摘要:Sources of risk. Threats, hazards, exposures, vulnerabilities, opportunities, or circumstances which cause a risk event.风险来源。导致风险事
Bow Tie Structure Example 领结图结构示例
风险来源。导致风险事件的威胁、危害、暴露、脆弱性、机会或情况。Likelihood controls. Measures to reduce the likelihood of negative risk events or increase the likelihood of positive events.
可能性控制。减少负面风险事件可能性或增加正面事件可能性的措施。Likelihood escalation factors. Elements that might change the effectiveness of likelihood controls.
可能性升级因素。可能改变可能性控制有效性的要素。Likelihood escalation controls. Resources, risk treatments, mitigations, or barriers that affect or manage escalation factors.
可能性升级控制。影响或管理升级因素的资源、风险处理、缓解措施或障碍。Event(s). Incident(s) or risk event(s) which may occur as a result of the sources of risk and could impact on objectives.
事件。可能因风险源而发生并可能影响目标的事件或风险事件。Consequence controls. Measures to support or change the consequences of the risk event(s).
后果控制。支持或改变风险事件后果的措施。Consequence escalation factors. Elements that through cascading or cumulative effects could lead to changes in the effect of consequence controls.
后果升级因素。通过级联或累积效应可能导致后果控制效果变化的元素。Consequence escalation controls. Resources, risk treatments, mitigations, or barriers that modify the effect of escalation factors.
后果升级控制。修改升级因素影响的资源、风险处理、缓解措施或障碍。Consequences. Outcome(s) of a risk event that could affect objectives.
后果。可能影响目标的风险事件的结果。
Factory Fire Example 工厂火灾示例
Bow-ties are not a universal panacea, but they have practical benefits, including many we find in only a few methodologies:
领带结(分析法)并非万能良药,但它们具有实际益处,包括一些仅在少数方法论中发现的优点:
可重复。一种稳健且一致的方法,用于记录现有控制措施并将其与所应对的风险相关联。Integrated. A framework where risks and management procedures can be linked and compared.
集成。一个可以将风险和管理程序联系起来并进行比较的框架。Causal. Highlighting causal links between risks, controls, sources, events, and potential consequences.
因果性。突出风险、控制措施、来源、事件和潜在后果之间的因果关系。Systems and gap analysis. Facilitates identification of deficiencies or missing risk controls.
系统和差距分析。有助于识别缺陷或缺失的风险控制。Visual. Risks are easily communicated and understood at all levels of an organization.
可视化。风险在组织的各个层级中易于沟通和理解。Complementary. Aligns with and complements other methodologies such as Likelihood and Consequence Management, P2R2, Swiss Cheese, and Root Cause Analysis.
互补性。与可能性及后果管理、P2R2(预防/准备/响应/恢复)、瑞士奶酪模型及根本原因分析等其他方法论相协调并补充。Aligned with better practice methodologies to support management decision-making and evaluation of risks.
与更好的实践方法保持一致,以支持管理决策和风险评估。Adequacy of Existing Controls. Existing Controls are identified, listed, and linked to specific threats and can be assessed by their effectiveness.
现有控制的充分性。现有控制措施被识别、列出,并与特定威胁相关联,可通过其有效性进行评估。Scenario-modeling. Typical scenarios and relationships can be depicted on the pre-event side (left side) of the BowTie diagram.
情景建模。典型情景和关系可以在领结图的事件前侧(左侧)进行描绘。Vulnerabilities. BowTie can highlight areas where controls are poor.
漏洞。BowTie 可以突出显示控制薄弱的区域。Audit. BowTie diagrams can show auditors and managers the conceptual application of management systems.
审计。领结图可以向审计员和管理者展示管理系统的概念应用。Defining. Define the meaning and relative roles of key terms.
定义。定义关键术语的含义和相关角色。
-未完待续-
摘录自Risk BowTie Method
来源:随心优选
免责声明:本站系转载,并不代表本网赞同其观点和对其真实性负责。如涉及作品内容、版权和其它问题,请在30日内与本站联系,我们将在第一时间删除内容!
