A study on the influence of uncertainties in physical security risk analysis

In security risk analysis and assessment, uncertainties regarding occurring threats, consequences and the capabilities of security systems to mitigate vulnerability are enormous. Although some quantitative approaches exist in security risk analysis that allow the consideration of these uncertainties, most practical assessments are based on expert knowledge in semi-quantitative or qualitative models. This paper presents a study on the influence of uncertainties in physical security risk analysis using the example of a semi-quantitative risk assessment of a notional production infrastructure. Therefore, a procedure is suggested as a systematic approach to transfer differing expert ratings into a pdf-based description for a quantitative approach. The influences of uncertainties on the exemplary assessment are calculated and discussed regarding the validity of the results. To visualize these results and to support the decisionmaking process, a three-dimensional risk matrix is proposed.