The literature of risk analysis is replete with misleading definitions of vulnerability. Of particular concern is the definition of risk as the multiplication of impact, vulnerability, and threat. Our quest to measure risks to critical infrastructures of terrorist attacks and natural disasters, we must account for the fundamental characteristics of the system. In the parlance of systems engineering, this means that we must rely on the building blocks of mathematical models, focusing on the use of state variables. For example, to control the production of steel, one must monitor the states of the steel at any instant—its temperature and other physical and chemical properties. To know when to irrigate and fertilize a farm to maximize crop yield, a farmer must assess the soil moisture and the level of nutrients in the soil. To treat a patient, a physician first must know the temperature, blood pressure, and other states of the patient’s physical health. State variables should also be used to constitute the building blocks for intelligence collection and analysis to counter terrorism to infrastructure systems. To relate the centrality of state variables in intelligence analysis to countering terrorism, it is important to define the following terms (Haimes, 2004), which broadly apply to risk analysis: Vulnerability is the manifestation of the inherent states of the system (e.g., physical, technical, organizational, cultural) that can be
[1]
Y. Haimes.
Risk Modeling, Assessment, and Management: Haimes/Risk Modeling, Assessment 2e
,
2005
.
[2]
Shin Ta Liu,et al.
Risk Modeling, Assessment, and Management
,
1999,
Technometrics.
[3]
S. Walden.
Total Risk Management
,
1999
.
[4]
Jennifer L. Hartnett,et al.
Managing Quality: The Strategic and Competitive Edge
,
1988
.
[5]
R. Keeney,et al.
Acceptable Risk
,
1986,
IEEE Transactions on Reliability.
[6]
S. Kaplan,et al.
On The Quantitative Definition of Risk
,
1981
.