Glossary and Abbreviations
The following terms and abbreviations are used throughout the text. Citations and sources are included where appropriate.
| ALARP | As low as reasonably possible. A level after which it would be too expensive or disruptive to reduce the risk any further. |
| Downside risk | A risk that would hinder your objectives. |
| HSE | Health, Safety and Environment. Sometimes HSSE to include security. |
| Impact | The effect a risk source would have on your objectives. Effect or consequence are often used as synonyms. |
| KISS | Keep it stupid simple. The principle that systems work best when they are as simple as possible. Attributed to Lockheed engineer Kelly Johnson. |
| Likelihood | “The chance of something happening” (ISO). |
| Opportunity | The source of an upside risk. |
| Risk | “The effect of uncertainty on objectives” (ISO). Risks can have a positive or negative effect – see upside and downside risks. |
| Risk appetite | The amount of risk an organization is comfortable with on a day-to-day basis or the amount of upside risk that it wants to pursue. |
| Risk tolerance | The amount of risk an organization can bear for a short period of time. |
| Threat | The source of a downside risk. Hazard can be used synonymously. |
| Upside risk | A risk that would support your objectives. |
| Vulnerability | An absence of or weakness in controls or defenses designed to prevent a threat from causing an impact. A low vulnerability indicates comprehensive protective measures are in place. Exposure is used synonymously in some cases. |