Chapter 6. Likelihood Versus Severity
It is important to understand the relationship between severity and likelihood. Managing risk involves knowing when you need to be concerned about severity and not likelihood, or vice versa. Understanding the difference is essential in analyzing the seriousness of risks to your system.
We treat all risks as being composed of two components:
The cost if the risk happens (for example, what is the impact if customers don’t have power?).
The chance of the risk happening (for example, how likely is a big windstorm?).
Managing risks is managing these two values. You can reduce the severity of a risk happening or you can reduce the likelihood. For any given risk, you don’t need to do both. But considering both is important to understanding the best path forward in managing risks.
The significance of a risk is the combination of the severity of the risk happening with the likelihood of it happening. To successfully manage risk, you must consider both of these values and how they relate to each other. To reduce risk, you need to reduce at least one of these two values for any given risk.
The best way to understand the difference is by looking at examples of various risks and how their likelihood and severity differ. We’ll use the following example through the remainder of this chapter to help explain the differences:
Let’s assume that we are managing an online T-shirt store. This store is your typical online retailer. ...