Re: [SystemSafety] Notions of Risk

From: Christopher Johnson < >
Date: Wed, 13 Jan 2016 11:56:43 +0000

Part of the problem also is that your opponents may not share your notions of value or negative utility. Hence predicting a target is not an objectively defined exercise and this in turn affects the probability of an attack. Other issues include the barriers to reporting and disclosure that mean we rarely can use a frequentist approach even in actuarial work.

All the best,

Sent: 13 January 2016 10:28
To: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Notions of Risk

Hash: SHA512

I agree that a frequentist probability approach to security is inappropriate and that uncertainty is a better word. The likelihood that a security vulnerability will be exploited is not stochastic, but it makes good sense to talk about relative likelihoods (if there is a mass escape from your neighbouring prison then it is more likely that someone will try to break into your house).


On 13/01/2016 06:12, Peter Bernard Ladkin wrote:
> There is some move to consider safety and security together in engineered systems and as a result
> I have come across - again - various informal notions of risk. I thought it worth while to perform
> a quick (but incomplete) survey of current standards and to try to elucidate the components
> currently thought to go together to constitute risk.
> In a nutshell, the project-management idea of risk as the chance that things will go badly wrong
> is on the way out (it's been replaced in ISO/IEC Guide 73). That's something to applaud, in my
> view. But there are often things wrong with the probability/likelihood component of our favored
> notion, and visible suggestions it be generalised into something like a measure of uncertainty.
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
> Je suis Charlie
> Tel+msg +49 (0)521 880 7319<>
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >


Version: GnuPG/MacGPG2 v2
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -

iQEcBAEBCgAGBQJWlibJAAoJEAev1z3Tv8QLisUIAINbjCBsHXCLFmeWfFdxq+Er vSbwRYtMvM5ptrv0T3Sgwaq7qQVkj71z/hQzCBt9yfE2IbRZ+/tgJeAj4bbwxcq5 m6yDzTRDQkSPWvMzD2EqHkSHT7RNhaizNk+LtkWt6jFXrdUrliC29yAOakM/v4xj Bg+2U+Rv8RU7SyhxN/25uhmfzdhA//5nK29SY03mbYSck+xv0/Rfv2eKJceHN6qX 6mbRLXZ5LBvhKSh3SjygKLHLOFxw5t2PP7KFSrau3+IeO8/a9gm8pKMnHd66e4N+ lWKpzc0MJ7figxzBdDa7Ct/xSfRHbwxZ41pM5ZWOeu/aAEXQj3FsYonoiPXfKyE= =q0+j

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Jan 13 2016 - 12:56:55 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST