Glossary
Browse the IADC Lexicon alphabetically or by category. Get comprehensive definitions of drilling industry terms.
Relative Risk
Definition(s)
Relative Risk
Measure of risk that represents the ratio of risks when compared to each other or a control.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsRelative Risk
Measure of risk that represents the ratio of risks when compared to each other or a control. Sample Usage: Although the site is prone to frequent low level flooding, the relative risk posed by a hurricane is greater than that posed by a flood. Annotation:- The relative risk value of a scenario is meaningful only in comparison to other similarly constructed risk values.
- Due to inherent uncertainties in risk analysis, relative risk may be more useful to decision makers than risk measured in expected annualized dollars lost or lives lost.
- Using relative risk might convey the necessary meaning to decision makers while avoiding the disclosure of sensitive or classified information.
Quantitative Risk Assessment Methodology
Definition(s)
Quantitative Risk Assessment Methodology
Set of methods, principles, or rules for assessing risks based on the use of numbers where the meanings and proportionality of values are maintained inside and outside the context of the assessment Sample Usage: Engineers at the plant used a quantitative risk assessment methodology to assess the risk of system failure. Annotation: While a semi-quantitative methodology also involves the use of numbers, only a purely quantitative methodology uses numbers in a way that allows for the consistent use of values outside the context of the assessment. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceQualitative Risk Assessment Methodology
Definition(s)
Qualitative Risk Assessment Methodology
Set of methods, principles, or rules for assessing risk based on non-numerical categories or levels Sample Usage: The qualitative risk assessment methodology allows for categories of ―low risk,‖ ―medium risk,‖ and ―high risk. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidancePsychological Consequence
Definition(s)
Psychological Consequence
Effect of an incident, event, or occurrence on the mental or emotional state of individuals or groups resulting in a change in perception and/or behavior.
Sample Usage: A psychological consequence of the disease outbreak could include the reluctance of the public to visit hospitals, which may make it more difficult for experts to control the outbreak.
Annotation: In the context of homeland security, psychological consequences are negative and refer to the impact of an incident, event, or occurrence on the behavior or emotional and mental state of an affected population.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceProbabilistic Risk Assessment
Definition(s)
Probabilistic Risk Assessment
Type of quantitative risk assessment that considers possible combinations of occurrences with associated consequences, each with an associated probability or probability distribution. Sample Usage: The engineers conducted a probabilistic risk assessment to determine the risk of an accident resulting from a series of compounding failures. Annotation:- Probabilistic risk assessments are typically performed on complex technological systems with tools such as fault and event trees and Monte Carlo simulations to evaluate security risks and/or accidental failures.
- For some types of risk, like those involving human volition, the probability of occurrence of an event may not be independent of the consequences and, in fact, may be a function of the consequences.
Primary Consequence
Definition(s)
Primary Consequence
Effect that is an immediate result of an event, incident, or occurrence. Sample Usage: Property damage and injuries were among the primary consequences resulting from the flood. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceOperational Risk
Definition(s)
Operational Risk
Risk that has the potential to impede the successful execution of operations. Sample Usage: Given that none of the security guards had the flu vaccine, influenza posed an operational risk to provision of security for the facility. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceNon-adaptive Risk
Definition(s)
Non-adaptive Risk
Category of risk that includes threats caused by natural and technological hazards Sample Usage: The suspected path of a tornado can be categorized as a non-adaptive risk. Annotation: Threats from non-adaptive risks are caused by physical characteristics and dimensions that do not change in reaction to measures taken. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceNormalized Risk
Definition(s)
Normalized Risk
Measure of risk created by mathematically adjusting a value in order to permit comparisons.
Sample Usage: The risk assessment report displayed the normalized risk of the three biological agents to facilitate comparison and avoid sharing sensitive information.
Annotation:
- Typically, normalized risk divides the risk of each scenario by the sum of the risk across the set of scenarios under consideration. For example, if you are considering the expected number of fatalities from three different biological agents A, B and C, then the total risk posed by these biological agents is the sum of the risk posed by each of them. If agent A has expected fatalities of 10,000, Agent B has 7,000, and Agent C has 3,000, then the total risk is 20,000 fatalities and the normalized risks are 0.5 for Agent A, 0.35 for Agent B, and 0.15 for Agent C. This particular way of normalizing risk is commonly referred to as ―normalizing to 1‖ because now the risk from all the scenarios in the considered set sums to 1.
- Risk can be normalized by dividing by an existing sample space value. For example, if there were 100 car accidents this year and 800 last year, then normalizing these values with respect to the total vehicle trips each year permits a more appropriate comparison of the risk of last year versus this year. If there were 10,000 vehicle trips this year then 100/10,000, or 1% of all trips ended in accidents, whereas if last year there were 100,000 vehicle trips then 800/100,000, or 0.8% of all trips ended in accidents. Without normalization it would appear that it was more risky to drive last year, but in reality the opposite is the case.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Net Assessment
Definition(s)
Net Assessment
Multidisciplinary strategic assessment process used to provide a comparative evaluation of the balance of strengths and weaknesses. Sample Usage: A key aspect of net assessment involves analyzing technological influences on the security environment. Annotation: Net assessment often involves the combined use of business principles, scenarios, crisis gaming and path gaming, conflict situations, and other tools. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceNatural Hazard
Definition(s)
Natural Hazard
Source of harm or difficulty created by a meteorological, environmental, or geological phenomenon or combination of phenomena. Sample Usage: A natural hazard, such as an earthquake, can occur without warning. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceMission Consequence
Definition(s)
Mission Consequence
Effect of an incident, event, operation, or occurrence on the ability of an organization or group to meet a strategic objective or perform a function. Sample Usage: The inability to ensure the public’s access to clean drinking water could be a mission consequence of the earthquake. Annotation: Valuation of mission consequence should exclude other types of consequences (e.g., human consequence, economic consequence, etc.) if they are evaluated separately in the assessment. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceJoint Probability
Definition(s)
Joint Probability
Joint probability is the probability of two events occurring in conjunction -that is, the probability that event A and event B both occur, written as ) or P(AB) and pronounced A intersect B. The probability of someone dying from the pandemic flu is equal to the joint probability of someone contracting the flu (event A) and the flu killing them (event B). Joint probabilities are regularly used in Probabilistic Risk Assessments and Event Trees. Sample Usage: The probability of developing a fever from influenza is equal to the joint probability of someone contracting influenza and developing a fever. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceIntentional Hazard
Definition(s)
Intentional Hazard
Source of harm, duress, or difficulty created by a deliberate action or a planned course of action. Sample Usage: Cyber attacks are an intentional hazard that DHS works to prevent. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceIndirect Consequence
Definition(s)
Indirect Consequence
Effect that is not a direct consequence of an event, incident, or occurrence, but is caused by a direct consequence, subsequent cascading effects, and/or related decisions. Sample Usage: In the following months, decreased commerce and tourism were among the indirect consequences resulting from the hurricane. Annotation:- Examples of indirect consequences can include the enactment of new laws, policies, and risk mitigation strategies or investments, contagion health effects, supply-chain economic consequences, reductions in property values, stock market effects, and long-term cleanup efforts,
- Accounting for indirect consequences in risk assessments is important because they may have greater and longer-lasting effects than the direct consequences.
- Indirect consequences are also sometimes referred to as ripple, multiplier, general equilibrium, macroeconomic, secondary, and tertiary effects.
- The distinction between direct and indirect consequences is not always clear but what matters in risk analysis is a) capturing the likely effects – be they designated as direct or indirect – that should be part of the analysis, b) clearly defining what is contained as part of direct consequences and what is part of indirect consequences, and c) being consistent across the entire analysis. Such consistency and clarity is important for comparability across scenarios and risk analyses.
- Induced consequences are occasionally estimated separately from indirect consequences but should be contained within indirect estimates.
Human Consequence (Health)
Definition(s)
Human Consequence (Health)
Effect of an incident, event, or occurrence that results in injury, illness, or loss of life Sample Usage: The human consequence of the attack was 20 fatalities and 50 injured persons. Annotation: When measuring human consequence in the context of homeland security risk, consequence is assessed as negative and can include loss of life or limb, or other short-term or long-term bodily harm or illness. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceHorizon Scanning
Definition(s)
Horizon Scanning
Process of identifying future trends, drivers, and/or conditions that may have an effect on future events, incidents, or occurrences. Sample Usage: In alternative futures analysis of potential attacks on transportation systems, horizon scanning indicated that future availability of technology for adversaries could provide more options for carrying out an attack. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceGame Theory
Definition(s)
Game Theory
Branch of applied mathematics that models interactions among agents where an agent’s choice and subsequent success depend on the choices of other agents that are simultaneously acting to maximize their own results or minimize their losses. Sample Usage: Analysts used game theory to model terrorist behavior in response to potential security measures. Annotation:- Game theory can be used in the context of risk analysis to model strategic decisions and interactions of agents with conflicting interests to predict likely decision outcomes.
- A basic application of game theory involves two players and two strategy alternatives.
Frequentist Probability
Definition(s)
Frequentist Probability
Definition: interpretation or estimate of probability as the long-run frequency of the occurrence of an event as estimated by historical observation or experimental trials. Sample Usage:- Based on empirical evidence from repeated experimental trials, the frequentist probability of getting a three when rolling a fair six-sided die is 1/6 or 16.7%.
- Based on historical evidence, scientists can provide a frequentist probability of experiencing a category 5 hurricane in a given year.
- Within the frequentist probability interpretation, precise estimation of new or rarely occurring events, such as the probability of a catastrophic terrorist attack, is generally not possible.
- Frequentist probabilities generally do not incorporate ―degree of belief‖ information, such as certain types of intelligence information.
Economic Consequence
Definition(s)
Economic Consequence
Effect of an incident, event, or occurrence on the value of property or on the production, trade, distribution, or use of income, wealth, or commodities. Sample Usage: The loss of the company's trucking fleet was an economic consequence of the tornado. Annotation: When measuring economic consequence in the context of homeland security risk, consequences are usually assessed as negative and measured in monetary units. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceDirect Consequence
Definition(s)
Direct Consequence
Effect that is an immediate result of an event, incident, or occurrence.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsDirect Consequence
Effect that is an immediate result of an event, incident, or occurrence. Sample Usage: Property damage and loss of life were among the direct consequences resulting from the hurricane. Annotation:- Direct consequences can include injuries, loss of life, on-site business interruption, immediate remediation costs, and damage to property and infrastructure as well as to the environment.
- The distinction between direct and indirect consequences is not always clear, but what matters in risk analysis is a) capturing the likely effects – be they designated as direct or indirect – that should be part of the analysis, b) clearly defining what is contained as part of direct consequences and what is part of indirect consequences, and c) being consistent across the entire analysis. Such consistency and clarity is important for comparability across scenarios and risk analyses.
Deterrent
Definition(s)
Deterrent
Measure that discourages, complicates, or delays an adversary’s action or occurrence by instilling fear, doubt, or anxiety. Sample Usage: Robust countermeasures can serve as a deterrent to some adversaries, causing them to change, delay, or abandon their plans. Annotation:- A deterrent reduces threat by decreasing the likelihood that an attack (or illegal entry, etc.) will be attempted.
- One form of deterrent is a prospective punitive action intended to discourage the adversary from acting (e.g., massive nuclear retaliation, Mutual Assured Destruction during the Cold War, or prison for conventional crimes). Another form of deterrent is a measure or set of measures that affects the adversary's confidence of success (e.g., fences, border patrols, checkpoints).
- A deterrent may cause an adversary to abandon plans to attempt an attack (or illegal entry, etc).
- A deterrent may cause the adversary to react by "threat shifting" in any of several domains: shift in time (delay); shift in target; shift in resources (additional resources); and/or a shift in plan or method of attack.
- Resilience, in terms of both critical economic systems and infrastructure and in societal resilience (e.g., the famed British ―stiff upper lip‖ of WWII, advance preparation for effective consequence reduction response operations, etc.), also has a potential deterrent value achieved when terrorist groups perceive that the strategic impact they seek through a particular attack or type of attack will not be achieved.
Decision Analysis
Definition(s)
Decision Analysis
Techniques, body of knowledge, and professional practice used to provide analytical support for making decisions through a formalized structure. Sample Usage: Decision analysis can be used to more effectively allocate resources to various risk reduction measures. Annotation: Decision analysis can be used in the context of risk analysis to evaluate complex risk management decisions. Decision analysis can be applied to strategic, operational, and tactical decisions. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceCriticality Assessment
Definition(s)
Criticality Assessment
Product or process of systematically identifying, evaluating, and prioritizing based on the importance of an impact to mission(s), function(s), or continuity of operations.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsCriticality Assessment
Product or process of systematically identifying, evaluating, and prioritizing based on the importance of an impact to mission(s), function(s), or continuity of operations Sample Usage: A criticality assessment determined that the county's chemical plants required greater attention than previously determined. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceCriticality
Definition(s)
Criticality
Importance to a mission, function, or continuity of operations.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsCriticality
Importance to a mission or function, or continuity of operations. Sample Usage: The criticality of the asset was determined based upon the number of people to whom it provided service. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceCountermeasure
Definition(s)
Countermeasure
An action, measure, or device intended to reduce an identified risk.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsCountermeasure
Means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be administrative, technical, management, or legal in nature. [ISO/IEC 27000:2009]- NOTE: ISO Guide 73:2009 defines control as simply a measure that is modifying risk.
Countermeasure
Action, measure, or device intended to reduce an identified risk. Sample Usage: Some facilities employ surveillance cameras as a countermeasure. Annotation: A countermeasure can reduce any component of risk -threat, vulnerability, or consequence. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceCountermeasure
Action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken [11].- NOTE: The term “Control” is also used to describe this concept in some contexts. The term countermeasure has been chosen for this standard to avoid confusion with the word control in the context of “process control.”
Cost-benefit Analysis (CBA)
Definition(s)
Cost-benefit Analysis
The decision-making process in which the costs and benefits of each countermeasure alternative are compared and the most appropriate alternative is selected.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards