a threat to our system. No threat actor is involved for this type of threats.
The term threat actor is used to indicate an individual or a group that can manifest a threat. When analyzing security risk, it is fundamental to identify who could want to exploit the vulnerabilities of a system, and how they might use them against the system.
Definition 2.35 (Threat actor)
An individual, a group or a thing that acts, or has the power to act, to cause, carry, transmit, or support a threat.
A threat actor is sometimes called a threat agent. An example of a threat agent is a hacker who breaks into computers, usually by gaining access to administrative controls.
To cause harm, a threat agent must have the intention, capacity, and opportunity to cause harm. Intention means the determination or desire to achieve an objective. Capacity refers to the ability to accomplish the objective, including the availability of tools and techniques as well as the ability to use these correctly. Opportunity to cause harm implies that the asset must be vulnerable to attack.
Vulnerability may be defined as follows:
Definition 2.36 (Vulnerability)
A weakness of an asset or control that can be exploited by one or more threat actors.
A vulnerability is a characteristic or state of the asset that allows a threat actor to carry out a successful attack. The weakness may have been introduced during design, installation, operation, or maintenance.
Vulnerability refers to the security flaws in a system that allow an attack to be successful. These weaknesses may be categorized as physical, technical, operational, and organizational. A vulnerability in security terms can be, for example, an unlocked door, allowing unauthorized people to access a computer that is not protected by a password. We can see that a vulnerability in many respects can be compared to what we would call “lack of” or “weak” barriers when we are talking about risk.
Vulnerability is also used in relation to safety, but then more as an opposite to resilience (see next section). Security and security assessment are discussed in more detail in Chapter 17.
2.6.4.1 An Illustration
Figure 2.7 shows that a threat agent may use a threat to launch an attack intended to exploit a vulnerability in the system. If the vulnerability is “penetrated” a hazardous event will occur. The threat actor may in some cases get information about vulnerabilities in the system and choose the type of threat that most likely will make the attack successful (from her point of view).
2.6.5 Resilience
Resilience is in many respects the opposite of vulnerability. Foster (1993) defines resilience as:
Definition 2.37 (Resilience)
The ability to accommodate change without catastrophic failure, or the capacity to absorb shocks gracefully.
The word resilience conveys the ability to recover and to be brought back into shape or position after being stressed. Resilience is a broader term than robustness, which is a static concept that is basically synonymous with damage tolerance. In addition to the ability to withstand damage, resilience also has a dynamic component, that is, adaptation to a new situation. Resilience is therefore a pervasive property that influences a system's response to a wide range of stressors and threats (e.g. see Rosness et al. 2004 ; Hollnagel et al. 2006).
2.7 Problems
1 2.1 Describe the main difference between the concepts of hazard and threat.
2 2.2 What is the difference between a probability and a frequency?
3 2.3 In Table 2.1 , various uses of the word “risk” from media are shown. Look at the statements and see if risk should be replaced with another term if we were to apply the definitions used in this book.
4 2.4 Search for the term “hazard” on the Internet and see if it is used in accordance with our definition.
5 2.5 List the possible failure modes of the driver's door on a modern car.
6 2.6 Start with the following situation: You are cycling down a steep road at high speed and approach a major crossing road. Describe a few possible accident scenarios that can develop from this situation. What are the hazards, initiating events and enabling events and conditions in the scenarios that you have described?
7 2.7 Consider the following events related to a ship:The ship hits an obstruction.The crew abandons ship.The captain of a ship is planning a voyage and fails to identify an obstruction in the planning process.The ship sets sail from port.The ship starts sinking.All crew drowns.During the voyage, the person on the bridge of the ship falls asleep.(a) Order these events into a logical accident scenario.(b) Use the definitions of hazardous event and initiating event and identify the steps in the sequence that could be classified as hazardous events and initiating events. Different answers may be relevant, but provide arguments for why you choose as you do.
8 2.8 In this chapter, reference accident scenario, worst‐case accident scenario, and worst credible accident scenario are defined.(a) What are the differences between these three?(b)b Do you see any challenges in defining these scenarios in a practical case?
9 2.9 What are the differences between the two concepts robustness and vulnerability?
10 2.10 There are numerous definitions of the word “risk” and Section 2.2 provides a definition and lists some alternatives. Compare the alternative definitions of risk provided and see how they differ from the definition used in the book.
11 2.11 Search the Internet for the word “risk” to see how this is used in different contexts, e.g. in media, and how the everyday use of the word compares to the formal definition. Some examples to look for are situations where risk is used synonymous with hazard, safety performance, and frequency.
12 2.12 Compare the terms incident and hazardous event and discuss the similarities and differences between these terms. Use practical examples and discuss the terms based on these rather than discussing purely from a theoretical viewpoint.
13 2.13 Assume that a bicycle has a brake system with a handle on the handlebars, a wire running from the handle to the brake pads, and finally brake pads that make contact with the wheel when the handle is pulled. Identify relevant failures, failure modes, and failure mechanisms for the brake system. Classify the failures according to the cause of the failure and the degree of the failure.
14 2.14 Consider
