Functional quantitative security risk analysis (QSRA) to assist in protecting critical process infrastructure

Mark Adrian van Staalduinen, Faisal Khan*, Veeresh Gadag, Genserik Reniers

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

30 Citations (Scopus)


This article proposes a quantitative security risk assessment methodology that can assist management in the decision-making process where and when to protect critical assets of a chemical facility. An improvement upon previous work is the approach of conducting concurrent Threat and Vulnerability Assessments, as opposed to a sequential approach. Furthermore, this method introduces a Bow Tie risk model mapped into a Bayesian Network model that allows for various logical relaxation assumptions to be applied. Different uncertainty relaxation approaches such as “Noisy-OR” and “Leaky Noisy-OR” and “Noisy-AND” are tested to improve Threat and Vulnerability likelihood. Finally, integrating threat/vulnerability likelihood with potential losses, the security risk is quantified. The potential security countermeasures are characterized into either decreasing vulnerability or decreasing threat likelihood and are reassessed considering a cost analysis. A theoretical case study is conducted to exemplify the execution and application of the proposed method.

Original languageEnglish
Pages (from-to)23-34
Number of pages12
JournalReliability Engineering & System Safety
Publication statusPublished - 2017


  • Bayesian network
  • Bow-Tie risk model
  • Quantitative security risk analysis


Dive into the research topics of 'Functional quantitative security risk analysis (QSRA) to assist in protecting critical process infrastructure'. Together they form a unique fingerprint.

Cite this