3. Turning again to the NIST Guide, the document provides an example of how the probability intervals may be interpreted numerically. In section 3.7.1, it defines “High” probability as 100%, “Medium” probability equals 50%, and “Low” equals 10%. There are three problems with this approach. First, not all probability values are covered by this interval scale. The probability that the probability values captured by the interval scale are accurate is low. In other words, for each of the outcomes we want to measure, the probability that the outcome’s probability will be either 100%, 50%, or 10% is very low. If the actual probability values for the outcomes we want to measure are something different, the NIST example can’t accommodate them as-is. Second, the scale is asymmetric insofar as it captures the probability of events that are certain to happen (events with a 100% probability), but not events that are certain not to happen (events with a 0 probability). Third, the idea that any risk could have a probability of 100% is a contradiction in terms, since by definition risk involves uncertainty. In other words, if the probability that an event will happen is 100%, that event is not a risk!
(to be concluded in part 3)
Popularity: 18%
