"Corporate America quantifies risks based on mathematical statistics, and for lesser known events, on probabilistic modeling. As both producers and consumers of abundant risk management data, corporations excel at analyzing the effects of threats and vulnerabilities that have been previously observed and for which abundant and well-controlled data is available. This private sector experience and expertise could be of use to the Federal government as it meets the current challenge of capturing an abundance of data across a nearly endless spectrum of plausible risks, and then assessing and managing that data in a timely and efficient manner. This report will delineate three key findings, the first of which are the practices of risk quantification and modeling. Today, a substantial number of risk quantification models and methods exist. The National Infrastructure Advisory Council (NIAC) focused on the models and methods that present the most applicability to critical infrastructure protection. The second focus of this report is risk tolerance and risk acceptance. There is very little utility in developing mature, complex national risk management models and the supporting infrastructure without a clear understanding of the nation's tolerance for risk. The Council does not intend to advise the government on risk tolerance that is a national policy question. This report does however, identify a need for a national discussion on risk acceptance and risk tolerance. Such a discussion is critical for the implementation of all subsequent recommendations provided in the report."
National Infrastructure Advisory Council: http://www.dhs.gov/xprevprot/committees/editorial_0353.shtm