IIC Journal of Innovation 20th Edition Trustworthy July 2022, 20th Edition | Page 25

addressed with traditional risk management . Resilience management includes a number of principles and approaches that can be used in conjunction with risk management and systems theory techniques in order to increase the trustworthiness of a system .
The goal is to ensure that unacceptable losses do not occur and that hazards that can lead to losses are eliminated , mitigated or controlled . A hazard is defined here as “ A system state or set of conditions that , together with a particular set of worst-case environment conditions , will lead to an accident ( loss )” 5 . Traditional risk management techniques can help achieve the goal , as can system theory analysis 6 and resilience engineering .

2 TRADITIONAL RISK MANAGEMENT

To understand the need for systems theory and resilience it is first necessary to understand traditional risk management and its limitations .
The IIC defines risk as the “ effect of uncertainty on objectives ”, deriving the definition from ISO / IEC 27000 7 . Another definition of risk commonly used is that risk is the “ combination of the probability of occurrence of harm and the severity of that harm ” 8 . Risk analysis can be described as answering three questions 9 , 10 , 11 :
1 . What can go wrong ? 2 . How likely is it ? 3 . What would be the consequences ?
Quantitative risk analysis is an approach that associates consequences such as the death of a person , for example , with the likelihood or probability . This approach works best when it is possible to determine meaningful probabilities and to value consequences .
One way to determine probabilities is by frequency analysis . If an event occurs repeatedly over time , it is possible to use the historical data to obtain frequencies of occurrence and determine a probability distribution . This is possible for events for which there is data such as automobile
5
Nancy G Leveson , Engineering a Safer World . ( Cambridge : The MIT Press , 2016 ), http :// www . oapen . org / download ? type = document & docid = 1004042 .
6
Leveson .
7
“ ISO / IEC 27000:2018 ( E ) Information Technology — Security Techniques — Information Security Management Systems — Overview and Vocabulary , 5th Edition ,” 2018 , https :// www . iso . org / standard / 73906 . html .
8
“ ISO / IEC Guide 51 Safety Aspects - Guidelines for Their Inclusion in Standards , Third Edition ,” April 1 , 2014 , https :// www . iso . org / standard / 53940 . html , see definition 3.9 .
9
Jan-Erik Holmberg , “ Quantitative Risk Analysis ,” in Handbook of Safety Principles .
10
Risto Tiusanan , “ Qualitative Risk Analysis ,” in Handbook of Safety Principles .
11
Much of this section is derived from the previous two references . 20
July 2022