Professional Documents
Culture Documents
RISK Terminologies: T C V R
RISK Terminologies: T C V R
T C V R
RISK
THREAT
CONSEQUENCE and
VULNERABILITY
(A) RISK ASSESSMENT
COMPONENTS:
(I) THREAT
(II) CONSEQUENCE AND
(III) VULNERABILITY
THREAT
THE PROBABILITY/LIKELIHOOD THAT AN AUI IS ATTEMPTED, BASED ON
AN ADVERSARY’S - INTENTION AND CAPABILITIES
I Cp
INTENT
ADVERSARY’S INTENTION
• KNOWLEDGE OF TARGET
• LOCAL SUPPORTS
• KNOWLEDGE OF TARGET
(I) THREAT
(II) CONSEQUENCE AND
(III) VULNERABILITY
Consequences assessment
• Worst case consequences of the successful attack scenario – short
term, long term.
• In terms of: Human, Psychological, Reputational, Disruptive (airspace,
confidence), Economic
Contributors:
• Asset owners (airport, airline)
• Subject matter experts
Consequences scoring
Rating Human Economic Other
LOW Possibly some death and Some economic impact Some disruption to
injuries services and confidence in
the aviation system
Risk register
(I) THREAT
(II) CONSEQUENCE AND
(III) VULNERABILITY
vulnerability assessment
Identify and assess the effectiveness of all existing mitigations
• Physical
• Procedural
• Personnel
• Equipment (lack or malfunctioning)
• IT
• Analysis of NCASP and other programmes
• Analysis of QC programmes
vulnerability assessment
Identify and assess the effectiveness of all existing mitigations
• Review of technological capabilities
• Info from other sources
• Pre-airport
• At airport
• Inflight
• Incident response
HIGH No mitigating measures are in general effect – no realistic effective measures are
available
MEDIUM Mitigation has a limited scope or are immature or partially effective – capability of
further development or implementation in practice
LOW Mitigation measures generally regarded as effective and are in widespread use
Risk register
HIGH May require immediate action in the form of countermeasures and emergency
procedures – tolerance to this level of risk is unlikely
• Justify priorities
Decisions:
• Whether further research on a risk assessment component is
necessary
• Whether a risk needs mitigation
• The priorities for mitigation
• Whether an activity should be undertaken
• Which of the mitigations should be followed
RISK TOLERANCE
Risk
Acceptable Unacceptabl
Level e Level
ROOT CAUSE ANALYSIS
• Lack of Knowledge
• Lack of resources
• Lack of infrastructure
• Lack of will
RISK MITIGATION
Mitigation options:
• Prevent (fence)
• Detect (CCTV)