A few weeks ago I came across an excellent book from 1977 entitled An Anatomy of Risk by William Rowe, Sr. (ISBN: 0471019941).  This book provides a thorough technical summary of the state of the art in risk analysis through the mid-1970s.  This includes some of the ground breaking work on risk perception, risk assessment for nuclear power, risk communication, etc.  I believe that this book is one of the first authoritative texts on quantitative risk analysis ever published.  However, since the book was written at a time when risk analysis was a relatively new academic discipline, it was not intended for undergraduate audiences looking to learn the basics of risk.  For me, I intend to use this text as my gateway to the classic research works on risk analysis.

An Anatomy of Risk was previously reviewed by a number of scholars as cited below.  Note that in most cases you must have a subscription to view the actual review.  I also noted the tone of the review on a five-tier scale (SCATHING, UNFAVORABLE, NEUTRAL, FAVORABLE, PRAISING).

• A PRAISING review by P. K. M’Pherson in Cybernetics and Systems, Vol. 8, Nos. 3 & 4, pp. 352-354 (1977) (permalink)
• A FAVORABLE review by L. E.Hill in Technology and Culture, Vol. 19, No. 4, pp. 788-790 (1978) (permalink)
• A PRAISING review by A. R. Unwin in The Journal of the Operational Research Society, Vol. 29, No. 8, pp. 825-826 (1978) (permalink)
• A FAVORABLE review in ACM SIGSIM Simulation Digest, Vol. 10, No. 4, p. 70 (1979) (permalink)
• A SCATHING review by R. G. Easterling in Technometrics, Vol. 22, No. 2, pp. 278-279 (1980) (permalink)
• A FAVORABLE review by M. L. Randolph in Ecology, Vol. 62, No. 4, pp. 1133-1134 (1981) (permalink)

On balance, I would say that the overall take on Dr. Rowe’s book was FAVORABLE++.  I personally recommend that all emerging risk researchers add this title to their Christmas book wish list.

An Anatomy of Risk is no longer available NEW, and can only be purchased used via a used book outlet such as Alibris.com (see here).

Send article as PDF to

Siambabala Bernard Manyena’s 2006 paper entitled “The Concept of Resilience Revisited” (Disasters, Vol. 30, No. 4, pp. 433-450, doi:10.1111/j.0361-3666.2006.00331.x) provided a nice summary of alternative definitions for the word “resilience” gleaned from a variety of academic publications (copied below; see original paper for citations).  The number of definitions are fewer than that for the word vulnerability as talked about in my previous post.

• Wildavsky (1991) Resilience is the capacity to cope with unanticipated dangers after they have become manifest, learning to bounce back.
• Holling et al., (1995) It is the buffer capacity or the ability of a system to absorb perturbation, or the magnitude of disturbance that can be absorbed before a system changes its structure by changing the variables.
• Horne and Orr (1998) Resilience is a fundamental quality of individuals, groups and organisations, and systems as a whole to respond productively to significant change that disrupts the expected pattern of events without engaging in an extended period of regressive behaviour.
• Mallak (1998) Resilience is the ability of an individual or organisation to expeditiously design and implement positive adaptive behaviours matched to the immediate situation, while enduring minimal stress.
• Miletti (1999) Local resiliency with regard to disasters means that a locale is able to withstand an extreme natural event without suffering devastating losses, damage, diminished productivity, or quality of life without a large amount of assistance from outside the community.
• Comfort (1999) The capacity to adapt existing resources and skills to new systems and operating conditions.
• Paton, Smith and Violanti (2000) Resilience describes an active process of self-righting, learned resourcefulness and growth—the ability to function psychologically at a level far greater than expected given the individual’s
  capabilities and previous experiences.
• Kendra and Wachtendorf (2003) The ability to respond to singular or unique events.
• Cardona (2003) The capacity of the damaged ecosystem or community to absorb negative impacts and recover from these.
• Pelling (2003) The ability of an actor to cope with or adapt to hazard stress.
• Resilience Alliance (2005) Ecosystem resilience is the capacity of an ecosystem to tolerate disturbance without collapsing into a qualitatively different state that is controlled by a different set of processes. A resilient ecosystem can withstand shocks and rebuild itself when necessary. Resilience in social systems has the added capacity of humans to anticipate and plan for the future.
• UNISDR (2005) The capacity of a system, community or society potentially exposed to hazards to adapt, by resisting or changing in order to reach and maintain an acceptable level of functioning and structure. This is determined by the degree to which the social system is capable of organising itself to increase this capacity for learning from past disasters for better future protection and to improve risk reduction measures.

Send article as PDF to

Juergen Weichselgartner’s 2001 paper entitled “Disaster Mitigation: The Concept of Vulnerability Revisited” (Disaster Prevention and Management, Vol. 10, No. 2, pp. 85-94, doi:10.1108/09653560110388609) provided a nice summary of alternative definitions for the word “vulnerability” gleaned from a variety of academic publications (copied below; see original paper for citations).

• Gabor and Griffith (1980) Vulnerability is the threat (to hazardous materials) to which people are exposed (including chemical agents and the ecological situation of the communities and their level of emergency preparedness). Vulnerability is the risk context.
• Timmerman (1981) Vulnerability is the degree to which a system acts adversely to the occurrence of a hazardous event. The degree and quality of the adverse reaction are conditioned by a system’s resilience (a measure of the system’s capacity to absorb and recover from the event)
• UNDRO (1982) Vulnerability is the degree of the loss to a given element or set of elements at risk resulting from the occurrence of a natural phenomenon of a given magnitude
• Petak and Atkisson (1982) The vulnerability element of the risk analysis involved the development of a computer-based exposure model for each hazard and appropriate damage algorithms related to various types of buildings
• Susman et al. (1983) Vulnerability is the degree to which different classes of society are differentially at risk
• Kates (1985) Vulnerability is the “capacity to suffer harm and react adversely”
• Pijawka and Radwan (1985) Vulnerability is the threat or interaction between risk and preparedness. It is the degree to which hazardous materials threaten a particular population (risk) and the capacity of the community to reduce the risk or adverse consequences of hazardous materials releases
• Bogard (1989) Vulnerability is operationally defined as the inability to take effective measures to insure against losses. When applied to individuals, vulnerability is a consequence of the impossibility or improbability of effective mitigation and is a function of our ability to detect hazards
• Mitchell (1989) Vulnerability is the potential for loss
• Liverman (1990) Distinguishes between vulnerability as a biophysical condition and vulnerability as defined by political, social and economic conditions of society. She argues for vulnerability in geographic space (where vulnerable people and places are located) and vulnerability in social space (who in that place is vulnerable)
• Downing (1991) Vulnerability has three connotations: it refers to a consequence (e.g. famine) rather than a cause (e.g. drought); it implies an adverse consequence (e.g., maize yields are sensitive to drought; households are vulnerable to hunger); and it is a relative term that differentiates among socioeconomic groups or regions, rather than an absolute measure or deprivation
• UNDRO (1991) Vulnerability is the degree of the loss to a given element or set of elements at risk resulting from the occurrence of a natural phenomenon of a given magnitude and expressed on a scale from 0 (no damage) to 1 (total loss). In lay terms, it means the degree to which individual, family, community, class or region is at risk from suffering a sudden and serious misfortune
  following an extreme natural event
• Dow (1992) Vulnerability is the differential capacity of groups and individuals to deal with hazards, based on their positions within physical and social worlds
• Smith (1992) Human sensitivity to environmental hazards represents a combination of physical exposure and human vulnerability ± the breadth of social and economic tolerance available at the same site
• Alexander (1993) Human vulnerability is function of the costs and benefits of inhabiting areas at risk from natural disaster
• Cutter (1993) Vulnerability is the likelihood that an individual or group will be exposed to and adversely affected by a hazard. It is the interaction of the hazard of place (risk and mitigation) with the social profile of communities
• Watts and Bohle (1993) Vulnerability is defined in terms of exposure, capacity and potentiality. Accordingly, the prescriptive and normative response to vulnerability is to reduce exposure, enhance coping capacity, strengthen recovery potential and bolster damage control (i.e., minimize destructive consequences) via private and public means
• Blaikie et al. (1994) By vulnerability we mean the characteristics of a person or a group in terms of their capacity to anticipate, cope with, resist and recover from the impact of a natural hazard. It involves a combination of factors that determine the degree to which someone’s life and livelihood are put at risk by a discrete and identifiable event in nature or in society
• Green et al. (1994) Vulnerability to flood disruption is a product of dependence (the degree to which an activity requires a particular good as an input to function normally), transferability (the ability of an activity to respond to a disruptive threat by overcoming dependence either by deferring the activity in time, or by relocation, or by using substitutes), and susceptibility (the probability and extent
  to which the physical presence of flood water will affect inputs or outputs of an activity)
• Bohle et al. (1994) Vulnerability is best defined as an aggregate measure of human welfare that integrates environmental, social, economic and political exposure to a range of potential harmful perturbations. Vulnerability is a multilayered and multidimensional social space defined by the determinate, political, economic and institutional capabilities of people in specific places at specific times
• Dow and Downing (1995) Vulnerability is the differential susceptibility of circumstances contributing to vulnerability. Biophysical, demographic, economic, social and technological factors such as population ages, economic dependency, racism and age of infrastructure are some factors which have been examined in association with natural hazard
• Gilard and Givone (1997) Vulnerability represents the sensitivity of land use to the hazard phenomenon
• Comfort, L. et al. (1999) Vulnerability are those circumstances that place people at risk while reducing their means of response or denying them available protection
• Weichselgartner and Bertens (2000) By vulnerability we mean the condition of a given area with respect to hazard, exposure, preparedness, prevention, and response characteristics to cope with specific natural hazards. It is a measure of capability of this set of elements to withstand events of a certain physical character

Of course, this list is by no means complete; in fact, the definitions from obvious sources such as Webster’s dictionary, Department of Defense doctrine, and a host of other papers were not included.  I leave it to the readers of this blog to discover alternative definitions that are most suited for his or her particular application.  But if one was looking for a really short definition of vulnerability to sum up everything above, consider the following two (my preferences):

Vulnerability is the manifestation of the inherent states of a system that render is susceptible to harm or loss (a paraphrased definition of the notion of vulnerability offered by Prof. Yacov Haimes at the University of Virginia)

The vulnerability of an entity to realizing a specified adverse outcome following the occurrence of a particular triggering or initiating event is measured as the conditional probability of the outcome given the triggering event has occurred (an expanded version of the definition I offer in my SRA 311 class at Penn State)

Send article as PDF to

The authors of a book I read recently spoke of the “three D’s” of security: “denial,” “detection,” and “deterrence” (the latter being my personal favorite).  These “three Ds” brought to mind another set of “Ds” I came across while on an ASME Fellowship to the Department of Homeland Security in 2003-2004: “detect,” “delay,” “defend,” and “devalue.”  This post talks about these two different sets of security “D” words, and the extent to which one is or is not better than the other.

To begin this discussion, let’s first consider a logical expression for security vulnerability, which is usually expressed in terms of the probability of adversary success given attempt:

Pr(S) = 1 – Pr(“Detect”)·Pr(“Engage”)·Pr(“Neutralize”)

In words, this equation states that adversary non-success (defender success) requires that the defender detect, engage (which consists of delay and response) then neutralize the adversary (in sequence) – failure to do any one of these will result in adversary success (barring any random things outside the protector’s control that might thwart the adversary’s attempt).

From the point of view of the equation above, DHS is dead on and more.  The equivalence of detection is evident.  In order to engage an adversary, one must respond to the adversary prior to him executing an attack.  Delaying an adversary long enough to respond enables engagement – the longer the delay, the greater likeliness that the defenders will respond in time to do something to stop him.  Defense is essentially equivalent to neutralization in that the objective is to thwart the attacker once engaged.  So, the first three “Ds” of the DHS security quartet correspond to the three parameters of the security vulnerability equation.

But where does devalue fit in?  I must admit that I never heard anyone use the word “devalue” in the context of security prior to my days at DHS.  The focus on devalue is not on improving security, but on improving the resilience or hardness of a system to withstand an attack.  That is, a “devalued” target is one that has been modified in such a way that would result in less loss to the defender (and hence less gain to the adversary) in the event of an attack.  In this sense, devalue seeks to influence adversary target selection by making it intrinsically difficult to achieve the desired gain even when the security system fails.  For example, without doing anything to improve security, the switch to using bleach instead of chlorine in a water treatment facility in effect devalues such a target since bleach is much less harmful to humans in the event of its deliberate release.  Adversaries bent on exploiting infrastructure to harm adjacent communities might be less interested in attack a water treatment plant that made such a shift.

Now consider the security triplet described by Fuqua and Wilson (see my recent post on their 1977 book) in light of the above equation for security vulnerability (i.e., deny, detect, deter).  Fuqua and Wilson essentially looked at the security problem from the point of view of an asset owner (e.g., the “executive”).  Again, the equivalence in the detection term is evident.  “Denial” considers the combination of both engagement and neutralization following detection (such as by a local police force), as well as simple barriers that can’t realistically be overcome (e.g,, 12-foot walls followed by several layers of fences covered in razor-wire), distance or terrain with deadly animals (e.g., attack dogs, flocks of scary geese, alligators in moats), etc.  The focus with denial, though, is more broadly focused on denying success in whichever way possible; detection need not occur for an adversary to be denied opportunity. The combination of detection measures and denial measures (including those that require detection and those that do not) cover the same elements as the equation posed at the beginning of this post, but in a slightly different way as follows:

Pr(S) = 1 – Pr(“Denial”|”Detection”)Pr(“Detection”) – Pr(“Denial”|”No Detection”)Pr(“No Detection”)

(the astute reader might notice that this equation above equates the event “denial” with “adversary failure,” or rather “failure to deny” is the same as “adversary success”).  Obviously, this equation is more general than the one posed initially as the defender still stands a chance at denying the adversary success through non-detection-dependent denial measures.

“Deterrence” (again, my personal favorite) touches on those measures that influence the perceptions of adversaries.  Arguably, all visible security measures have some deterrence value as they shape the adversary’s perceived probability of success.  Measures taken to devalue a target also act as a deterrent in the sense that it lessens the adversary’s perceived gain from success.  Even deceptive measures such as decoys that have no intrinsic “aggressor resistance” have at least a little deterrence value so long as the adversary remains fooled.  If the adversary feels that success is less likely than failure, and that the gain from success is less than desired, the overall likeliness of an event is lower than is success seemed likely and the gain was sufficient.  So, unlike all the other “D” words talked about so far, deterrence is the only term that specifically targets the likeliness of event portion of the risk equation.

So which set of “D” words is better?  It really is hard to say.  Fuqua and Wilson offer a term (“deterrence”) that relates to likeliness of event, while the DHS approach (“devalue”) offers a term that relates to the physical vulnerability portion of the risk equation.  Otherwise, the two sets of “D” words are the same, more or less.  In the end, all these “D” words (as well as words that start with letters other than “D”) are important since they assist security practitioners in thinking through problems.

With all this talk about “D” words, I find myself tempted to write a security-related song about the letter “D” in the spirit of Cookie Monster’s song about the letter “C”.   I call it “D’s are for Security” or the “Security Song:”

D is for denial, to stop you from harming me

D is for detection, to catch my enemies

D is for deterrence, to scare you away from me

Oh, security is all about “Ds.”

Send article as PDF to

Today I gave a lecture to my risk management class at Penn State (SRA 311, Risk Management: Assessment and Mitigation) focused on the words of risk analysis (lecture 2 of 31).  As anyone who provides services to any type of client knows, one of the first things you have to do on day one is ensure a common understanding of key words and phrases.  This was part one of my lecture, that is, explaining that people don’t necessarily assign the same meanings to certain words as others, even if they are in the same field.  The remaining parts focused on two words in particular – “security” and “risk” – and sought to explain what “risk” is and how it fits into security activities.  This lecture was fun for me to deliver, but in hindsight, it was probably a bit too densely packed with ideas for students with less background knowledge.  All in all, I think it went ok.

Class Summary

As a backdrop for discussion, I had my students read two articles.  The first article was entitled “Same Words, Different Meanings: The Need for Uniformity of Language and Lexicon in Security Analysis and Management” by Andrew Harter (a good friend of mine) published by the Critical Infrastructure Protection Program of the George Mason University School of Law in the monograph entitled Critical Infrastructure Protection: Elements of Risk (prepared by Liz Jackson, another good friend of mine).  Basically, this article is a call to action in the security analysis and risk management community for establishing a common lexicon through voluntary consensus standards.  For those unfamiliar with this issue, Mr. Harter’s article addresses the question “why is a common lexicon needed?” and “what can be done to make progress toward this goal?”   Though one might argue that alternative viewpoints (e.g., a common lexicon is not needed) were not addressed in this article (which is a “hit” on fairness), the point surely rings true to anyone who plays the security risk analysis game.  Imagine how difficult it is to communicate on risk matters when your definition of risk (e.g., potential for harm) doesn’t match well with mine (e.g, loss following an event).  I’ve experienced hours of time wasted due to a simple misinterpretation of language, and nothing is worse than arguing semantics when other more important issues have yet to be resolved.

Some might argue that definitions don’t matter so much.  After all, risk analysis is a decision support activity, and really all that matters is whether we have empowered the decision maker with “decision advantage.” [I borrow this phrase from the Jennifer Sims at Georgetown University as it is applicable to ALL areas where analysis is done, risk and intelligence in particular].  Accordingly, one might accept the definition of risk as “whatever is appropriate for the decision maker at the time.”  But as the author of my second paper, Giovanni Manunta, might argue, while such a vague definition might be useful in the client-analyst context, it is not helpful if one desires to treat risk as a science and methodically study all the different subtopics that fall under the heading of risk analysis (see the very first text block on the Society for Risk Analysis homepage for their definition of what “risk analysis” entails).  A common understanding of the various “words of risk analysis” is needed in order to speak sensibly about the subject within the community of educators, scholars, and practitioners.  (as an aside, see Professor Kristan Wheaton’s blog for an interesting and related discussion entitled “What is Intelligence?“)

The second paper discussed in my class was entitled “What is Security?” by Dr. Giovanni Manunta and published in the Security Journal, Volume 12, Issue 3, pp. 57-66 (http://dx.doi.org/10.1057/palgrave.sj.8340030).  I chose this paper for three reasons.  First, for me it was a great read and why not share with my students papers I find worthwhile.  In fact, many of Dr. Manunta’s monographs are really worth spending some time reading and absorbing if you are in the security profession.  Second, this paper is a nice complement to the first in that it goes into great depth as to why a commonly accepted conceptual definition for security is needed.  Third, this paper actually does a good job of describing the conceptual underpinnings of security by explaining in detail the three required elements of a security context – namely, a Protector (the entity that desires security), a Threat (the entity that challenges the protector’s security), and an Asset (the object of conflict).  The general formula for security, S, is then S=f(P,T,A)Si, where the Si outside of the parenthesis is a variable that accounts for the situational factors underlying the relationship between P, T, and A.  If any one of P, T, or A are absent in a given situation, you do not have a security context, and as such it makes no sense to speak about managing risks.

At this point I finished discussing (as socratically as I could in the time I had available) the two articles.  Throughout I attempted to elicit from students answers to questions centered on Elder and Paul’s Eight Elements of Thought and Intellectual Standards to encourage critical analysis of who the people writing such articles are, their purpose for writing, points of view, concepts, assumptions, etc.  However, I tried not to stretch this discussion out too long given that I already had my students complete a written assignment that systematically addresses the eight elements and intellectual standards.

The next portion of this lecture centered on how risk management fits within the world of security.  Borrowing from Manunta’s Diogenes Paper No. 1 (ISBN: 0-9501575-4-6), I sought to leverage assumed prerequisite knowledge of Venn Diagrams and Set Theory to explain the concepts of Security and Not Security, where Not Security includes Total Insecurity and all degrees between.  The degrees in-between represents a fuzzy-boundary between security and not security, that is, if one accepts that the state of security is actually a fuzzy set.  The Venn diagram I used is shown below, though in class I actually drew it on a Tablet PC.

The point I stressed is as follows: in a security context, a Protector has finite resources to make progress toward an unbounded objective.  This is where risk management comes in – risk management is used to maximize the efficiency of these resources by applying them in such a way that maximizes our progress toward a state of security.  The balance of risk between what we want to achieve and what we can achieve is known as the residual risk.  Ultimately, given the options available to us to reduce risk in light of available resources, we want to minimize the residual risk.  But as Manunta points out in “What is Security?,” security involves risk management, but managing risk doesn’t necessarily guarantee security.  That is, risk management and security are not the same thing.

I ended the lecture with a light hearted game of “Risk Mad Libs.”  First, I offered a generic definition of risk intended to guide us through our thinking in the rest of the course.  The definition is as follows:

Risk: The uncertainty around future events

We discussed what was meant by the word “uncertainty” in this definition, and examined the different types of uncertainty that we often encounter in risk analysis.  This includes the variability associated with one or another event occurring among a set of mutually exclusive (distinct) and collectively exhaustive (complete) alternatives, the incertitude associated with whether elements in our set are relevant or whether our set of alternative events is complete, and the inherent vagueness in what any particular element of the set really means.  Unfortunately, my extemporaneous nature kept me from explaining the remaining two words – “future” and “events,” but if I could go back in time I would stress that risk has to do with the uncertainty in what will happen and not what has already happened, where the future “events” can be described as a situational description (“mom will get sick”) or in terms of some measures (“1 morbidity” and “$10,000 in medical fees”).

Now that we had a definition of risk to work with, I asked students to break into groups and fill in the blank:

____________________ Risk

where the blank can represent practically any word.  My specific instructions were to select one “serious” word and one “silly” word, fill in the blank with each in turn, and in doing so characterize the nature of what is meant by the resulting phrase (i.e., who would care, what are some causes of concern and what are outcomes of concern).  I started with the serious word “information” to form the phrase “information risk.”  Then I moved onto the word “political” followed by the silly word “dog.”  For each we identified someone who might be considered a stakeholder in such a field (e.g., “dog owner” for “dog”), and brainstormed what events could occur (“dog runs away”) and the spectrum of ensuing outcomes (“dog gets hit by car,” “dog bites pedestrian,” “dog comes home”).  In the remaining 2 minutes of class following the exercise, we had some cool responses, including “computer mouse risk,” “environmental risk,” “body odor risk,” etc.   The basic idea here was to enable students to reason out what is meant when you see a phrase such as “financial risk,” and after this lecture I am confident the students can do this.

Next Up

The next lecture stands to be a fun one – the topic is “The Role of the Risk Analyst and Decision Advantage.”  This lecture is the second of 3 “Philosophy of Risk” analysis lectures; after these, we will be way more applied in the classroom setting (something I am sure the students would appreciate).

Send article as PDF to

To follow up on my previous post regarding the work of Peter Sandman, I can’t help but advertise his short, yet important article entitled “Risk Words You Can’t Use” published in the August 2005 issue of The Synergist.  While this article is a quick read, I will distill it down further and caveat some with my personal experience:

• Conservative: To risk people, conservative means an overestimate of risk.  To laypeople, a “conservative” estimate is a low estimate.  So whereas a risk person would use conservative to overstate the risk, a layperson (or perhaps decision maker) may interpret the message to be an understatement of risk, and thereby think that the risk could be much worse.  Now, engineers and scientists understand what is meant by the word “conservative,” as in my “conservative analysis still shows the structure will not fail.”  And fortunately for me, when I described my idea of conservative discounting of expert opinions (to be explained in a later post that I will link to when it is available) I was speaking to an audience of security engineers.  I will keep Sandman’s advice to not use the word conservative when speaking to non-technical audiences, and instead opt for the word “overestimate.”
• Significant/Insignificant:To risk people and statisticians, a significant finding is one that is non-random.  To laypeople, whether an issue is significant depends on their emotions and value structure.  So, to tell people that the terrorism risk is insignificant might not communicate well.  It is true (right now based on our current understanding and situation) that a person’s individual risk to terrorism is very, VERY low, but the outrage is high, and thus the public’s emotional response might label terrorism as a significant threat.
• Positive/Negative: To risk people, a positive relationship means that when one variable goes up, so does the other.  To laypeople, a “positive” relationship is favorable from the point of view of risk.  The same can be said of negative relationships.
• Bias: Bias to a risk person means non random.  Bias to a layperson spells deceit.
• Anecdotal: Anecdotal evidence to a risk person means the evidence is just one sample from a much larger sample space.  Anecdotal to a layperson suggests the evidence is an amusing story.  This word might not bode well when talking about anecdotal evidence on poor public response following a catastrophic event.
• Risk [my personal favorite]: To risk people, the risk associated with a situation describes its probability and the corresponding consequences.  To laypeople, risk usually refers only to the probability component.  In fact, when lecturing on the use of “uncertainty phrases,” I often emphasize that the word “likely” is not an adverb tied to any particular notion, but one that can be used to qualify likeliness, confidence, and risk.  Of course, people probability consider how they feel about a hazard when judging whether the probability, or rather risk to them, is acceptable.  Others, particularly when speaking about finances, use risk to describe uncertainty – the higher the risk, the more uncertain the outcome.  The philosopher Frank Knight sides with these interpretations in his description of “risk proper,” or measurable uncertainty, described in Risk, Uncertainty, and Profit. Most people argue that the only measure of uncertainty, at least when it comes to gambling situations, is probability, so what Knight is suggesting is that assessing “risk proper” is equivalent to a probability assessment.  But Peter Sandman suggests that what people really mean by risk is how outraged they feel about the situation.
• Safe: To risk people, safety is the judgment of risk tolerance.  If we are safe, then the risk does not exceed some threshold value (whether implicit or explicit).  To laypeople, “safe” = “no risk,” that is they treat it as a binary concept – you are either safe or you are not.  Or rather, there is risk or there is not.  I suppose the same reasoning can be extended to the word secure: to risk people, if we are secure, then the residual adversary risk is low enough for us to accept; to laypeople, “secure” = “no harm will come to them” in the event of an attempt.  Relative statements about safety and security are unambiguous though – to say something is more or less safe or secure than another thing is perfectly acceptable.
• Prepared:To be prepared means that we possess the capabilities and vigilance necessary to deal with a hazardous situation when it arises.  To risk people, preparedness is tied to risk acceptability – if we are prepared, then we have the capabilities needed to keep risk overall at an acceptable level.  To laypeople, prepared, like safe and secure, is taken to mean no (or perhaps minimal) harm will come to them.
• Confident: To say to someone else that you are confident when you are merely hopeful is not okay.  In the eyes of laypeople, confident = surety, though perhaps not so much anymore if the word has lost its meaning in the eyes of risk communication consumers.

From my experience, I have five types of phrases to add:

• [Low/Moderate/High] Confidence:Philosophically speaking, to the analyst, anything said with a non-zero degree of confidence implies some degree greater than even odds of being correct.  This means that both “low confidence” and “high confidence” judgments are believed to be the right answer vice any alternative, but “low confidence” statements are afforded less commitment and as such are pegged to a representative probability value closer to 0.5 than a “high confidence” judgment.  To the decision maker, however, the scale may be expanded from a half probability scale to a full probability scale, where the words “low,” “moderate,” and “high” span the entire range.  So when the analyst says something with “moderate” confidence to indicate, say, a 75% chance of being correct, the decision maker might see it as a 50/50 judgment.  I would love to experiment with this to see whether or not what I just described is true.
• “In General”: When mathematicians use the phrase “in general,” they mean what they say applies to all cases.  When lay people use the phrase in general, they mean that what they say is believed to apply to a simple majority of cases.
• Likely, Probable [and other uncertainty phrases]:  To risk people, the word likely conveys some degree of likeliness that exceeds 50%.  To laypeople, likely may communicate likeliness or risk.  In the latter, one might find that something deemed “likely” to a layperson may have an objectively low probability of happening, yet a high enough impact if it does to warrant use of the term in their non-probabilistic minds.  But whoever said words like “likely” and “probable” can only be used in the context of probability theory?  After all, what came first – the word “probable” or the “theory of probability?”
• Likelihood versus Likeliness: To mathematicians, “likelihood” means something very specific.  The likelihood of something in the context of Bayes theorem is the functional expression Pr(B|A) (read as “the probability of B given A) whose input argument is “A.”  That is, the “likelihood” is the hypothetical probability distribution constructed over a space of events conditioned on the occurrence of “A.”  The “likelihood function” or simply “likelihood” L(A|B) is proportional to Pr(B|A).  To non-mathematicians, including most (if not all) dictionaries, “likelihood” describes the notion of chance, where probability is one such measure of likelihood for an event.  According to WordReference.com, the word “likeliness” is an equivalent word for “likelihood,” but doesn’t carry with it all the mathematical baggage that might confuse a mathematician.  This is why I always use the word “likeliness” to characterize the notion of chance instead of “likelihood.”
• Possible: To mathematicians and risk people, a “possible” event is one that carries with it a non-zero probability.  More specifically, a possible event is one that is admitted into the set of alternatives (sample space) for a given question.  To non-mathematicians and laypeople, the word “possible” may be used to describe degree of chance or even risk.  How often have you heard people use possible to convey the likeliness of an event?  I read a study published by Sarah Lichtenstein and J. Robert Newman in 1967 (Psychonomic Science, Vol. 9, No. 10, pp. 563-564) showed that a group of 177 people, when individually asked to place numbers on words that convey uncertainty, could not agree on a probability value for the word “possible.”  The results showed a range of responses spanning probabilities of 0.01 to 0.99, with a median at 0.49.  What does this say?  To me this study makes my point – possible means that the probability is greater than 0, but we don’t know where.  But it also says that, at a micro level, possible might actually assign a value to possible.  Fortunately, the word “impossible” does not suffer the same ambiguity.

I am curious to hear your thoughts on these and other words that we should be careful about using in the context of risk communication, or “analytic communication” for that matter.

Send article as PDF to