Witness Risk Glossary 06.03.25
In the security world (secular and Christian), the terms “risk,” “threat,” “danger,” and “hazard” are often used interchangeably. I encourage the standardization of terminology by providing a glossary. I invite further discussion and refinement of this glossary by security specialists, theologians, risk savvy informed faith-based specialists, and cultural anthropologists skilled in bridging Eastern and Western thinking (Hampton, 2023). These terms are a work in progress…I welcome input!
Actor Mapping – Actor mapping identifies all the key individuals, stakeholders, or other organizations that will affect your team or organization’s functioning. Actors in any place of ministry can qualify as an adversary, a neutral, or a friend.[1] Actors can be an individual, a group of individuals acting together, paramilitary or military forces, communities, or a country’s government.
Antifragile – The goal beyond resiliency (bouncing back from trauma). It is growing stronger, more powerful, greater through the risks, adversities, and traumas. It means adding layers of redundancy (options) where possible and relevant across the entire organization, all the components of shrewdness, and all aspects of one’s life. Antifragility in risk means one does not merely endure, but becomes more and results in post-traumatic stress growth (PTSG) and post-traumatic stress joy (PTSJ).
Assessment – Risk Assessment asks two questions: (1) What could happen? (2) How does it impact us?
Baseline – Identifying the normal environment in the place one is in. It is the natural, normal, predictable state and patterns of movements, interactions, emotional temperature, and mindset of the people around you. It is easier to spot anomalies when you know the baseline. Baseline + three Anomalies = Decision
Black Swans – a specific type of risk that has three attributes: 1) rarity; 2) extreme impact; 3) retrospective predictability.[2]
Bow-tie Model – a tool to identify and assess all possible causes and consequences for each risk.
Christ-Follower - A Christ-follower is anyone from any denomination or church tradition who walks in the way of Jesus as their Lord and Savior.
Conceptual Thinking – refers to broad theories, general, spiritualized principles, and general laws of nature. Thinking conceptually about risk means we are using logical, rational thought. It includes applying spiritual principles in balanced ways. In conceptual thinking we are usually more detached from the actual problem.
Counting the Cost – Ongoing at each stage of life, evaluating one’s calling based on the relationships, physical possessions, and desires in relation to the cause of Christ. Requires continual reassessment of what and who is being risked in the changing risk situations.
Cross-Cultural Risk (CCR) - The potential for loss and gain when following Christ and ministering cross-culturally.
Crisis Management - the plan and procedures in place to mitigate the impact of a negative event.
Crisis Response - Crisis response is a holistic response to those impacted by trauma that promotes coping and flourishing. It encompasses practical, emotional, spiritual, and relational support provided by people with a variety of skills. There are many ways that peers can provide supportive and compassionate assistance to the traumatized. Sometimes professional psychological assistance is needed to help trauma victims.
Cybersecurity - Protecting digital information and how information is shared via phone, VHF radio, computer, and any other means.
Cynefin Framework – a way to help people make better decisions by understanding the type of situation they are dealing with. It applies complexity theory to decision making. It is a 5-category sense-making tool to identify the type of problem we are dealing with: 1) Clear (simple); 2) Complicated; 3) Complex; 4) Chaotic; 5) Confusion.[3]
Danger (Hazard) – see Risk
Data – factual, verifiable, statistical information
Demographic Proximity – a measurement of similarities the team shares with the targets of the events. Asks: How likely is the risk event to impact people like us?
Discernment – how we hear God’s voice and the Holy Spirit’s leading in all stages of risk assessment and management. We discern by asking: (1) What is the most loving thing to do? (2) What is the most hopeful thing to do? (3) What is the most faith-filled thing to do? (4) Are my decisions in risk moving me toward God or away from God?
Dread Risk – Two aspects: For individuals, it is the extreme fear attached to what risk one fears the most. From a risk probability perspective, a dread risk is a low probability event in which many people are suddenly killed, which triggers an unconscious psychological principle: If many people die at one point in time, react with fear and avoid that situation.
Duty of Care – Includes the legal, moral, ethical, and spiritual duty of care. At minimum, it means informed consent. However, duty of care is specific at each stage of the staff member’s relation to the organization, from pre-boarding, to onboarding, to risk assessment and training, to crisis management, to departure from the organization.
Endurance – being able to live and work long-term in risk and uncertainty with physical, mental, emotional, spiritual, ministry perseverance. Persevering in a difficult situation without quitting. Synonyms: toleration, bearing, sufferance, fortitude, forbearance, patience, and resignation.
Endurance Plan – includes endurance plan with tools for physical, emotional, mental, and social-relational, and spiritual endurance. Also includes evacuation lists, to do lists, evacuation criteria, kidnapping response plan, funeral plans, organizational policies, member care, etc.
Enterprise Risk Management (ERM) – ERM is a holistic approach to managing organizational risks. ERM integrates risk across all organizational levels and functions, aligning risk-taking with strategic objectives to ensure long-term sustainability. It is a structured, organization-wide process for identifying, assessing, managing, and monitoring risks that could impact the achievement of organizational goals. It is not merely about avoiding threats but also about seizing opportunities, balancing risk and reward effectively. ERM moves an organization from fragmented, department-specific approaches to a cohesive framework. Key ERM components include risk identification, assessment, crisis planning, and continuous monitoring. It requiress senior management and board engagement.
Evacuation Criteria - an endurance strategy identifying a fixed point when we know we will reevaluate our stay-go decision.
Frequency – the rate at which the events occur. Asks: “How likely is the risk event to happen often?”
Geographic Proximity – the physical closeness of the risk events. Asks: How likely is the risk event to happen close by?
Hardiness - cultivate an inner resolve before trials come. Turning toward God through the risk experience will produces hardiness
Information Analysis – the process of collecting information and data, evaluating it, corroborating it, and then making a decision based on evaluated information.
Information Management – who is allowed to receive the information and to what level of transparency?
Intelligence - the “product” resulting from collecting, evaluating, interpreting, and analyzing all available data and information concerning the likelihood of the risk materializing or of the means, intent, and opportunity of a hostile entity carrying out their threat. Information + Evaluation = Intelligence.
Inter-Cultural Risk (ICR)- The potential for loss and gain when following Christ and living within one’s home culture.
Liminality - a threshold, a state of ambiguity, a time of disorientation right before something that has the potential for major change or a new state.[4]
Loss Mitigation – reducing the potential loss and impact of loss if the risk happens.
Mitigation – addresses three questions: (1) How can we prevent the events from happening? (2) How can we minimize the negative impact on us? (3) How can we maximize the positive impact (i.e. opportunities for Kingdom advancement should that risk occur)?
OODA Loop – Observe, Orient, Decide, Act – this is a heuristic/decision making tool in quickly changing situations when there is not time to engage in risk assessment and discussion.
Persecution (CSGC) – Christian martyrs are defined as believers in Christ who have lost their lives prematurely in situations of witness, as a result of human hostility.
Persecution (Open Doors) – “Any hostility experienced as a result of one’s identification with Christ. This can include hostile attitudes, words, and actions towards Christians. This broad definition includes (but is not limited to) restrictions, pressure, discrimination, opposition, disinformation, injustice, intimidation, mistreatment, marginalization, oppression, intolerance, infringement, violation, ostracism, hostilities, harassment, abuse, violence, ethnic cleansing, and genocide.”[5]
Persecution (Charles Teiszen)– Any unjust action of mild to intense levels of hostility, directed at Christians of varying levels of commitment, resulting in varying levels of harm, which may not necessarily prevent or limit these Christian’s ability to practice their faith or appropriately propagate their faith as it is considered from the victim’s perspective, each motivation having religion, namely the identification of its victims as ‘Christian’ as its primary motivator.[6]
Positivism - The idea that problems and trials in one’s life result from a lack of faith.
Probability – Subjective determination of how likely the events may occur. How likely is it that a specific risk event will happen? We can reduce uncertainty by subjective probability.
Resiliency - is the ability to face reality, to engage with and grow through life’s challenges and adversities via inner strength, social support, coping skills, and core beliefs/values including life purpose and spiritual meaning.” Ability to adapt to challenges with firmness of faith is proven by our experience of God.
Risk – A danger or hazard which carries with it the potential for loss and/or gain.
Risk Appetite (RA) - The level of risk an organization is comfortable with to achieve its calling and mission. It is a bit like one’s appetite for food - it’s internal and hard to measure. In witness risk, if you have a risk appetite greater than risk capacity, it could ruin the viability of the organization in that place.
Risk Assessment – working through risk identification (What could happen?), the risk probability scale What is the likelihood of that happening? (Frequency Analysis) and What are the consequences? (Consequence Analysis).
Risk Assessment Process - Five parts. (1) Learn the environment; (2) Identify the risks in that specific environment; (3) Analyze the risks (frequencies, intensities, proximities); (4) Evaluate and prioritize the risks by increasing threat levels; (5) Decide on risk mitigation strategies.
Risk Assessment Theory - The components of risk identification, analysis, and decision-making.
Risk Aversion – The risk aversion is typically on a scale from a high risk appetite to extremely risk averse. It is not a one-size-fits-all, because people have different risk tolerances for different risks and types of risk.
Risk Averse – an attitude or mindset of avoiding a particular risk.
Risk Capacity (RC) – The risk capacity is the limit an organization can take before it would impact its ability to function and jeopardize its future. Risk capacity should drive decision-making.
Risk Detachment – Cultivating the skill of moving from over to care. It is not not caring, not coldness, not narrowness, not unhealthy attachments. It is caring with freedom from disordered fears and loves including freedom from the desire to control what cannot be controlled (properly apportioned emotion). It is knowing we have done all we can to assess and mitigate the risks, make wise decisions, and steward well all entrusted to us according to our calling and trusting all that happens to God. This allows for more flexibility and agility with the Holy Spirit’s leading in uncertain and chaotic situations and we make better decisions when we are not fixed on one outcome.
Risk Event – risk is an event. The “event” may be short- or long-term.
Risk Illiteracy - The inability or unwillingness to understand and deal with risk. Shows a remarkable lack of acquaintance with the fundamentals of risk assessment and mitigation. Proverbs 1:32 “For the simple are killed by their turning away, and the complacency of fools destroys them.”
Risk Intelligence (RQ) – Risk Intelligence demonstrates the characteristics, skills, expectations, and responsibilities. These are delineated in “The Risk Intelligent Leader.”[7] High risk intelligence means being skilled at managing the tension between the individual and organizational risk capacity (RC) and risk appetite (RA). The risk leader is responsible to shape the risk culture of the team or organization, set the risk vision and policies, define the risk assessment and thresholds, and influence the risk mitigation process.[8] The highly intelligent and shrewd faith-based risk leader has cultivated the necessary skills to adeptly manage VUCA environments demonstrating awareness of the tensions between gospel advancement, a theology of security management, theology of crisis management, and a theology of risk.[9]
Risk Literacy – the basic knowledge, skills, and attitudes required to assess various witness risks and mitigate them based on a clear theology of risk and mature discernment of Holy Spirit-led stewardship. (See RAM Flow Chart)
Risk Management - includes risk mitigation and decision-making. Risk mitigation includes deciding whether to choose avoidance, transference, limitation, and acceptance or some combination of these.
Risk Maturity Model (RMM) - The goal is for the individual and organization to grow towards Level 3 (Risk literate) first, with a handful of people moving to Level 4 (Advanced), and the overall goal of Risk Shrewdness (Optimization). The following risk maturity model is based on the Swiss cinfo duty of care and has five levels:
Level 1 (Minimal) Implemented occasionally or informally, in a reactive or ad hoc manner. No or little structure and no consistency over time.
Level 2 (Developing) Working to implement in a structured manner, with a plan in place and basic architecture, standards, principles identified. Actions are documented and executed with the goal of being repeatable, some reporting.
Level 3 (Literate) Implemented in a formal, structured and documented manner, with common processes, architecture, standards and guiding principles. There is regular reporting which informs operational decision making, and escalation procedures are defined where appropriate.
Level 4 (Advanced) Applied in a managed manner, which is well understood and accepted by key internal and external stakeholders, with structured and actionable reporting informing strategic decision making.
Level 5 (Optimized) Risk assessment and mitigation is applied in a manner that delivers continuous improvement, with a capacity to apply innovative, creative approaches that address future needs and that can adapt to rapidly changing circumstances in real time. Widespread understanding of the importance of its successful application with performance towards this goal included in all key internal stakeholders’ performance evaluation.
Risk Profile – what is one’s risk profile based on religion, gender, passport nation, ethnicity, and social status.
Risk Resiliency - requires more than mental assent to “correct” doctrine. It is a characteristic of the inner life. It includes cognitive assent, internal heart response, and personal and communal experience with the Lord. It is practical and spiritual, thoroughly grounded in Scripture.
Risk Savvy – 1. Understand the nature of dread-risk fear; 2. Control it by enlisting conflicting emotions if reasons don’t work; and 3. Knowing the actual risk.” (Gigerenzer’s definition).
Risk Shrewdness - Risk literate and shrewdness characterized with the 12 practical components of shrewdness.
Risk Tolerance - (RT) is the level of risk the individual or organization is able to accept before making changes. There are tangible risk limits designed to set specific boundaries in which the organization must operate. RT is the degree to which you and other actors impacted by the risk can emotionally and practically operate.
Risk Tolerance Inventory - The RTI is a risk discipleship tool to help increase risk capacity for facing danger and persecution for our Lord. Awareness of one’s risk tolerance level provides guidance on what level and type of training or discipleship is needed for an individual and organization to be able to fulfill God’s calling to advance the Gospel.
RA + RT = RC - Problems arise when risk appetite and risk tolerance are mismatched with risk capacity. What people say they would hypothetically be able to handle and what they really are able to handle are often different concepts. They think they can risk (Here I am, send me), but when the crisis happens, they cry out to God (Why has he forsaken me?). The inability to reconcile risk tolerance with risk capacity is a critical issue in counting the cost and the need for risk assessment.
Sacred Questions – the questions that arise in our soul during times of facing danger. These often are soul questions we are really asking about God, and where God is speaking to us in our inner lives.
Sacred Transformation – the sanctification and transformation into Christ-likeness that can happen in our inner being and in our communities during a season of risk.
Severity - the weight of the impact on individuals and team. Asks: How likely is the risk event to have significant negative consequences?
Situational Awareness & Understanding – 1) Understand the threat; 2) Build your situational awareness; 3) Develop personal defenses. It involves equal measures of comprehension, planning, and intuition. It requires focus and critical thinking.[10]
Situational Thinking – is based on what is happening in the risk event and how that staff person and the team are doing in their journey and maturity. It assesses each risk event with its unique contributing factors, including all the various causes of the risk event, all the possible risk events, and the totality of the potential good and harmful consequences.
Stewardship – Handling God’s resources for God’s purposes. It includes both pouring out and protecting all resources vulnerable in risk. These resources include physical and non-physical resources, visa acquisition, pain, reputation, relationships, etc. Stewarding myself includes the emotional, spiritual, mental, financial, relational, and cultural energies needed to persevere and endure whatever risky situation is entrusted to me.
Spiritual Resiliency – The growth that happens when we allow our fears to drive us to God.
Spiritual Situational Awareness and Understanding – understanding the spiritual impact of the geographic spiritual strongholds over the area, how spiritual realities are played out in fear/power and shame/honor cultures, and how these are seen in contexts where typically a folk or animistic version of the dominant religion is practiced. It is a situationally applied spiritual warfare training skill.
Survivability - More than just physically surviving through some danger, but the ability to remain functional and continue our mission.
Theology of Suffering - A theology of suffering systematically answers, “Why does God allow suffering?”
Theology of Risk - the three essential elements of a theology of risk: Divine selection of those chosen for risk, supernatural foundation, and risk as sacred worship.
Threat - a communication or action that expresses intent to cause harm, danger, or distress to an individual, group, or entity. These threats can be delivered through various means, such as letters, emails, phone calls, social media, etc., and often aim to intimidate, coerce, or instill fear.
Anonymous Threats – The identity of the person or group making the threat is concealed or unknown. Key Characteristics include lack of identifiable source, intent to harm or intimidate, vague or specific targets, psychological impact (create fear).
Insider Threats – A person who has information and access to an organization greater than outsiders. It may be intentional or unintentional, violent or non-violent. It may include government-sponsored espionage, fraud, sabotage, unauthorized dissemination of information, or poor security practices.
Blended Threats – some combination of threats against a person or team based on political unrest, terrorism, crime, gang activity, and religious persecution. It may be hard to sort out what the primary reason for the threat is.
Threat Assessment - threat assessment is a fact-based process that incorporates multiple sources of information and practical experience to determine if a threat is likely to materialize. 1) Evaluate what the threat is; 2) Rate the likelihood of it happening; and 3) Identify the impact of the danger on resources to steward vulnerabilities.
Triple-A Method - Ask, Awareness, and Action. The goal is to reduce the isolation and resignation that those facing risk may be feeling.
Virtual Kidnappings – Virtual kidnappings are when someone makes a ransom demand by phone, text, or email by claiming to have taken the target’s loved one hostage. As Artificial Intelligence (AI) technology improves, this risk is likely to increase.
VUCA – situations that are Volatile, Uncertain, Complex, and Ambiguous
Vulnerability – In terms of survivability, vulnerability is the ability to withstand (or not succumb to) a threat.[11]
White Noise - a combination of an overload of uncorroborated and un-evaluated information and data along with un-evaluated verbal threats and risks.
Witness - A witness is someone whose identity is in Christ, and witnesses to their relationship with Jesus, the Son of God.
Witness Risk - The potential for loss and gain when following Christ.
Witness Risk Communication - Witness risk communication is sharing information to inform others what the actual assessed risks are and what risk mitigation will be implemented with different levels of stakeholders. It includes sharing what is happening with others so they can pray intelligently. It involves identifying the hardware necessary to maintain communication in risk and persecution.
Witness Risk Calculation – includes evaluating in four areas: spiritual and emotional risk assessment, danger risk assessment, stewardship analysis, and spiritual discernment.
[1] Department of the Army Headquarters, Advanced Situational Awareness 2.0. Washington D.C. Department of the Army, 2021. 10-2.
[2] Nassim Taleb, The Black Swan: The Impact of the Highly Improbable. New York: Random House, 2010. 17.
[3] The Cynefin Company, “About - Cynefin Framework,” The Cynefin Co, December 2, 2021, https://thecynefin.co/about-us/about-cynefin-framework/.
[4] Frost and Hirsch, The Faith of Leap, 19.
[5] Open Doors, “The 2022 World Watch List.”
[6] Charles Teiszen, Re-Examining Religious Persecution: Constructing a Theological Framework for Understanding Persecution. Johannesburg: AcadSA, 2008. P.47.
[7] See Session 11 available at https://theologyofrisk.com/shrewdness-resources.
[8] David Hillson and Ruth Murray-Webster, Making Risky and Important Decisions: A Leader’s Guide (New York, NY: Auerbach Publications, 2021), page number, https://doi.org/10.1201/9781003145134.
[9] Anna Hampton, Unpublished paper: “The Integration of the Theology of Risk, Theology of Security Management, and Theology of Crisis Management” evaluating the intersection between Hampton’s Theology of Risk in Facing Danger: A Guide Through Risk, 2nd Ed (2024) and Brawner’s “Love, Joy, Fulfillment, and the Mandate of Gospel Security Management (2020).
[10] Gary Quesenberry, Spotting Danger Before It Spots You: Build Situational Awareness to Stay Safe. Wolfeboro: YMAA Publication Center, 2020. xxvii,
[11] Personal discussions with Scott Brawner - his definitions