A quantitative risk model for a uniform description of safety and security

A mathematical framework is presented that allows to describe quantitatively and in an integrative way the risk of safety and security constellations. Thereby, great importance is attached to a clear notation with a sound semantics. Based on a role model with the three roles »source of danger«, »subject of protection« and »protector«, risk is modelled quantitatively using statistical decision and game theory. Uncertainties are modelled based of probability distributions, whereupon probability is interpreted in a Bayesian context as a degree of belief DoB. The set D of sources of danger is endowed with a DoB-distribution describing the probability of occurrence. D is partitioned into subsets that describe dangers which are due to random causes, carelessness and intention. A set of flanks of vulnerability F is assigned to each subject of protection. These flanks characterize different aspects of vulnerability concerning mechanical, physiological, informational, economical, reputational, psychological, ... vulnerability. The flanks of vulnerability are endowed with conditional DoBs that describe to which degree an incidence or an attack will be harmful. ... mehrAdditionally, each flank of vulnerability is endowed with a cost function that quantifies the costs which are charged to the subject of protection, if it is affected by a harmful incidence or attack. With these ingredients the risk for the subject of protection can be quantified based on an ensemble functional with respect to all sources of danger and to all flanks of vulnerability. Depending of the respective subset of dangers such a functional is an expectation (case of random causes and carelessness) or a selection operation (case of intention), where in the latter case the attack will presumably take place at the weakest flank of vulnerability. The calculated risk can be opposed to the cost of protection measures that are offered by the protector in order to foster an effective and economical invest decision. From an attacker’s point of view a utility function is formulated which a rational attacker presumably would use to evaluate his cost-benefit ratio in order to decide whether he attacks and which of his options he exercises. The challenges of the approach are the determination of the cost functions and especially the estimation of the probabilities (DoBs) of the model. The model can be used to simulate and evaluate the endangerment of subjects of protection quantitatively.