University of Virginia,Center for Risk Management of Engineering Systems, PO Box 400736, Charlottesville, VA 22904, USA.
Risk Anal. 2011 Aug;31(8):1175-86. doi: 10.1111/j.1539-6924.2011.01603.x. Epub 2011 Mar 31.
This article highlights the complexity of the quantification of the multidimensional risk function, develops five systems-based premises on quantifying the risk of terrorism to a threatened system, and advocates the quantification of vulnerability and resilience through the states of the system. The five premises are: (i) There exists interdependence between a specific threat to a system by terrorist networks and the states of the targeted system, as represented through the system's vulnerability, resilience, and criticality-impact. (ii) A specific threat, its probability, its timing, the states of the targeted system, and the probability of consequences can be interdependent. (iii) The two questions in the risk assessment process: "What is the likelihood?" and "What are the consequences?" can be interdependent. (iv) Risk management policy options can reduce both the likelihood of a threat to a targeted system and the associated likelihood of consequences by changing the states (including both vulnerability and resilience) of the system. (v) The quantification of risk to a vulnerable system from a specific threat must be built on a systemic and repeatable modeling process, by recognizing that the states of the system constitute an essential step to construct quantitative metrics of the consequences based on intelligence gathering, expert evidence, and other qualitative information. The fact that the states of all systems are functions of time (among other variables) makes the time frame pivotal in each component of the process of risk assessment, management, and communication. Thus, risk to a system, caused by an initiating event (e.g., a threat) is a multidimensional function of the specific threat, its probability and time frame, the states of the system (representing vulnerability and resilience), and the probabilistic multidimensional consequences.
本文重点阐述了多维风险函数量化的复杂性,针对受威胁系统,提出了基于五个系统的前提来量化恐怖主义风险,并倡导通过系统状态来量化脆弱性和恢复力。这五个前提是:(i)恐怖网络对系统的特定威胁与目标系统的状态之间存在相互依存关系,表现为系统的脆弱性、恢复力和关键影响状态。(ii)特定威胁、其概率、其时间、目标系统的状态以及后果的概率可以相互依存。(iii)风险评估过程中的两个问题:“可能性有多大?”和“后果是什么?”可以相互依存。(iv)风险管理政策选择可以通过改变系统的状态(包括脆弱性和恢复力)来降低针对目标系统的威胁及其相关后果的可能性。(v)必须通过认识到系统的状态是基于情报收集、专家证据和其他定性信息构建后果定量指标的重要步骤,基于对特定威胁对脆弱系统的风险进行量化,来构建一个系统的、可重复的建模过程。所有系统的状态都是时间(以及其他变量)的函数,这使得时间框架在风险评估、管理和沟通的每个过程中都至关重要。因此,由起始事件(例如威胁)引起的系统风险是特定威胁、其概率和时间框架、系统状态(代表脆弱性和恢复力)以及概率多维后果的多维函数。
