Viktigste temaer (merket rødt) Flashcards
What is risk? (risk concept)
- Risk is the potential for undesirable consequences of the activity.
- Risk is the consequences C of the activity A and associated uncertainties U.
(C, U) or (A, C, U) - the risk concept - Risk is the deviation D from a ‘reference value’ r, and associated uncertainties U
(D,U)
Risk = Event risk (A, U) & vulnerability (C, U| A) - with uncertainty
How should risk be described?/What are the characterizations of risk?
A risk description is qualitative and/or quantitative picture of the risk, a statement usually containing the elements: risk sources, causes, events, consequences and uncertainty representations/measurements.
Risk description = (C’,Q,K), where C’ is the specified consequences of the activity considered, Q the measure of uncertainty used and K the background knowledge that C’ and Q are based on.
When events are specified we are led to the general description:
(A’,C’,Q,K).
or
(A’, C’, P, SoK, K)
A’ - specified event
C’ - spesified consequence
P - probability
SoK - strenght of knowledge
K - Knowledge
Q - Measure of uncertainty
What are the main strategies for handling risk?
Being risk informed
Treatment of risk (avoiding risk, reducing risk, transferring risk, retaining risk) by the use of risk assessments.
Is used when the phenomena and processes considered are well understood and accurate predictions can be made.
Giving weight to the cautionary and precautionary principles.
Focus on vulnerability and resilience management. Gives weight to uncertainties and surprises by highlighting features like containment, redundancy in designing safety devices, diversification, design of systems with flexible response options etc.
Is used when there is uncertainty. Accurate predictions cannot be made, for example, as a result of lack of understanding of underlying phenomena or complexity
Discursive strategies.
Using measures to build confidence and trustworthiness through the reduction of uncertainties and ambiguities, clarification of facts, involvement of affected people, deliberation and accountability.
Is used when there is ambiguity. Different views related to the relevant values.
Strategy depends on the context - what problems are we dealing with? Sometimes it is a combination. Risk assessments and other analyses can be used for support.
Knowledge-based probability
Subjective/Knowledge-based (P|K) expresses uncertainty/degree of belief and is conditional on the knowledge of the assesor.
The assessor has the same uncertainty, the same degree of belief for A to occur, as randomly drawing a red ball out of an urn containing 10 balls, of which 8 are red.
Not uncertain - there is no reference to a “true value” here and only represents assessors judgements.
Frequentist probability
The frequentist probability expresses the variation. The frequentist probability of an event A can be understood as the fraction of times the event A occurs if we could repeat the situation an infinite number of times under similar conditions. Is uncertain because we dont know the true underlying probability.
Normally we cant repeat an experiment under the same conditions infinately many times. Therefore we use estimates. We need to distinguish between the true underlying probability and the estimate. The deviation from the true underlying value makes it uncertain.
Uncertain - SoK could be poor and representation may be misguiding.
Event tree analysis, fault tree analysis
Event Tree Analysis: A graphical representation of possible outcomes following an initiating event, showing the sequence of events and their probabilities, leading to different consequences.
Fault Tree Analysis: A top-down, deductive analytical method used to identify and analyze the potential causes of system failures, represented graphically using logic gates.
The difference between professional risk judgments and risk perception
In contrast to risk perception proffesional judgements about risk are not to include feeling nor conclusions about risk acceptability/unacceptability. Risk perception can sometimes identify aspects of risk which are not properly reflected by the proffesional risk assessments. Peoples concerns may be justified although the analysts may not have identifed the problem or judged it to be important. Risk percpetion is not only about feelings but can also capture consious judgements of uncertainties, and hence risk.
The risk related to nuclear powerplants is a good example. Experts argue that the risks were relatively small on the basis of statistics and probability numbers, while peoples concerns were all about persceptional aspects. The risk perception was capturing important aspects of risk for which the proffesional judgements at the time ignored.
Risk perception may be influenced by:
- Proffesional risk description
- Persons own proffsional risk descriptions
- How the person judges, likes or dislikes certain aspects of risk (like C, U)
- Affect, feelings
- Trust
- Acceptability
What is multi-attribute analysis?
An approach where the goal is not to transform all various concerns into one dimension (typically monetary values), but to provide judgments on each attribute separately, using a combination of quantitative and qualitative assessments
What are the cautionary and precautionary principles?
The cautionary principle says that if the consequences of an activity could be serious and subject to uncertainties, then cautionary measures should be taken, or the activity should not be carried out
Precautionary principle says that if the consequences of an activity could be serious and subject to scientific uncertainties, then precautionary measures must be taken to reduce the risk , meaning possibly not carrying out the activity.
Scientific because you do not know what is causing the issue and science cannot alone lead us to the right decision.
What is applied risk analysis (science)?
Applied risk analysis supports risk knowledge generation and communication in relation to specific activities and supports the tackling of specific risk problems or issues.
Examples are for example the risk analysis of climbing mount Everest or risk analysis of attacks on SCADA systems.
What is generic risk analysis (science)?
Generic risk analysis covers generic concepts, principles, approaches and methods on how to understand, assess, characterize, communicate, manage and govern risk.
One example the curriculum or the research done at the university of Stavanger, where they do research related to inter alia generic concepts, principles, approaches and methods on how to understand, assess, characterize, communicate, manage and govern risk.
Does the cautionary principle support protection or development?
Following the principle means that when facing uncertainty caution should be the ruling principle. Accordingly, we can implement risk reducing measures even if they are seen as inefficient seen from a purely economic standpoint (or in the more extreme cases, not starting the activity considered at all). Hence, we go beyond the expected benefits of the risk reducing measures, meaning that protection is highlighted rather than development
Why do we not like the expected value?
The expected value is the center of gravity of the probability distribution.
It has limitations because it does not reflect the potential for extreme outcomes or SoK.
A risk matrices is a common way of expressing risk. You have likelihood and impact/consequense axis. For each spesified event you plot it on the matrices.
Consequense/Impact - an explosion event could have a lot of different outcomes. No fatalities, 1,2 ,3. We cant place all the different outcomes, we choose one impact value for the event. We choose an expected consequense. And this does not reflect the potential for extreme outcomes.
It also does not reflect the strenght of knowledge.