A Methodology for Assessing Risk to Inform Technology Integration

Abstract

When new technology, such as artificial intelligence (AI), is introduced into an existing workflow it may impact risk by mitigating some vulnerabilities and threats in the workflow while introducing others. We present a versatile methodology for assessing the vulnerabilities and threats that impact overall risk in a workflow to inform technology integration. Our method involves a four step assessment of risk including a qualitative expert knowledge elicitation, identification of risk components, quantitative data collection and analysis based on a formula for generating a risk score. The quantification of risk can be used to guide technology integration. We describe our methodology and demonstrate its utility by applying it to the Derivative Classification review process. This work was funded by the Department of Energy (DOE).