5 Ways of Knowing: Security, Risk, Resilience & Management Knowledge
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
The single most persistent truism across security, risk, resilience and management practices is that most practices remain unsubstantiated beliefs and habits of an accepted cohort as opposed to objective, substantiated findings of applied research and knowledge.
The most expedient means upon which to demonstrate this reality is to ask for source material, references or citations in any one or more security, risk, resilience or management doctrine, practice or applied process.
While day-to-day business and life is not one big academic exercise requiring countless qualitative references and citations, life-saving or protective and risky practices demand a different standard of rigour and accountability.
It is simply not enough to do, because everyone else is or there is no objection to one's methods
How do you know what you know?
At all levels of security, risk, resilience and management there are scales of evidence, truth and reliable terms of reference.
General beliefs, habits or those 'things' that have become normative within a group, organisation or community are of the lowest quality of knowledge.
That is, just because everyone does it, doesn't make it either right nor qualitative.
Countless groups continue to do stupid and inefficient things everyday, largely for lack of knowledge around alternate solutions or for fear or punitive measures in the event of speaking up or challenging the 'stupidity'.
However, if the general belief is in fact informed by objective sources, it is not considered low quality, just not cited or referenced well.
It is at this point you often observe variance in understanding and application though, as the source is not clear, documented nor dissemination.
As a result interpretation, errors and short cuts become hardwired into habits, diminishing the source references and intent.
While authoritative knowledge is slightly higher, a lack of citations and specific, objective terms of reference render these top of mind/heuristics less reliable.
Findings derived from scientific and structured experiments are more reliable.
Repeatability, context, human factors, confounders, etc modify and distort findings when it comes to human psychology, sociology, criminology and other security/management sciences.
Theoretical findings are considered more reliable than most other means but still only comes in at second place.
Empirical findings remain the highest form of knowing.
Null hypothesis, p-values, independent/dependent variables, confounders, etc are indicative of such findings. In addition to the fallibility of such findings.
领英推荐
Stop and think about what you know about security, risk, resilience and management
How do you know what you know?
If you can't trace the source, cite your work or base your theory and practices on a specific terms of reference, all the while that terms of reference remains extant for the spatiotemporal considerations of the day... do you really know?
In other words, practices, habits, beliefs and normative influences across security, risk, resilience and management unsupported by specific findings are more likely just accepted customs or preferred practices by those in power.
A dangerous mix in any circumstance, let alone when it comes to security, risk, resilience and management.
Source: Ross, L. (2010) Research Methods, Harlow: Pearson Education UK.
In more academic terms, a generic framework or philosophical view of knowledge is considered inadequate for search-based analysis by researchers (Biggam, 2011). As a result, all literature can be qualified and evaluated using the ‘five ways of knowing’ (Ross, 2010)
Empirical findings are considered the highest form of knowledge with general beliefs rated the weakest at five, on a scale of one to five. Literature, research and content consistent with levels one through to three are considered most qualitatively relevant. This process, in turn, should produce a more relevant collection of topics and supporting literature.?
Academics have noted that this more inductive approach to literature reviews is likely to produce more reliable, logic-based and data-driven results (Hart, 1998).
Hart goes on to cite this approach as consistent with another scholar by the name of Toulmin, who further asserts that
results derived from data, consideration and observation post-analysis produces superior results.
In other words, determining a standard for knowledge quality before conducting literature searches is likely to produce a better body of literature for analysis.
To sum up, bias reduction and prioritisation of relevance, the methodology used in this literature review seeks to find the most relevant literature with experimental, theoretical or empirical findings.
Tony Ridley, MSc CSyP MSyl M.ISRM
Security, Risk & Management Sciences
References:
Biggam, J. (2011) Succeeding with your masters’ dissertation: A step-by-step handbook, McGraw-Hill Education
Hart, C. (1998)?Doing a literature review: Releasing the research imagination, Sage.
Ross, L. (2010) Research Methods, Harlow: Pearson Education UK.
Chartered Security Professional & Director at Optimal Risk Group
2 年I fully concur with my fellow Chartered Security Professional. This is why we are developing training and exercises designed to test the security of any asset. The Physical Penetration test is as important as the Cyber Penetration test in gathering data specific to your asset. Don't just do what others are doing. Thankyou for this brilliant newsletter series Tony. A great way to get the most out of your Doctoral research that benefits us all.