O'Reilly logo

Risk Analysis, 2nd Edition by Terje Aven

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix C

Approach for selecting risk analysis methods

The reader is referred to Section 3.2.2. In this appendix, we present an approach for the selection of a risk analysis method based on three aspects: expected consequences, uncertainties and frame conditions. A scheme for ICT-related problems is used to illustrate the approach.

C.1 Expected consequences

We refer to Table C.1. The expected consequences are expressed as the product of the probability that an event will occur (in this case, a fault in the ICT system) and expected consequences should such an event occur. The top rows in the table give the expected consequences for the different consequence categories (attributes). The excepted consequences, given failure, are addressed on two levels, expected effect on society and expected effect on the business. The bottom rows show the probabilities for various types of failures. Both probability and expected value are classified in broad categories: low, moderate and high, suitably defined. The italicised text show the results from the analysis.

Table C.1 Classification based on expected consequences—example from a water supply operation (Wiencke et al. 2006)

Failure of the ICT system, Score
(with respect to availability,
confidentiality or integrity) 1 2 3
Expected consequences of failure
Expected effect on society
Expected effect on safety for personnel Low Medium High
Expected health effect Low Medium High
Expected effect on environment ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required