Journal of Loss Prevention in The Process Industries, Vol.49, 509-518, 2017
Issues for security risk assessment in the process industries
The safety risks of accidents in process plants usually are managed with some form of risk assessment. Similarly, the security risks of malevents, that is deliberate actions to cause harm, also are managed with risk assessment. However, security risks differ in various ways from safety risks and security risk assessment poses special challenges. Current methods for security risk assessment in the process industries use approaches that are seriously flawed. This includes methods incorporated into several industry standards that employ risk scoring methods such as risk matrices. Issues that affect security risk assessment are identified and discussed in this article in order to provide a set of criteria that can be used to judge the adequacy of security risk assessment methods. A number of recommendations are made to address the issues and several questions are posed for future study. (C) 2017 Elsevier Ltd. All rights reserved.
Keywords:Security risk assessment;Security vulnerability analysis;Threat event;Threat scenario;Risk scoring;Risk matrices