Risk and related concepts - Chapter 2-3 Flashcards
What is risk? (Risk concept)
- Risk is the potential for undesirable consequences of the activity.
- Risk is the consequences C of the activity A and associated uncertainties U.
(C, U) or (A, C, U) - Risk is the deviation D from a ‘reference value’ r, and associated uncertainties U
(D,U)
Risk = Event risk (A, U) & vulnerability (C, U| A) - with uncertainty
Define risk description/characterization
A risk description is qualitative and/or quantitative picture of the risk, a statement usually containing the elements: risk sources, causes, events, consequences and uncertainty representations/measurements.
Risk description = (C’,Q,K), where C’ is the specified consequences of the activity considered, Q the measure of uncertainty used and K the background knowledge that C’ and Q are based on.
When events are specified we are led to the general description:
(A’,C’,Q,K).
or
(A’, C’, P, SoK, K)
A’ - specified event
C’ - spesified consequence
P - probability
SoK - strenght of knowledge
K - Knowledge
Q - Measure of uncertainty
Define vulnerability
- Vulnerability (C, U | A) are the consequences C of the activity and associated uncertainties U, given an event A (risk source).
- The degree to which a system is affected by a risk source or agent
(C’,Q,K|A’)- vulerability characterization(?)
Define resilience
- The ability to quicly return to the normal state given an event (risk source)
- The ability of the system to sustain or restore its basic functionality followin an event (risk source)
Low resilience makes vulnerability higher.
Whats the difference between resilience and vulnerability?
Vulnerability covers the actual consequences of the event. It is a broader concept and it encompasses resilience. Resilience is an aspect of vulnerability by focusing on the systems ability to bounce back after an event.
Lack of resilience means that the people struggling with disease have a hard time returning to a normal health state given the risk source. The vulnerability concept, on the other hand, highlights what the actual consequences could be of this lack of resilience. Type of consequence is not relevant for resilience.
Define reliability
The ability of the system to work as intened.
Define safety and security
Safety is acceptbale or tolerable risk. Can be viewed as the antonym of risk (as a result of accidents).
Interpreteted in the same way as secure. Secure is acceptable or tolerable risk when restricting the concept of risk to intentional malicious acts by intellegent actors. (For example saying security is acheived).
Whats the difference between safe and secure?
Safe refers to acceptable or tolerable risk.
Secure is acceptable or tolerable risk when restricting the concept of risk to intentional malicious acts by intellegent actors.
Name important probabilites and what they reflect in the risk context
Comment on:
- uncertainty
- expected value
The frequentist probability expresses the variation between A occuring and not uccuring. The frequentist probability of an event A can be understood as the fraction of times the event A occurs if we could repeat the situation an infinite number of times under similar conditions. Is uncertain because we dont know the true underlying probability
Uncertain - SoK could be poor and representation may be misguiding.
Expected value - Does not reflect the potential for extreme outcomes or SoK. (For example in risk matrices).
Subjective/Knowledge-based (P|K) expresses uncertainty/degree of belief and is conditional on the knowledge of the assesor.
The assessor has the same uncertainty, the same degree of belief for A to occur, as randomly drawing a red ball out of an urn containing 10 balls, of which 8 are red.
Not uncertain - there is no reference to a “true value” here and only represents assessors judgements.
Expected value are not part of knowledge based(?)
TRUE OR FALSE
If the uncertainties are large, probabilities cannot be determined.
Can always be specified, but the knowledge supporting the probability could be poor.
TRUE OR FALSE
Frequentist probabilities can be defined when the uncertainties are large
Trick question. We only have to justify the setup for the situation, irrelevant of uncertainties.
Define knowledge
Knowledge can be understood as ‘justified beliefs’, and is based on information, data, models etc.
Why is it important to reflect knowledge in relation to risk?
When we describe risk, knowledge is used as a basis for specifying events, consequences and expressing uncertainties. This knowledge could be more or less strong, or even wrong – this is an important aspect of risk that needs to be reflected
How can we include considerations on the knowledge dimension when describing risk?
Judgments on the strength of knowledge (SoK)
Understanding of the phenomena involved
Reasonability of assumptions
Availability of relevant data
Agreement among experts
What are some common risk metrics?
Name strengths and weaknesses
OMSKRIV
Common risk metrics are:
- Expected values E[C’]
- Potential for extreme outcomes is not reflected.
- It does not capture the strength of knowledge of
the supporting knowledge
- Expected value can be the same but the
distributions can be very different.
- Probability distributions P(C’ ≤ c)
- Combinations of P(A’) and E[C’|A’] as in risk matrices. SoK judgments should be added to these metrics. For each event, there could be a large specter of consequences, ranging from less severe to disastrous. This is not reflected in the expected value. The knowledge supporting the probabilities is not reflected in the matrices.
