|•||Establishing and trying to quantify threat likelihood|
|•||Setting risk acceptance criteria|
|•||Establishing how much risk is likely to be reduced as a result of new security measures|
There is also a tendency to neglect costs and to engage in conceptual clutter.
This chapter considers these issues. It then presents and explains the approach to risk analysis that we will apply throughout the book.
A recent book by Gregory Treverton, a risk analyst at the RAND Corporation whose work we have found highly valuable at various points in this study, contains a curious reflection:
When I spoke about the terrorist threat, especially in the first years after
2001, I was often asked what people could do to protect their family and