Security has not remained at the sidelines of the development of scientific methods. The application of science to improve security is not restricted to the technological field (alarms, armoring, sensors, video devices, etc). In fact, as it delves into logical and psychological security, several scientific methods had been applied in a similar way as it is done in other sciences.
One of the scientific developments that has had more diffusion consists in the combination of methods such as statistics and probability in order to measure, through a matrix diagram, the frequency, impact, and effects of a possible casualty. When there is a specific objective that must be protected for a certain period of time, it makes possible the design of security policies for that objective, using a seemingly incontrovertible scientific basis. This has led to the creation of approaches such as the Mosler method, among others.
When an expert in security is asked about risk prevention systems as well as protective systems for people and goods, this expert has to work methodically in order to achieve a correct assessment.
By using the Mosler method, applied to analyse and classify risks, and whose objective is to identify, study, and evaluate the factors that may influence the occurence of those risks, it is possible to make an evaluation adapted to them.
The four phases of the Mosler method are:
Phase 1: DEFINITION OF RISKS
In order to carry out this phase it is necessary to define what risks may affect the area we want to protect (investment, information, risks of accidents, or any other risk that may occur), making a list of each case, which shall be taken in consideration as long as the conditions do not change (life cycle).
Phase 2: RISKS ANALYSIS
A set of coefficients (criteria) are used in this analysis:
Criterion of function (F)
It measures the negative consequences or damage that may alter the activity. The consequences have an associated score, from 1 to 5, that ranges from “very slightly” to “very bad”:
- Very bad (5)
- Gravely (4)
- Moderately (3)
- Mildly (2)
- Very slightly (1)
Criterion of substitution (S)
It measures how easily goods can be substituted in case that any of the risks occur, and whose consequences have an associated score from 1 to 5, that ranges from “very easily” to “very difficult”.
- Very difficult (5)
- Hardly (4)
- Without much difficulty (3)
- Easily (2)
- Very easily (1)
Criterion of profundity or disturbance (P)
It measures the disturbances and psichological effects in relation to the occurrence of any of the risks (it measures the image of the firm), and whose consequences have an associated score from 1 to 5, that ranges from “very slight” to “very serious”.
- Very serious disturbances (5)
- Serious disturbances (4)
- Limited disturbances (3)
- Slight disturbances (2)
- Very slight disturbances (1)
Criterion of extending (E)
It measures the extent of the damages in case that a risk of geographical level occurs, and whose consequences have an associated score from 1 to 5, that ranges from “individual” to “international”.
- International in nature (5)
- National in nature (4)
- Regional in nature (3)
- Local in nature (2)
- Individual in nature (1)
Criterion of agression (A)
It measures the probability that the risk appears, whose consequences have an associated score from 1 to 5, that ranges from “very low” to “very high”.
- Very high (5)
- High (4)
- Average (3)
- Low (2)
- Very low (1)
Criterion of vulnerability (V)
It measures and analyses the possibility that, given the nature of the risk, this in effect can cause damages, and whose consequences have an associated score from 1 to 5, that ranges from “very high” to “very low”.
- Very high (5)
- High (4)
- Average (3)
- Low (2)
- Very low (1)
Phase 3: EVALUATION OF RISKS
On the basis of the analysis (phase 2), the results are calculated using the following equations:
Calculation of the risk character “C”:
This is done with the data obtained, applying:
I. Importance of the event
I= F x S
D. Damages suffered
D= P x E
Risk C= I + D
Calculation of the probability “Pb”:
This is done with the data obtained from the second phase, applying:
A: Criterion of agression
V: Criterion of vulnerability
Probability Pb= A x V
Quantifying the risk concerned “ER”:
This is obtained multiplying the values of “C” and “Pb”.
ER = C x Pb
Phase 4: CALCULATION AND CLASSIFICATION OF RISKS
It is important to understand that, even if the results are numeric, this scale is QUALITATIVE.
Calculation of the risk classification:
One of the scales that can be used is the following:
SCORE |
RISK |
1 – 250 | Very low risk |
251 – 500 | Low risk |
501 – 750 | Average risk |
751 – 1000 | High risk |
1001 – 1250 | Very high risk |
Other experts take in account different scales, for example:
SCORE |
RISK |
1 – 200 | Low risk |
201 – 600 | Average risk |
601 or more | High risk |
Source: Foro de Profesionales Latinoamericanos de Seguridad (Latin American Security Professionals Forum)
Write a comment