DCHAS-L Archives, Oct 17 2019 - Re: [DCHAS-L] Validity of the risk matrix

About This Archive \|	DCHAS-L 2019 Index \|	DCHAS-L Yearly Index
Search All Posts: Advanced Search Disclaimer

person wearing a disposable face shield and surgical style mask

Check out Safety Emporium for your N95, N99, and face shield needs.

Previous by Date:
Subject: [DCHAS-L] LD50 Source Data
Date: Thursday, October 17, 2019 at 5:06:28 PM
Author: Nora Dunkel <noradunkel51**At_Symbol_Here**WEBSTER.EDU>

Next by Date:
Subject: [DCHAS-L] (Anouncement) - Turkish REACH By-Law KKDIK
Date: Fri, 18 Oct 2019 07:40:07 +0000
Author: Selcuk Bilgin

From: Kim Jeskie <jeskiekb**At_Symbol_Here**COMCAST.NET>
Subject: Re: [DCHAS-L] Validity of the risk matrix
Date: Thu, 17 Oct 2019 17:08:23 -0400
Reply-To: ACS Division of Chemical Health and Safety <DCHAS-L**At_Symbol_Here**PRINCETON.EDU>
Message-ID: A051C7B1-45C4-43D4-896A-6BD15347662A**At_Symbol_Here**comcast.net
In-Reply-To

So at the risk of throwing my IT friends under the bus, I agree with the author on his conclusion, but maybe not the way he came to the conclusion. There are different types of threats faced by the IT world. Some have probabilities that are much better defined than others - e.g. how often do certain types of network switches of a certain manufacturer with a certain type of data flow fail? For those things, the industry really needs to move on past the basic risk matrix, because they have better data now. There's also a resilience question that needs to be answered for some things - for instance, if you have a failure, what impact will it have on the end user? If the answer is unacceptable, you have to add mitigating factors to increase your ability to bounce back (resilience). You start the conversation with a basic risk matrix, but then you move on to other tools to help evaluate failure modes. Now, the throwing them under the bus part-parts of the industry just aren't that good at this yet. The technologies have been moving so fast and the threats have been evolving so quickly that they are having difficulty evolving the risk methods described in their consensus standards. The information protection part of the industry that he describes in the essay is in my opinion one of the least defined parts of this industry.

Kim

On Oct 17, 2019, at 9:58 AM, David C. Finster <dfinster**At_Symbol_Here**WITTENBERG.EDU> wrote:

While stumbling around the web with regard to thinking about the risk matrix, I came upon an article that questioned its value:

https://medium.com/**At_Symbol_Here**JornMineur/why-the-risk-matrix-must-die-620a7287e7c

The essence of the argument, I think, is that estimates of probability are very unreliable. I'd appreciate the wisdom of the list regarding this essay and its conclusion.

Dave

David C. Finster
Professor Emeritus, Department of Chemistry
Wittenberg University

--- For more information about the DCHAS-L e-mail list, contact the Divisional membership chair at membership**At_Symbol_Here**dchas.org Follow us on Twitter **At_Symbol_Here**acsdchas

Previous post | Top of Page | Next post

The content of this page reflects the personal opinion(s) of the author(s) only, not the American Chemical Society, ILPI, Safety Emporium, or any other party. Use of any information on this page is at the reader's own risk. Unauthorized reproduction of these materials is prohibited. Send questions/comments about the archive to secretary@dchas.org.
The maintenance and hosting of the DCHAS-L archive is provided through the generous support of Safety Emporium.