(1) Risk is a measure of the potential inability to achieve overall program objectives within defined cost, schedule, and technical constraints and has two components:
- The probability (or likelihood) of failing to achieve a particular outcome and
- The consequences (or impact) of failing to achieve that outcome. (DAU, 2003)
(2) In the domain of catastrophic risk analysis, such as for terrorist attacks or natural disasters, risk has three components:
- Threat (the probability that a specific target is attacked in a specific way during a specified period)
- Vulnerability (the probability that damage occurs given a threat), and
- Consequence (the magnitude and type of damage resulting from an attack or disaster). (Willis et al. 2005)
(1) Conrow, E. 2008. Risk Analysis for Space Systems. Paper presented at Space Systems Engineering and Risk Management Symposium, 27-29 February, 2008, Los Angeles, CA, USA.
(1) DAU. 2003. Risk Management Guide for DoD Acquisition: Fifth Edition. Ft. Belvoir, VA, USA: Defense Acquisition University (DAU)/U.S. Department of Defense, Fifth Edition, Version 2.
(2) Willis, H.H., A.R. Morral, T.K. Kelly, and J.J. Medby. 2005. Estimating Terrorism Risk. Santa Monica, CA: The RAND Corporation, MG-388.
Definition (1) or related definitions are in widespread project risk management use. The definition has been extended to include time-frame. Definition (2) or related definitions are in widespread use for catastrophic risk analysis (e.g., threat, disaster, information assurance). Definition (1) defines risk in terms of probablity of occurrence, consequence of occurrence, and time-frame; all of which are measurable. Likewise, definition (2) defines risk in terms of threat, vulnerability, and consequence of occurrence; all of which are measurable.
Please provide your comments and feedback on the SEBoK below. You will need to log in to DISQUS using an existing account (e.g. Yahoo, Google, Facebook, Twitter, etc.) or create a DISQUS account. Simply type your comment in the text field below and DISQUS will guide you through the login or registration steps. Feedback will be archived and used for future updates to the SEBoK. If you provided a comment that is no longer listed, that comment has been adjudicated. You can view adjudication for comments submitted prior to SEBoK v. 1.0 at SEBoK Review and Adjudication. Later comments are addressed and changes are summarized in the Letter from the Editor and Acknowledgements and Release History.
If you would like to provide edits on this article, recommend new content, or make comments on the SEBoK as a whole, please see the SEBoK Sandbox.