Documente Academic
Documente Profesional
Documente Cultură
mitigation measures
Krishna Prasad Pant, Ph D
Continuum of Knowledge
Complete
RISK Complete
Ignorance Uncertianty Understanding
Uncertainty Risk
•Qualitative •Quantitative
•Unknown or Unknowable •Can be estimated statistically
•100 yr Stage
Slide #6
What is Risk?
• The probability that a particular threat will
exploit a particular vulnerability
• Need to systematically understand risks to a
system and decide how to control them.
Slide #7
Risk Analysis
• The process of identifying, assessing, and
reducing risks to an acceptable level
– Defines and controls threats and vulnerabilities
– Implements risk reduction measures
Slide #8
Likelihood and consequences
Components of Risk Analysis
When to Do Risk Analysis
The two main things to consider when deciding if risk
analysis is required are:
Risk Assessment
Risk assessment is a systematic, evidence-based approach for
quantifying and describing the nature, likelihood and magnitude of
risk associated with
• the current condition and
• a changed condition due to some action.
1. Step 1: identifying the hazards that can cause harm or the
opportunities for gain that are uncertain
2. Step 2: judge consequences by deciding who or what may be
harmed or benefited and in what ways
3. Step 3: assess the likelihood of the various good and bad
consequences
4. Step 4: characterize these likelihoods qualitatively or
quantitatively.
Risk Assessor's Toolbox
Qualitative tools tend not to rely on numerical expressions of risk. Qualitative tools
include:
•Narratives
•Ordering Techniques
•Enhanced Criteria Ranking
•Evaluation Framework
•Sensitivity Analysis
•Scenario Planning
Quantitative tools rely on numerical expressions of risk. Quantitative tools include:
•Deterministic scenario analysis
•Probabilistic scenario analysis
There are also several tools that can be used with either qualitative or quantitative risk
assessments.
Adaptive Management
Premise Sets
Multi-Criteria Decision Analysis
Defining Risk Management
Answer these questions and you are doing risk management