CRJU245 - Security in 21st Century

Week 2

Defining Risk

Risk is a function of threats and vulnerabilities. It is the possibility of asset loss, damage, or destruction. Risk is the result of the likelihood that a specific vulnerability of a particular asset will be exploited by an adversary to cause a given consequence. A risk assessment is a quantitative, qualitative, or hybrid assessment that seeks to determine the likelihood that an adversary will successfully exploit vulnerability and the resulting impact (degree of consequence) to an asset. A risk assessment is the foundation for prioritizing risks in order to effectively implement countermeasures.

What is Risk?

Risk is part of every human endeavor. From the moment we get up in the morning, drive or take public transportation to get to school or to work, until we get back into our beds, we are exposed to risks of varying degrees. What makes the study of risk fascinating is that, while some of the risk factors may not be completely voluntary, we seek out some risks on our own such as playing the lottery or driving fast.

Risks are often categorized by type. Risk categories help to communicate the scope of the risk, to assign the responsible authority to handle the risk, to understand the causes of the risk, and to suggest strategies for controlling the risk.

Risks are also incorporated into many disciplines. Please look at the disciplines below:

  1. Risk versus Probability: While some definitions of risk focus only on the probability of an event occurring, more comprehensive definitions incorporate both the probability of the event occurring and the consequences of the event. Therefore, the probability of a severe earthquake may be very small but the consequences are so catastrophic it would be categorized as a high risk event.
  2. Risk versus Threat: In some disciplines, a contrast is drawn between a risk and a threat. A threat is a low probability event with significant negative consequences, where analysts may be unable to assess the probability. A risk, on the other hand, is defined as a higher probability event, where there is enough information to make assessments of both the probability and the consequences.
  3. All outcomes versus Negative outcomes: Some definitions of risk tend to focus only on the downside scenarios, whereas others are more expansive and consider all variability as risk.

The videos below will help you get a better understanding of probability and uncertainty, events and returns, tolerability and sensitivity, and control and strategies. Please view both videos.

What is a risk?
Risk Analysis and Management

References and Supplemental Resources

Vellani, K. (2006). Strategic Security Management: A Risk Assessment Guide for Decision Makers. Butterworth-Heinemann.

Newsome, B. (2014). A Practical Introduction to Security and risk management. Sage Publications, Inc. University of California, Berkeley.