based on Bayesian Network," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 515-530.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Zio, E., 2018. "The future of risk assessment," Reliability Engineering and System Safety, Elsevier, vol. 177(C), pages 176-190.
    2. Terje Aven & Seth Guikema, 2015. "On the Concept and Definition of Terrorism Risk," Risk Analysis, John Wiley & Sons, vol. 35(12), pages 2162-2171, December.
    3. Aven, Terje, 2020. "Three influential risk foundation papers from the 80s and 90s: Are they still state-of-the-art?," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    4. Aven, Terje, 2018. "How the integration of System 1-System 2 thinking and recent risk perspectives can improve risk assessment and management," Reliability Engineering and System Safety, Elsevier, vol. 180(C), pages 237-244.
    5. Henrik Hassel & Alexander Cedergren, 2019. "Exploring the Conceptual Foundation of Continuity Management in the Context of Societal Safety," Risk Analysis, John Wiley & Sons, vol. 39(7), pages 1503-1519, July.
    6. Thomas Ying‐Jeh Chen & Valerie Nicole Washington & Terje Aven & Seth David Guikema, 2020. "Review and Evaluation of the J100‐10 Risk and Resilience Management Standard for Water and Wastewater Systems," Risk Analysis, John Wiley & Sons, vol. 40(3), pages 608-623, March.
    7. Chao Fang & Piao Dong & Yi-Ping Fang & Enrico Zio, 2020. "Vulnerability analysis of critical infrastructure under disruptions: An application to China Railway High-speed," Journal of Risk and Reliability, , vol. 234(2), pages 235-245, April.
    8. Argenti, Francesca & Landucci, Gabriele & Reniers, Genserik & Cozzani, Valerio, 2018. "Vulnerability assessment of chemical facilities to intentional attacks based on Bayesian Network," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 515-530.
    9. Michael Greenberg, 2011. "Risk analysis and port security: some contextual observations and considerations," Annals of Operations Research, Springer, vol. 187(1), pages 121-136, July.
    10. Casson Moreno, Valeria & Marroni, Giulia & Landucci, Gabriele, 2022. "Probabilistic assessment aimed at the evaluation of escalating scenarios in process facilities combining safety and security barriers," Reliability Engineering and System Safety, Elsevier, vol. 228(C).
    11. Johansson, Jonas & Hassel, Henrik, 2010. "An approach for modelling interdependent infrastructures in the context of vulnerability analysis," Reliability Engineering and System Safety, Elsevier, vol. 95(12), pages 1335-1344.
    12. James H. Lambert & Rachel K. Jennings & Nilesh N. Joshi, 2006. "Integration of risk identification with business process models," Systems Engineering, John Wiley & Sons, vol. 9(3), pages 187-198, September.
    13. Kasai, Naoya & Matsuhashi, Shigemi & Sekine, Kazuyoshi, 2013. "Accident occurrence model for the risk analysis of industrialfacilities," Reliability Engineering and System Safety, Elsevier, vol. 114(C), pages 71-74.
    14. Wang, Wei & Cammi, Antonio & Di Maio, Francesco & Lorenzi, Stefano & Zio, Enrico, 2018. "A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 175(C), pages 24-37.
    15. Felipe Aguirre & Mohamed Sallak & Walter Schön & Fabien Belmonte, 2013. "Application of evidential networks in quantitative analysis of railway accidents," Journal of Risk and Reliability, , vol. 227(4), pages 368-384, August.
    16. Scholz, Roland W. & Czichos, Reiner & Parycek, Peter & Lampoltshammer, Thomas J., 2020. "Organizational vulnerability of digital threats: A first validation of an assessment method," European Journal of Operational Research, Elsevier, vol. 282(2), pages 627-643.
    17. Sperstad, Iver Bakken & Kjølle, Gerd H. & Gjerde, Oddbjørn, 2020. "A comprehensive framework for vulnerability analysis of extraordinary events in power systems," Reliability Engineering and System Safety, Elsevier, vol. 196(C).
    18. Tim Bedford, 2013. "Decision Making for Group Risk Reduction: Dealing with Epistemic Uncertainty," Risk Analysis, John Wiley & Sons, vol. 33(10), pages 1884-1898, October.
    19. Aven, Terje, 2013. "Practical implications of the new risk perspectives," Reliability Engineering and System Safety, Elsevier, vol. 115(C), pages 136-145.
    20. Tosoni, E. & Salo, A. & Govaerts, J. & Zio, E., 2019. "Comprehensiveness of scenarios in the safety assessment of nuclear waste repositories," Reliability Engineering and System Safety, Elsevier, vol. 188(C), pages 561-573.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:sae:risrel:v:231:y:2017:i:3:p:286-294. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: SAGE Publications (email available below). General contact details of provider: .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.