Episode 45 — Model Likelihood and Consequence: Risk Variables That Drive Real Decisions
This episode explains how to model likelihood and consequence in OT without pretending you have perfect data, because good risk decisions come from disciplined reasoning, not false precision. You’ll learn what “likelihood” means when incidents can be rare but impactful, and how to account for exposure, threat capability, existing controls, and operational conditions that make certain failures more plausible. We define consequence in OT terms, including safety impact, environmental harm, production loss, quality degradation, equipment damage, and recovery complexity, then show how consequence can dominate decisions even when likelihood is uncertain. The episode includes exam-relevant guidance on choosing conservative assumptions when safety is involved, documenting uncertainty, and using ranges or ordinal scales when quantitative inputs are weak. Troubleshooting focuses on common modeling errors like double-counting impacts, treating vulnerabilities as threats, or ignoring compensating controls, and how to improve the model by validating assumptions with engineering and operations input and by updating ratings after changes and incidents. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.