Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
"From a corporate perspective, it is suggested that the ISO principles provide little value to the #securityriskmanagement process. These principles are ideal outcomes and if taken without critique, lead only to the failure of #riskmanagement. Reverse these risk management principles and one highlights the limitations of risk management. For example, decision making becomes a predetermined outcome through #risk gaming. Risk management becomes and administration burden driven by process rather than adding value. The ISO 31000 process is cut and pasted for a corporate activity that is either under-engineered or over-engineered, far from tailored." - Cubbage, C. J., & Brooks, D. J. (2012).?Corporate security in the Asia-Pacific region: Crisis, crime, fraud, and misconduct. CRC Press.p.57
"ISO 31000:2009 provides a generic framework for a corporation; however, it lacks a number of significant process and functions that allow it to be effective in managing #security #risks. Security risk is a unique subset of #riskmanagement, and it introduces ideas such as threat, criticality, and vulnerabilities. None of these ideas are discussed in the ISO 31000 standard, greatly limiting its suitability for #corporatesecurity" - Cubbage, C. J., & Brooks, D. J. (2012).?Corporate security in the Asia-Pacific region: Crisis, crime, fraud, and misconduct. CRC Press.p.59
