“Risk differs from uncertainty in that risk may be measured and managed whereas uncertainty may not. Risk management efforts hinge on this important distinction because it highlights differences where a team may be more proactive. For instance, many vulnerabilities are known, hence they may be measured and managed whereas the threats to a systems contain a greater degree of uncertainty in that the threat environment contains numerous elements such as threat actors that one’s organization can not directly control.”
Page 2 of 2 | Previous page
Fabius Maximus:
May 25th, 2007 at 2:41 am
Astonishing that the meaning of risk and uncertainty remains unclear to so many professionals for whom the distinction is vital.
The distinction is old. Modern analytical treatment perhaps starts with Frank H. Knight’s 1921 treatise “Risk, Uncertainty and Profit.”
The most widely know definitions are those of John Maynard Keynes:
“By `uncertain’ knowledge, let me explain, I do not mean merely to distinguish what is known for certain from what is only probable. The game of roulette is not subject, in this sense, to uncertainty…The sense in which I am using the term is that in which the prospect of a European war is uncertain, or the price of copper and the rate of interest twenty years hence…About these matters there is no scientific basis on which to form any calculable probability whatever. We simply do not know.”
For a brief history of economic work on risk and uncertainty see:
http://cepa.newschool.edu/het/essays/uncert/intrisk.htm
Fabius Maximus:
May 25th, 2007 at 3:33 pm
The above quote is from Keynes’ great “General Theory” paper of 1937.
Bob Hodges:
May 25th, 2007 at 9:04 pm
Treverton’s distinction was addressed by Malcolm Gladwell int eh New Yorker in January:
http://www.newyorker.com/reporting/2007/01/08/070108fa_fact_gladwell