Value of Statistical Life

Value of Statistical Life

Definition(s)

Value of Statistical Life

Amount people are willing to pay to reduce risk so that on average one less person is expected to die from the risk. Sample Usage: The analyst estimates the monetary value of the mortality risk reduction from the initiative by using the VSL estimate. Annotation:
  1. The VSL is not intended to value very large reductions in mortality risk or place a value on the lives of identified individuals. VSL measures the monetized value of small reductions in mortality risk for a large number of people. For example, a countermeasure that reduces the annual risk of death by one in a million for 20 million people will, on average, save 20 lives a year. If the VSL is estimated at $5 million, the value of this mortality risk reduction is $100 million (20 expected lives saved times $5 million per life).
  2. Most VSL estimates are based on studies of the wage compensation for occupational hazards or studies that elicit people’s willingness to pay for mortality risk reduction directly.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
VSL

VSL

Definition(s)

VSL

Value of Statistical Life. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Unmitigated Risk

Unmitigated Risk

Definition(s)

Unmitigated Risk

Risk that remains after risk management measures have been implemented. Sample Usage: While increased patrols lessened the likelihood of trespassers, residual risk remained due to the unlocked exterior doors. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Unmitigated Risk (residual risk)

Unmitigated Risk (residual risk)

Definition(s)

Unmitigated Risk (residual risk)

Risk that remains after risk management measures have been implemented. Residual risk is ―risk that remains after risk management measures have been implemented‖). Sample Usage: A risk to the facility that was not considered in the risk assessment was a potential unmitigated risk. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Uncertainty

Uncertainty

Definition(s)

Uncertainty

Degree to which a calculated, estimated, or observed value may deviate from the true value.

Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards

Uncertainty

Degree to which a calculated, estimated, or observed value may deviate from the true value. Sample Usage: The uncertainty in the estimate was due to a lack of information for the particular environment and situation. Annotation:
  1. Uncertainty may stem from many causes, including the lack of information.
  2. The concept of uncertainty is useful in understanding that likelihoods and consequences can oftentimes not be predicted with a high degree of precision or accuracy.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Unacceptable Risk

Unacceptable Risk

Definition(s)

Unacceptable Risk

Level of risk at which, given costs and benefits associated with further risk reduction measures, action is deemed to be warranted at a given point in time.

Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards

Unacceptable Risk

Definition: level of risk at which, given costs and benefits associated with further risk reduction measures, action is deemed to be warranted at a given point in time. Sample Usage: The presence of contaminants in excess of a certain level represents an unacceptable risk to public health. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Subjective Probability

Subjective Probability

Definition(s)

Subjective Probability

Interpretation or estimate of probability as a personal judgment or ―degree of belief‖ about how likely a particular event is to occur, based on the state of knowledge and available evidence Sample Usage: Analysts use their knowledge of terrorist strategies, objectives, and capabilities in combination with evidence from operations to estimate a subjective probability of 10 percent for an attack to occur within the next five years. Annotation:
  1. Like all probabilities, subjective probability is conventionally expressed on a scale from zero to one where zero indicates the event is impossible and one indicates the event has or certainly will occur.
  2. Within the subjective probability interpretation, it is possible to estimate probabilities of events (using experts or models) that have not previously occurred or that have only rarely occurred, such as acts of terrorism. However, because subjective probabilities incorporate historical or trial data when available, the subjective probability will approximate the frequentist probability as data becomes more plentiful.
  3. Subjective probability is currently one of the most common uses of probability among statisticians and the risk analysis community.
  4. Bayesian probability is colloquially used as a synonym for subjective probability. In statistical usage, Bayesian probabilistic inference is an approach to statistical inference that employs Bayes’ theorem to revise prior information using evidence.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Subject Matter Expert ω:

Subject Matter Expert ω:

Definition(s)

Subject Matter Expert ω:

Individual with in-depth knowledge in a specific area or field. Sample Usage: A subject matter expert was consulted to inform team members on improvised nuclear devices. Annotation: Structured techniques for the elicitation of expert judgment are key tools for risk assessment. Subject matter experts are also used to supplement empirical data when needed, or to provide input on specialized subject areas for the purposes of designing and executing risk assessments. Frequently abbreviated as SME. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Strategic Risk

Strategic Risk

Definition(s)

Strategic Risk

Risk that affects an entity’s vital interests or execution of chosen strategy, whether imposed by external threats or arising from flawed or poorly implemented strategy. Sample Usage: An analysis of the organization's strategic risk considered threats to carrying out its essential mission functions. Annotation:
  1. Managing strategic risk is associated with the ability to recognize future trends, challenges, and threats and match these with appropriate operational concepts, capabilities, competencies, and capacity.
  2. Strategic risk can arise from three basic sources. First, strategic risk can arise from the actions of adversaries, from natural hazards or from non-adversarial human actions, such as accidents. These can be thought of as imposed risks. Second, strategic risk can be created by the unintended consequences of the strategies we adopt in response to imposed risks. These can be thought of as self-imposed risks. Finally, strategic risk can arise from obstacles to successful implementation of an adopted strategy. These obstacles can be either imposed (e.g., the actions of an adaptive adversary to counter a security measure or to exploit an unintended vulnerability created by a security measure) or self-imposed (e.g., failure to adequately resource, or to prematurely abandon, a strategy or course of action that would otherwise be beneficial.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Strategic Foresight

Strategic Foresight

Definition(s)

Strategic Foresight

Range of activities associated with longer range planning and alternative futures analysis. Sample Usage: The organization’s strategic foresight initiative called for horizon scanning and analysis of the long-term implications of security policies. Annotation: Strategic foresight can be applied to activities such as scenario development, critical thinking and brainstorming about long-term trends, Delphi sessions, workshops, trend analysis and gaming (or "war-gaming"). Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Simulation

Simulation

Definition(s)

Simulation

Model that behaves or operates like a given process, concept, or system when provided a set of controlled inputs Sample Usage: The scientists designed a simulation to see how weather affected the plume of smoke. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Social Amplification of Risk

Social Amplification of Risk

Definition(s)

Social Amplification of Risk

Distortion of the seriousness of a risk caused by public concern about the risk and/or about an activity contributing to the risk. Sample Usage: Social amplification of risk can result in public concern with an otherwise insignificant risk. Annotation:
  1. Describes the phenomenon by which hazards interact with psychological, social, institutional, and cultural processes in ways that may amplify or attenuate the public's perceived level of risk.
  2. The social amplification of risk phenomenon is the subject of a field of study that seeks to systematically link the technical assessment of risk with sociological perspectives of risk perception and risk-related behavior.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Semi-quantitative Risk Assessment Methodology

Semi-quantitative Risk Assessment Methodology

Definition(s)

Semi-quantitative Risk Assessment Methodology

Set of methods, principles, or rules to assess risk that uses bins, scales, or representative numbers whose values and meanings are not maintained in other contexts Sample Usage: By giving the "low risk, "medium risk," and "high risk" categories corresponding numerical values, the assessor used a semi-quantitative risk assessment methodology. Annotation: While numbers may be used in a semi-quantitative methodology, the values are not applicable outside of the methodology, and numerical results from one methodology cannot be compared with those from other methodologies. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Secondary Consequence

Secondary Consequence

Definition(s)

Secondary Consequence

Effect that is not a direct consequence of an event, incident, or occurrence, but is caused by a direct consequence, subsequent cascading effects, and/or related decisions. Sample Usage: The secondary consequence of a terrorist threat on a subway could be the decreased use of public transportation over time. Annotation:
  1. Examples of indirect consequences can include the enactment of new laws, policies, and risk mitigation strategies or investments, contagion health effects, supply-chain economic consequences, reductions in property values, stock market effects, and long-term cleanup efforts,
  2. Accounting for indirect consequences in risk assessments is important because they may have greater and longer-lasting effects than the direct consequences.
  3. Indirect consequences are also sometimes referred to as ripple, multiplier, general equilibrium, macroeconomic, secondary, and tertiary effects.
  4. The distinction between direct and indirect consequences is not always clear but what matters in risk analysis is a) capturing the likely effects – be they designated as direct or indirect – that should be part of the analysis, b) clearly defining what is contained as part of direct consequences and what is part of indirect consequences, and c) being consistent across the entire analysis. Such consistency and clarity is important for comparability across scenarios and risk analyses.
  5. Induced consequences are occasionally estimated separately from indirect consequences but should be contained within indirect estimates.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Scenario (risk)

Scenario (risk)

Definition(s)

Scenario (risk)

Hypothetical situation comprised of a hazard, an entity impacted by that hazard, and associated conditions including consequences when appropriate. Sample Usage: The team designed a scenario involving a terrorist attack at a plant to help assess the risk of certain types of terrorist attacks. Annotation: A scenario can be created and used for the purposes of training, exercise, analysis, or modeling as well as for other purposes. A scenario that has occurred or is occurring is an incident. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk-informed Decision Making

Risk-informed Decision Making

Definition(s)

Risk-informed Decision Making

Determination of a course of action predicated on the assessment of risk, the expected impact of that course of action on that risk, as well as other relevant factors. Sample Usage: He practiced risk-informed decision making in planning event security by considering both the results of the risk assessment and logistical constraints. Annotation: Risk-informed decision making may take into account multiple sources of information not included specifically in the assessment of risk as inputs to the decision process in addition to risk information, while risk-based decision making uses the assessment of risk as the primary decision driver. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk-based Decision Making

Risk-based Decision Making

Definition(s)

Risk-based Decision Making

Determination of a course of action predicated primarily on the assessment of risk and the expected impact of that course of action on that risk Sample Usage: After reading about threats and vulnerabilities associated with vehicle explosives, she practiced risk-based decision making by authorizing the installation of additional security measures. Annotation: Risk-based decision making uses the assessment of risk as the primary decision driver, while risk-informed decision making may account for multiple sources of information not included in the assessment of risk as significant inputs to the decision process in addition to risk information. Risk-based decision making has often been used interchangeably, but incorrectly, with risk-informed decision making. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Score

Risk Score

Definition(s)

Risk Score

Numerical result of a semi-quantitative risk assessment methodology. Sample Usage: By installing a surveillance system, the plant was able to change its risk score when the next assessment was conducted. Extended Definition: numerical representation that gauges the combination of threat, vulnerability, and consequence at a specific moment. Annotation: The application of risk management alternatives may result in a change of risk score. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Reduction

Risk Reduction

Definition(s)

Risk Reduction

Decrease in risk through risk avoidance, risk control, or risk transfer. Sample Usage: By placing vehicle barriers outside the facility, the security team achieved a significant risk reduction. Annotation:
  1. Risk reduction may be estimated during both the decision and evaluation phases of the risk management cycle.
  2. Risk reduction can be accomplished by reducing vulnerability and/or consequences (damages).
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Mitigation Option

Risk Mitigation Option

Definition(s)

Risk Mitigation Option

Measure, device, policy, or course of action taken with the intent of reducing risk. Sample Usage: Some medical professionals advise the risk mitigation option of vaccinations to reduce the risk of infection. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Management Strategy

Risk Management Strategy

Definition(s)

Risk Management Strategy

Course of action or actions to be taken in order to manage risks. Sample Usage: Mutual aid agreements are a risk management strategy used by some emergency response authorities to respond to large scale incidents. Extended Definition: proactive approach to reduce the usually negative impacts of various risks by choosing within a range of options that include complete avoidance of any risk that would cause harm or injury, accepting the risk, controlling the risk by employing risk mitigation options to reduce impacts, or transferring some or all of the risk to another entity based on a set of stated priorities. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Management Methodology

Risk Management Methodology

Definition(s)

Risk Management Methodology

Set of methods, principles, or rules used to identify, analyze, assess, and communicate risk, and accept, avoid, transfer, or control it to an acceptable level considering associated costs and benefits of any actions taken. Sample Usage: The risk management methodology recommended by the Government Accountability Office consists of five steps. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Management Cycle

Risk Management Cycle

Definition(s)

Risk Management Cycle

Sequence of steps that are systematically taken and revisited to manage risk. Sample Usage: Using the risk management cycle, the organization was able to understand and measurably decrease the risks it faced. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Management Alternatives Development

Risk Management Alternatives Development

Definition(s)

Risk Management Alternatives Development

Process of systematically examining risks to develop a range of options and their anticipated effects for decision makers. Sample Usage: After completing the risk management alternatives development step, the analysis team presented a list of risk management options. Annotation: The risk management alternatives development step of the risk management process generates options for decision makers to consider before deciding on which option to implement. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Indicator

Risk Indicator

Definition(s)

Risk Indicator

Measure that signals the potential for an unwanted outcome as determined by qualitative or quantitative analysis. Sample Usage: The facility operators were trained to recognize certain risk indicators during inspections. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Governance

Risk Governance

Definition(s)

Risk Governance

Actors, rules, practices, processes, and mechanisms concerned with how risk is analyzed, managed, and communicated. Sample Usage: Risk governance applies the principles of good governance that include transparency, effectiveness, efficiency, accountability, strategic focus, and the need for the chosen solution to be politically and legally feasible. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Exposure

Risk Exposure

Definition(s)

Risk Exposure

Contact of an entity, asset, system, network, or geographic area with a potential hazard. Sample Usage: The scenario described the estimated costs that would be incurred in the event of risk exposure. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Data

Risk Data

Definition(s)

Risk Data

Information on key components of risk that are outputs of or inputs to risk assessments and risk analyses. Sample Usage: Risk data can be securely stored from earlier assessments and analyses to allow for comparisons or identification of trends. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Assessment Tool

Risk Assessment Tool

Definition(s)

Risk Assessment Tool

Activity, item, or program that contributes to determining and evaluating risks. Sample Usage: A checklist is a common risk assessment tool that allows users to easily execute risk assessments in a consistent way. Annotation: Tools can include computer software and hardware, standard forms, or checklists for recording and displaying risk assessment data. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Risk Assessment Methodology

Risk Assessment Methodology

Definition(s)

Risk Assessment Methodology

Set of methods, principles, or rules used to identify and assess risks and to form priorities, develop courses of action, and inform decision making.

Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards

Risk Assessment Methodology

Set of methods, principles, or rules used to identify and assess risks and to form priorities, develop courses of action, and inform decision making. Sample Usage: The Maritime Security Risk Analysis Model (MSRAM) is a risk assessment methodology used to assess risk at our Nation's ports. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance