Glossary
Browse the IADC Lexicon alphabetically or by category. Get comprehensive definitions of drilling industry terms.
Consequence Assessment
Definition(s)
Consequence Assessment
Product or process of identifying or evaluating the potential or actual effects of an event, incident, or occurrence.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsConsequence Assessment
Product or process of identifying or evaluating the potential or actual effects of an event, incident, or occurrence. Sample Usage: The consequence assessment for the hurricane included estimates for human casualties and property damage caused by the landfall of the hurricane and cascading effects. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceBreak-even Analysis
Definition(s)
Break-even Analysis
Variant of cost-benefit analysis that estimates the threshold value at which a policy alternative's costs equal its benefits. Sample Usage: Break-even analysis showed that the proposed security policy would have to reduce the probability of attack by two orders of magnitude for its benefits to equal its costs; since this was judged unlikely, the proposed security policy was rejected. Annotation: Analysts have applied this technique to homeland security by calculating the minimum threat probability required for the risk reduction benefits of a security policy to exceed the costs. If decision makers believe the actual threat is greater than the calculated break-even threat level, then the expected benefits of the policy exceed the costs. The technique also may be applied to other uncertain parameters in the analysis. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceBayesian Probability (Subjective Probability)
Definition(s)
Bayesian Probability (Subjective Probability)
Interpretation or estimate of probability as a personal judgment or ―degree of belief‖ about how likely a particular event is to occur, based on the state of knowledge and available evidence Sample Usage: Analysts use their knowledge of terrorist strategies, objectives, and capabilities in combination with evidence from operations to estimate a subjective probability of 10 percent for an attack to occur within the next five years. An analyst may use Bayesian probability to estimate likelihood based on a degree of belief. Annotation:- Like all probabilities, subjective probability is conventionally expressed on a scale from zero to one where zero indicates the event is impossible and one indicates the event has or certainly will occur.
- Within the subjective probability interpretation, it is possible to estimate probabilities of events (using experts or models) that have not previously occurred or that have only rarely occurred, such as acts of terrorism. However, because subjective probabilities incorporate historical or trial data when available, the subjective probability will approximate the frequentist probability as data becomes more plentiful.
- Subjective probability is currently one of the most common uses of probability among statisticians and the risk analysis community.
- Bayesian probability is colloquially used as a synonym for subjective probability. In statistical usage, Bayesian probabilistic inference is an approach to statistical inference that employs Bayes’ theorem to revise prior information using evidence.
Bayesian Probability
Definition(s)
Bayesian Probability
The process of evaluating the probability of a hypothesis through 1) the specification of a prior probability and 2) modification of the prior probability by incorporation of observed information to create an updated posterior probability. Sample Usage: The analyst applied Bayesian probability techniques to incorporate new evidence and update her estimate of the threat probability. Annotation: This concept is also referred to as Bayesian probabilistic inference. Bayesian probability evaluates likelihoods as probabilities rather than frequencies. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceBaseline Risk
Definition(s)
Baseline Risk
The normal operating condition level of risk that takes into account existing risk mitigation measures.
Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global StandardsBaseline Risk
Current level of risk that takes into account existing risk mitigation measures.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsBaseline Risk
Current level of risk that takes into account existing risk mitigation measures. Sample Usage: Risk analysts for the locality calculated a baseline risk value before analyzing the risk reduction potential of two alternative strategies. Annotation: Often, the word ―risk‖ is used to imply ―baseline risk‖ with the unstated understanding that the reference is the current circumstances. It should not be confused with risk as a measurement, which can change with the substitution of different variables. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceAlternative Futures Analysis
Definition(s)
Alternative Futures Analysis
Set of techniques used to explore different future states developed by varying a set of key trends, drivers, and/or conditions. Sample Usage: Strategic analysts used alternative futures analysis to investigate the effectiveness of a proposed policy in different possible futures. Extended Definition: includes forecasts, scenario analysis, and visioning. Annotation:- This type of analysis can be used to test assumptions about future conditions, as well as identify ―weak signals‖ of trends that could be significant in the future and ―wildcard events‖ that – while unlikely – would have high impact should they occur.
- Alternative futures analysis can also test the robustness of alternative strategies, policies, or capabilities by evaluating the effectiveness of each, and evaluating trade-offs or complementarities among them, in a variety of potential future states ranging from the highly challenging to the visionary.
- Similar methods can be used to develop a statement of vision to motivate an organization to create the future it prefers in light of changes taking place in the environment.
Adaptive Risk
Definition(s)
Adaptive Risk
Category of risk that includes threats intentionally caused by humans. Sample Usage: A terrorist plot to attack a public transportation system can be categorized as an adaptive risk. Annotation: Adaptive risks can include insider threats, civil disturbances, terrorism, or transnational crime. Those threats are caused by people that can change their behavior or characteristics in reaction to prevention, protection, response, or recovery measures taken. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceAccidental Hazard
Definition(s)
Accidental Hazard
Source of harm or difficulty created by negligence, error, or unintended failure. Sample Usage: The chemical storage tank in the loading area without a concrete barrier may present an accidental hazard. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceAcceptable Risk
Definition(s)
Acceptable Risk
Level of risk at which, given costs and benefits associated with risk reduction measures, no action is deemed to be warranted at a given point in time. Sample Usage: Extremely low levels of water-borne contaminants can be deemed an acceptable risk. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceAbsolute Risk (Unmitigated)
Definition(s)
Absolute Risk (Unmitigated)
Level of risk that exists without risk controls. Sample Usage: An absolute risk value for the facility, assuming no security measures, was determined at the outset of the analysis. Extended Definition: a hypothetical condition that would exist if risk mitigation measures were absent. Annotation:- The application of absolute risk to natural hazards is straightforward. It is a reasonable approximation of what the risk would be if all countermeasures were actually removed. It is commonly used as a step in calculating the risk-reduction value of existing or prospective countermeasures.
- The use of absolute risk for crime and terrorism involves limitations. In this context, absolute risk involves imagining that no countermeasures are in place. However, it does not involve imagining the response of adaptive intelligent adversaries in this absence of countermeasures. As a result, it is a poor approximation of what the actual risk would be if the countermeasures were removed.
- It is critical to be transparent about these assumptions when comparing any crime-or terrorism-related absolute risk (or calculation derived therein) to any other absolute risk-derived calculation.
Absolute Risk
Definition(s)
Absolute Risk
Level of risk expressed with standard units of measurement that allows for independent interpretation without comparison to estimates of other risks. Sample Usage: Analysts used the absolute risk estimate for a particular scenario to determine if a mitigation measure was cost effective. Annotation:- The absolute risk value of a scenario has a meaningful independent interpretation in contrast to relative risk that is meaningful only in comparison to other similarly constructed risk values. 2) Can be measured using annualized lives lost, expected economic impact, or other metrics but it is not a ratio of risks.
- Can measure absolute level of risk pre-or post-risk reduction measures.
Risk Mitigation
Definition(s)
Risk Mitigation
Application of measure or measures to reduce the likelihood of an unwanted occurrence and/or its consequences.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsRisk Mitigation
Application of measure or measures to reduce the likelihood of an unwanted occurrence and/or its consequences. Sample Usage: Through risk mitigation, the potential impact of the natural disaster on the local population was greatly reduced. Annotation: Risk mitigation measures may be implemented prior to, during, or after an incident, event, or occurrence. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceRisk Mitigation
The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences. Extended Definition: Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives. Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsAttack Path
Definition(s)
Attack Path
Steps that a threat takes or may take to plan, prepare for, and execute an attack.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsAttack Path
Steps that an adversary takes or may take to plan, prepare for, and execute an attack. Sample Usage: Part of the attack path for the car bombing involved dozens of individuals moving money, arms and operatives from the terrorist safe haven to the target area. Annotation: An attack path may include recruitment, radicalization, and training of operatives, selection and surveillance of the target, construction or procurement of weapons, funding, deployment of operatives to the target, execution of the attack, and related post-attack activities. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceAttack Path
The steps that an adversary takes or may take to plan, prepare for, and execute an attack. Adapted from: DHS Risk Lexicon, NCSD Glossary Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsAttack Method
Definition(s)
Attack Method
Manner and means, including the weapon and delivery method, a threat may use to cause harm on a target.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsAttack Method
Manner and means, including the weapon and delivery method, an adversary may use to cause harm on a target. Sample Usage: Analysts have identified weaponization of an aircraft as an attack method that terrorists may use. Annotation: Attack method and attack mode are synonymous. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceAttack Method
The manner or technique and means an adversary may use in an assault on information or an information system. Adapted from: DHS Risk Lexicon, NCSD Glossary Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsAttack Method
The steps that an adversary takes or may take to plan, prepare for, and execute an attack. Adapted from: DHS Risk Lexicon, NCSD Glossary Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsAdversary
Definition(s)
Adversary
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. From: DHS Risk Lexicon Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsAdversary
Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities Sample Usage: Al-Qaeda is an adversary of the United States. Annotation:- An adversary can be hypothetical for the purposes of training, exercises, red teaming, and other activities.
- An adversary differs from a threat in that an adversary may have the intent, but not the capability, to conduct detrimental activities, while a threat possesses both intent and capability.
Canadian Standards Association
Any individual, group, organization, or government that conducts activities detrimental to an operator’s assets or has the intention and capability to conduct such activities. Note: An adversary can include political and terrorist groups, criminals, disgruntled employees, and private interests; an adversary can also include site insiders, site outsiders, or the two acting in collusion. (Source: Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries). Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional StandardsRisk Control
Definition(s)
Risk Control
Deliberate action taken to reduce the potential for harm or maintain it at an acceptable level. Sample Usage: As a risk control measure, security guards screen items to reduce the likelihood of dangerous articles getting inside of office buildings. Annotation: Risk control is one of a set of four commonly used risk management strategies, along with risk avoidance, risk acceptance, and risk transfer. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceRisk Control
A barrier implemented within an activity designed to eliminate or mitigate a risk or range of risks. A risk control may take the form of" hard" barriers based on engineered, physical solutions to prevent or avoid a risk, or "soft:" barriers relying on compliance with operating plans, procedures and competence of the workforce. Normally, multiple risk controls or "layers of protection" are implemented to achieve risk acceptance. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsCapability
Definition(s)
Capability
The potential to accomplish a mission, function, or objective. Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global StandardsCapability
The means to accomplish a mission, function, or objective. Adapted from: DHS Risk Lexicon. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsCapability
The means to accomplish a mission, function, or objective. Adapted from: DHS Risk Lexicon Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsWell Barriers
Means to accomplish a mission, function, or objective.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsCapability
Means to accomplish a mission, function, or objective. Sample Usage: Counterterrorism operations are intended to reduce the capability of terrorist groups. Annotation: Adversary capability is one of two elements, the other being adversary intent, that are commonly considered when estimating the likelihood of terrorist attacks. Adversary capability is the ability of an adversary to attack with a particular attack method. Other COIs may use capability to refer to any organization's ability to perform its mission, activities, and functions. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceUsability Testing
Definition(s)
Usability Testing
Evaluation methods and techniques used to support Human-Centred Design (HCD) and used for the purpose of increasing the usability of a system. Source: IMO MSC.1/Circ.1512, Guideline on Software Quality Assurance and Human-Centred Design for e-navigation, 8 June 2015, International Maritime Organization. Regulatory GuidanceUsability
Definition(s)
Usability
The extent to which systems can be used by users to achieve specified goals with effectiveness, efficiency and satisfaction, in a specified context of use. Source: IMO MSC.1/Circ.1512, Guideline on Software Quality Assurance and Human-Centred Design for e-navigation, 8 June 2015, International Maritime Organization. Regulatory GuidanceUsability
Extent to which a system, product or service can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use.- Note 1 to entry: Systems, products or services are part of work systems (2.2) and used by workers (2.4) within those systems.
- Note 2 to entry: In this International Standard, the context of use is within a work system.
System Life Cycle (Life Cycle)
Definition(s)
System Life Cycle (Life Cycle)
The stages containing the processes activities and tasks spanning the life of the system and/or product from the definition of its requirements to the termination of its use; life cycle covers its conception, design, operation, maintenance, support and disposal. Source: IMO MSC.1/Circ.1512, Guideline on Software Quality Assurance and Human-Centred Design for e-navigation, 8 June 2015, International Maritime Organization. Regulatory GuidanceSoftware Quality in Use
Definition(s)
Software Quality in Use
Capability of a software product to enable specific users to achieve specific goals with effectiveness, productivity, safety and satisfaction in specific contexts of use. Source: IMO MSC.1/Circ.1512, Guideline on Software Quality Assurance and Human-Centred Design for e-navigation, 8 June 2015, International Maritime Organization. Regulatory GuidanceSoftware Quality Evaluation
Definition(s)
Software Quality Evaluation
A systematic examination of the extent to which a software product is capable of satisfying stated and implied needs. Source: IMO MSC.1/Circ.1512, Guideline on Software Quality Assurance and Human-Centred Design for e-navigation, 8 June 2015, International Maritime Organization. Regulatory GuidanceSQA
Definition(s)
SQA
Software Quality Assurance.
Source: IMO MSC.1/Circ.1512, Guideline on Software Quality Assurance and Human-Centred Design for e-navigation, 8 June 2015, International Maritime Organization. Regulatory Guidance