Risk, Security, Safety and Resilience Newsletter - Week of 13 Oct 22
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
The following is a summary of security, risk, safety and resilience articles, topics and issues ending the week of 13 Oct 22.
Key themes for this week include:
----------------------------------------------------------
"There has been a steady increase in cyber attacks for at least a decade, reflecting the ever-accelerating move of people’s data and business lives online. While the pandemic certainly rocket-propelled the quantity of cyber attacks, it was noted in every continent that this was only an acceleration of the pre-existing trend.?"
What a year! Huge personal, professional and academic milestones. I am celebrating the completion of all assignments and assessments in the 1st year of my Doctor of Public Safety. Researching transnational threat vectors and better safety, security and risk management practices for international business travellers at all levels. Encompassing various work environments, knowledge workers, risk sciences, human geography, security sciences, mobilities and mobility, along with safety sciences, the journey so far has been complex, networked and fascinating. This year has paved the way for the next couple of years and confirmation of my candidacy. The program, supervisors and resources have been world-class and extremely valuable.
?#riskmanagement?#securitymanagement?#safetymanagement?#travelandtourism?#travelmanagement?#travelsecurity?#travelsafety?#securityriskmanagement?#businesstravel?#enterpriseriskmanagement
"October is?#Cybersecurity?Awareness month in the United States. Typically, this focuses on what consumers can do to?#protect?themselves. Given the increasing stakes and scrutiny of consumers and regulators, however, businesses may want to take it as a cue to strengthen their own?#dataprotection?practices to protect against regulatory, financial and reputational?#risks?on the horizon".p.3
Distinctions between private and public?#security?are not immediately apparent to most lay people, in addition to divisions between private/public security realms becoming increasingly obfuscated by roles, funding, responsibilities, powers and representation.
Moreover, private security representation is further diffused across academia, corporate and service providers.
This includes intelligence, research and qualifications.
Lastly, government outsourcing (neo liberal tendencies) increasingly translates to the provision of public security outcomes using private security actors, including private contractors directing and approving public security initiatives and expenditure
Before comparing?two seeming like entities with an apparent shared goal, there is a fundamental requirement to?understand each independent element first. Then, and only then, you may find them?not so alike at all.
"#Risk?taking, the engine driving business, is vital to companies seeking market success.?#Risks?are, however, often thought of only as hazards,despite the fact that they can present significant opportunities and possibilities for organizational innovation and new competitive advantage leading to short- and long-term profitability. In fact, risk and opportunity are a duality—like two sides to the same coin. Managing hazardous risk has been increasingly recognized as a critical business issue prompted by events as diverse as the financial debacles of companies"
Blown away by the interest and support. Just like that, a paper I wrote on Security Management versus that of Security Leadership has 1,500 reads on ResearchGate. Thank you again to those that encouraged the paper, commented and discussed the positioning since.?#securitymanagement?#riskmanagement?#securityriskmanagement?#securityleadership?#risksciences?#securitysciences
Cyber (#security?&?#riskmanagement) incident response cycle (PICERL) Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned
Great contests and adversarial positions arise from?#riskmanagement?beliefs and practices but so little focus or consideration is taken for all the things that take place long before anyone thinks they are managing things now called 'risk'.?
In other words, what happened and how much analysis took place before you started managing things now tagged as risk?
领英推荐
"Operational?#Risk: The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.?"
"..whereas sense making—and?#riskmanagement?more generally—is often retrospective, the process of decision making is fundamentally prospective. Capturing how we make decisions calls for research designs that are both action centered and forward looking.?" - Daipha, P. (2015). Masters of uncertainty: Weather Forecasters and the Quest for Ground Truth. University of Chicago Press.p.2
"The underlying premise of?#enterpriseriskmanagement?is that every entity exists to provide value for its stakeholders. All entities face uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Enterprise?#riskmanagement?enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value.
Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related?#risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives.??"
In short, supplanting humans with systems introduces new and varied?#risks?not immediately apparent... including new and more complex?#security?threats. Each layer of interaction, including access and network recall presents different opportunities for one or more bad actors to breach or disrupt the system. Often invisible or outside the oversight of frontline security personnel and management.
"Why?#cybersecurity? Now, more than ever, cybersecurity and InfoSec careers are in high demand. The industry is broad and needs a variety of skills. In addition, cybercrime never stops and technology changes rapidly, so this industry is never boring. Practically every industry out there needs cybersecurity professionals. Not only will you have plenty of work, you’ll also enjoy a sense of accomplishment, knowing you are part of a greater good.?"
"Scientists have repeatedly demonstrated their willingness to be bought off by special interests and provide scientific and pseudo-scientific 'cover' for their activities. Where state and corporate harm are eventually revealed, avoidance or minimisation of 'reputational damage' become the objectives, with strategy and tactics overseen by public relations 'crisis management' experts" - Barton, A. & Davis Howard, D. (2018) Ignorance, Power and Harm: Agnotology and the Criminological Imagination, Palgrave Macmillan, p. 5
Formal and informal considerations of?#risk?invariably include financial expenditure or proportional economic investment to mitigate/manage risk, such as is commonly understood as?reasonably practicable.
As a result, both scales of risk (viewed from top to bottom in the below graphic) in conjunction with the magnitude of risk (viewed as proportional variance in the red triangle below) influence attention, response and investment.
In other words, how big and wide a risk is perceived or calculated drives motivation, investment and effort to mitigate or manage one or more risks through controls, ultimately framing understandings of risk tolerance.
"The?#risk?and potential consequences of natural disasters and other business disruption events reinforces the need for Australian Government entities to have effective business continuity management (BCM) arrangements in place to provide for the continued availability of critical services and assets. Effective BCM arrangements give entity management and stakeholders greater confidence in the entity’s ability to manage the impact of a disruption and return to business as usual.?"
----------------------------------------------------------
Risk, Security, Safety, Resilience & Management Sciences