The Concepts of Risk, Safety, and Security: A Fundamental Exploration and Understanding of Similarities and Differences

When discussing the concepts of risk, safety, and security, people have an intuitive understanding of what these concepts mean and to a certain level, this understanding is universal. However, when delving into the meaning of the words and concepts in order to fully understand all their aspects, one is likely to fall into a semantic debate and ontological discussions. As such, this chapter explores the similarities and differences behind the perceptions to come to a fundamental understanding of the concepts, proposing a common semantic and ontological ground for safety and security science, introducing a deﬁnition of objectives as a central starting point in the study and management of risk, safety, and security.


Introduction
Risk and safety are often proposed as being antonyms, but more and more understanding grows that this is only partially true and not in line with the most modern, more encompassing views on risk and safety [1][2][3][4].Likewise, safety and security are often seen as being completely different fields of expertise and study, separated from each other, while other views might more underline the similarities that are to be found between the two concepts and how they can be regarded as being synonyms [6].
So, how do these concepts relate to each other?How can a contemporary and inclusive view on risk, safety, and security help in understanding and in dealing with the issues related to these concepts?

The Concepts of Risk, Safety, and Security
Perceptions and awareness regarding the concepts of safety, security, and risk have evolved in recent years from a narrow and specialist perspective to a more holistic view on, and approach toward the related issues.However, this understanding is not necessarily a common perspective.The whole world comprehends what the words mean and in one's own perception how they can be understood.However, when opening a discussion on what these concepts really are, and how one should study or deal with them, it is most likely to end up in ontological and semantic debates due to the different views, perceptions, and definitions that exist.

The Importance of Standardization and Commonly Agreed upon Definitions of Concepts
Science, including the domain of risk and safety, largely depends upon clear and commonly agreed upon definitions of concepts, and well-defined parameters, because having precise definitions of concepts and parameters allows for standardization, enhances communication, and allows for an unambiguous sharing of knowledge.
Our ability to combine information from independent experiments depends on the use of standards analogous to manufacturing standards, needed for fitting parts from different manufacturers [7].

Synonyms and Antonyms
When studying in the field of safety and security science, it is hard to find unambiguous definitions and parameters that clearly link safety, security, and risk.After reviewing the safety science literature, it is clear that the question "what is safety" can be answered in many ways and that it is very hard to find a clear definition of its opposite.
As a consequence, the study of the concepts of risk, safety, and security shows that there is no truly commonly accepted and widely used semantic foundation to be used in Safety and Security Science.Likewise, such a study also confirms that there is a lack of standardization when it comes to defining the opposite, the antonyms that indicate a lack of safety or security.A perfect word to indicate a lack of safety would be "unsafety", although it is little used in scientific literature, as is indicated in Table 2.1.
For the antonym of security, it is even more difficult to find a commonly used word covering the subject.For example, the Oxford living dictionary defines unsecurity as "uncertainty or anxiety about oneself", "a lack of confidence".Is this what people generally think of when talking about security issues in safety and security science today?It is sensible to use the word "unsecurity" instead.

Standard Definitions
While standard definitions for safety and security are lacking, this is not so for the concept of risk.Although regarding the concept of "risk" many opinions and definitions exist, an encompassing standardized definition is available.The International Organization for Standardization (ISO) defines risk as "the effect of uncertainty on objectives".Taking this definition as a reference makes it possible to define safety and security and their antonyms in a similar, unambiguous, and encompassing way.Safety in its broadest sense could then be defined as follows: "Safety is the condition/set of circumstances where the likelihood of negative effects on objectives is Low" [5].
Risk and safety-where safety needs to be understood in a broad perspective including security-are tightly related and the understanding of these two concepts have evolved in similar ways, expanding the view from a pure loss perspective toward a more encompassing view, including negative (loss) and positive (gain) effects.Also in safety science, the awareness rises that the domain of safety does not only cover the protection against loss (Safety-I), but also includes the condition of excellent performance in achieving and safeguarding objectives (Safety-II) [8].
Today, risk, safety, and security are also linked to what one actually wants and how to get what one wants.However, it is this most obvious part, "the objectives", that is often forgotten in definitions, while the concept of objective is maybe the most important element in understanding the concepts of risk, safety, and security.

Linking and Differentiating Risk and Safety
What one "wants" can be considered as one's "objectives", with the concept "objective" understood in its most encompassing way.The following comprehensive definition of the concept "objective" is proposed as a fundamental starting point for the comprehension of the concepts risk, safety, and security: "Objectives are those matters, tangible and intangible, that individuals, organisations or society as a whole (as a group of individuals) want, need, pursue, try to obtain or aim for.Objectives can also be conditions, situations or possessions that have already been established or acquired and that are, or have been, maintained as a purpose, wanted state or needed condition, whether consciously and deliberately expressed or unconsciously and indeliberately present".

Linking Risk and Safety
As such, based on the ISO definition of risk, the link between risk and safety can be seen as follows: risk, in order to exist, requires the presence of all three of the following elements: "objectives", "effects" that can affect those objectives, and "uncertainty" related to these elements.Safety (including security) mainly concerns the objectives and the effects that can affect these objectives.Understanding risk and safety (including security) then both requires the understanding of the objectives that matter, the possible effects that can affect these objectives (negative effects on objectives), the likelihood of occurrence of these effects, and the level of impact of these effects and the associated likelihood (likelihood is low).

Differentiating Risk and Safety
The only fundamental difference between risk and safety consists in the fact that risk deals with an uncertain future state, while safety is more concerned with determined, actual conditions.When these effects are positive, they enhance safety as they will support the objectives involved, while the negative effects degrade safety, or increase unsafety, as they subtract from the related objectives.

Quality of Perception
Irrespective of the actual conditions and future possible outcomes, risk, safety, and security will always vary from one individual to another due to variations in objectives and related values.As such, risk, safety, and security are constructs in people's minds.Every individual has different sets of objectives or values the same objectives differently, creating different perceptions of the same reality.
Furthermore, every individual has their own unique perception of reality, because reality will always need an interpretation and can only be perceived.Hence, there will always be a remaining level of uncertainty and residual lack of understanding related to risk, safety, and security, varying from one person to another.Safety science should, therefore, aim for the highest possible quality of perception, where the deviation between reality as it is and the perception of this reality is the lowest possible.

Constraints
Pursuing or safeguarding objectives will always be accompanied by the effects of uncertainty originating from a variety of risk sources.When managing risk, aiming for safety and security, one, therefore, has to identify the risk sources and their associated risks.Pursuing and safeguarding objectives requires certain levels of risk not to be exceeded.These constraints are to be taken into account when managing risk and to be adhered to when safety is a concern.

Linking and Differentiating Safety and Security
So far, safety and security have been regarded in the same way.However, what are the common elements that make security the same as safety and what sets these two concepts apart?

A Distinction on the Level of "Effect"
In managing risk, risk professionals mainly try to determine the level of risk once risks have been identified.However, the assessment of the nature of risk is an important additional element to consider in managing risk and therefore, also in determining and managing safety.
The level of risk can be understood as being the level of impact of the effects on objectives (negative and positive) in combination with their related level of uncertainty.It is often expressed in the form of a combination of probabilities and consequences.The nature of risk on the other hand is more linked to the sources of risk and how these risks emerge and develop.In ISO Guide 73, a risk source is defined as being an element that, alone or in combination, can give rise to risk.It is in the understanding of possible risk sources that the difference between safety and security can be found.
When continuing on the semantic foundation provided by ISO 31000 and ISO Guide 73, safety can be seen as "a condition or set of circumstances, where the likelihood of negative effects of uncertainty on objectives is low".When safety is regarded in a very general way, security then is just a sub-set of safety.Indeed, when the likelihood of negative effects of uncertainty on objectives is low, this also means that a secure(d) condition or set of circumstances exists.
A first (and obvious) distinction between safety and security can be discovered when looking at the "effects" of uncertainty on objectives, introducing the idea that effects can be regarded as being "intentional" or "unintentional" (accidental).When negative effects on objectives are "intentional", it is appropriate and correct to use the term security instead of speaking of safety.Consequently, it would also be inappropriate to use the term "security" when the effects of uncertainty involved are "unintentional".Terrorists, as an example, intend to cause damage and harm.They intentionally increase the likelihood of negative effects on the objectives of the groups of people or parts of society they want to terrorize.Likewise, criminals intentionally act against the laws meant to safeguard specific societal, organizational, or individual objectives.Security, therefore, can be defined as follows: "Security is the condition/set of circumstances where the likelihood of intentional negative effects on objectives is low" [5].

A Distinction on the Level of "Objectives"
Another way to look at the difference between safety and security, on a more fundamental level, is to examine the concerned objectives.A typical aspect of a security setting is the involvement of multiple parties (with a minimum of two).Different perceptions come into play and accordingly also different objectives become involved.One of the parties will try to achieve, maintain, and protect a set of objectives, whereas one or more opposing parties will have different opinions on those objectives, and they may intentionally try to affect these objectives in a negative way.When looking at security situations from this perspective, it becomes clear that security issues can be regarded as situations or sets of circumstances where different, non-aligned, objectives of stakeholders conflict with each other.
If we think of objectives as vectors, pointing in a defined direction, (non)alignment of objectives can be determined in a geometrical way, and the difference between safety and security can be determined by measuring the level of non-alignment of objectives of the different parties involved.Once the non-alignment of objectives becomes more than 90°(supposing fully aligned objectives are at a 0°deviation of each other), it is apparent that these objectives are conflicting and achieving the objective of one party will cause negative effects on the objectives of the other party.Therefore, one could argue that in security management, discovering the presence of different, opposing objectives is crucial.
A level of distinction between safety and security also can be found in the level of alignment of objectives of individuals, organizations, or societies.Building on the definition of security in the preceding section and including the alignment perspective, a definition for unsecurity can be proposed: "Unsecurity is the conditions/set of circumstances where the alignment of objectives is low and where the likelihood of intentional negative effects on objectives is high".
Terrorism, for example, is a very clear illustration of non-alignment of objectives, because many terrorist objectives are exactly opposite to the societal, organizational, and individual objectives they oppose.

A Distinction on the Level of "Uncertainty"
Last, but not least, a distinction on the level of uncertainty can be made.Safety science and safety management often depend on statistical data in order to develop theories and build safety measures.The nature of unintentional effects makes it so that the same events repeat themselves in different situations and circumstances.Furthermore, any individual can be taken into account for objectives that are very much aligned, such as keeping one's physical integrity.This provides for a vast amount of data that can be used to build theories and measures, based on statistical instruments.
Unfortunately, in security issues, the intentional nature and the non-alignment of objectives lead to repeated attempts to invent new tactics and techniques to achieve the non-aligned objectives, making it much more difficult to build on statistical data to determine specific uncertainties.It also means that different tools can and must be used to determine levels of risk and safety/security, such as game theoretical models.
The similarities and distinctions between the discussed concepts can be imagined as follows.Risk emerges when objectives are present (conscious or unconscious, deliberate or indeliberate).Risk becomes a safety or unsafety concern when objectives are tied to a specific situation or set of circumstances containing specific risk sources, providing for possible effects of uncertainty on objectives.When more than one party is involved, conflicting objectives can develop, resulting in deliberate negative effects of uncertainty on objectives for either party, making safety issues become security issues.
Safety becomes security when conflicting objectives between different parties develop, because due to the conflict, negative effects become intentional and by their intentionality also, the nature of uncertainty changes.

Conclusion
In this chapter, we have briefly described the concepts risk, safety, and security and have expounded on their similarities and differences.Subsequently, we have proposed a semantic and ontological foundation for safety and security science, introducing a definition of objectives as a central starting point in the study and management of risk, safety, and security.