Risk, Security, Safety and Resilience Newsletter - Week of 15 Sep 22
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
The following is a summary of security, risk, safety and resilience articles, topics and issues ending the week of 15 Sep 22.
Key themes for this week include:
- Risk: Sciences, Assessments & Methodologies
- Resilience: Critical Infrastructure, Systems & Organisational
- Security: Cyber, Corporate, National & Transnational
- Business Continuity: Threats, Standards & Lessons Learned
----------------------------------------------------------
What does your risk environment, landscape, process or reality look like? Do you navigate using intuition, a compass, a map or guesswork?
The concept and reality of risk is 'messy'. Both the practice and understanding of risk varies from person-to-person, organisation, industry, community and government(s).
The only place risk looks 'neat', is a on a spreadsheet or risk register.
Therefore, a practical sketch of what 'risk' looks like in the wild is not only necessary, but also revealing in how organisations and individuals comprehend or apply management, control or mitigation to things that may/may not result in risk(s).
The Full Spectrum of Risk Attitude
"Corporations and the people who run them have their own views of #risk and #riskmanagement. These perspectives have formed over time, in response to personal and firm experiences, by current risk taking capacity, by the changing business environment, and by being influenced by watching various strategies succeed or fail. Studies show that risk perspectives fall into four broad groups with almost wholly incompatible views—and only one of those four perspectives is totally compatible with the current paradigm of Enterprise Risk Management (#ERM). "
"This is a textbook on #risk science – covering the basic concepts, principles, approaches, methods and models for how to understand, assess, communicate, manage and govern #risk. It presents the foundational and most recent advancements in the subject matter for a #riskscience course at the university/college level while applying these to recent high-profile risk-related events and issues. It is relevant for students from all types of domains, including business, engineering and public health, as it highlights the generic and fundamental concepts, principles, approaches, methods and models of this science and field. In order to adequately handle risk, it is essential to understand all the core subjects of #riskscience and how they relate, for example, what is risk science; how to characterize and communicate risk, with particular emphasis on reflecting uncertainties; how to distinguish risk judgments and risk perception; how to assess risk and guide decision-makers, especially for cases involving large uncertainties and value differences; and how to integrate risk assessment with #resilience-based strategies"-
Aven, T., & Thekdi, S. (2021). Risk science: An introduction. Routledge.
“Risk analysis methods and tools are important resources for articulating scientific knowledge to those who make decisions regarding public and occupational health.”
Organisational Resilience: Definitions, Contexts & Connectors Influencing Operational Resilience Pursuits
Our environments and the world are subject to perpetual change. As a result, resilience and protection remain fleeting in wake of change, threats, technology, and adaptive, intelligent human actors.
In other words, individuals and organisations alike must constantly review and respond to their immediate and influential environments, in order to to pursue resilient structures, practices or operations.
An objective that will never be finished, and a defined state constantly subject to change, with each passing hour and day.
"#risk is a topic deserving of academic and public attention in and of itself: it is an intriguing concept, difficult to define. The essays in this book show just how varied these definitions can be. For example, David Spiegelhalter defines it as ‘anything to do with situations where “bad” (or “good”) things may, or may not, happen’, while Christopher Hood argues that the #risk that matters most, at least in politics, is the risk of blame. "
Skinns, L., Scott, M. & Cox, T. (2011) Risk: The Darwin College Lectures, Cambridge University Press
Critical Infrastructure Security & Resilience
"Identifying and understanding interdependencies (two-way) or dependencies (one-way) between infrastructure elements and sectors are important for assessing the #risks and vulnerabilities and for determining which steps may be taken to increase #security and #resilience. "
"Our world today is characterized by rapid change, interconnectedness, complexity and uncertainty. The acceleration of globalization and technological advancement have revolutionized international trade, communication and travel, and average standards of living are higher than they have ever been. At the same time, the continuing advancement in the speed of change across multiple areas of human activity, and our reliance on interdependent systems, leave us exposed to innumerable and uncertain threats, as demonstrated so profoundly by the cascade of health, economic, social and political effects of the coronavirus (COVID-19) global pandemic." -
Wakefield, A. (2021). Security and Crime: Converging Perspectives on a Complex World. Sage. p. 2
12 Top #Risks for 2022.
- #Cybersecurity.
- Talent Management.
- Organisational Governance.
- Data Privacy.
- #Culture.
- Economic and Political Volatility.
- Change in Regulatory Environment.
- Supplier and Vendor Management.
- Disruptive Innovation.
- Social Sustainability.
- #SupplyChain Disruption.
- Environmental Sustainability
Human Safety, Security & Risk Management Challenges: Unique, Dynamic and Dependent Variables Across Location, Cultures and Demographics
Provision and assurance of safety, security and risk management in any one geographical location is challenging enough, let alone across multiple geographic sites, across jurisdictions or across international borders.
Because humans remain highly variable and confound any one or simplified categorisation efforts.
Moreover, threats, danger, perils and hazards are perceived, impact and harm individuals and demographics differently. As a result, vulnerability (perceived and real) vary as dependent variables.
Culture, gender, ideology, education, age, status, wealth, etc further attenuate human variables, regardless of shared environment or universal exposure to risk(s).
"#Riskmanagement provides a means to cope with a multiplicity of different kinds of #risk and risk exposure so as to enhance beneficial outcomes and reduce harm and detriment. Risk management seeks where possible to reduce the uncertainty over how big an impact the risk would have if it materialized and how likely it is that the risk would materialize." -
Cybersecurity Risk
"Despite substantial investments in information #security systems, most firms remain highly exposed to #cybersecurity risk. In addition to being direct targets, many firms are indirectly affected or are collateral damage in a cyberattack. For example, the adverse effects of tactical cyber operations against SolarWinds, a major U.S. information technology firm, in 2020 went beyond the direct target and propagated to many of its client organizations, including several large U.S. federal agencies, in what was one of the largest and most sophisticated attacks ever. Considering the profound impact of cyberattacks on firms and economies around the world, it is important to have a deeper understanding of individual firms’ exposure to cybersecurity #risk, its quantification, and its effects on asset prices. "
Cultural Filters Shaping Risk, Resilience, Safety, Security and Management Views, Preparedness and Response.
Culture shapes 'risk'. Culture creates risk. Culture distorts risk. Culture dismisses risk. Culture prioritises risk. Culture demands action for risk(s). Culture amplifies risk. Culture restricts risk mitigation.
In short, culture bludgeons, distorts, builds, destroys, manages and mitigates risk(s).
Culture is invisible, transient, complex, provisional and varies across teams, organisations, communities, context and 'risk' issues. Climate influences culture and risk too.
“Culture Eats Strategy For Breakfast”
Peter Drucker
"Cultural theory not only explains why #risk regulation so often generates political disputes, but also why consequentialist modes of decision-making are often powerless to solve them. No amount of expected utility analysis can tell us which particular vision of the good society – the egalitarian, the hierarchical or individualistic – to prefer. When commitments to ways of life figure explicitly into appraisals of societal dangers – ‘better dead than red!’ – culture-effacing modes of risk-assessment and decision-making will simply miss the normative point."
Professional Standards in Risk Management
"#Riskmanagement should be embedded in the general management of an organisation. It should not be practised in isolation, but integrated fully with other functions such as finance, strategy, internal control, procurement, continuity planning, HR and compliance. The degree of this integration will vary depending on an organisation’s size, #risk maturity, culture, implementation processes, operating models and external environment. Organisations have to cope with greater uncertainty in an increasingly volatile and unpredictable world. Howell developed an organisation’s approach to #EnterpriseRiskManagement (#ERM) is can affect significantly its capability to take robust and informed strategic #risk decisions and the achievement of its objectives. "
Thematic & Linguistic (Discourse) Analysis: Risk, Resilience, Safety, Security and Management Concealed Influence or Meaning
Everyone reads and reviews documents, reports and literature. Very few analyse the document for thematic, linguistic or discourse 'meaning' concealed within the narrative(s). Even less conduct cumulative semantic meta-analysis of the document, relationships and related literature/content.
In other words, there is reading, understanding, analysis and intent layers concealed and presented in every written passage.
While marketers, researchers, scientists and scholars are familiar or skilled in some of these areas, it remains a persistent deficit within applied risk, resilience, safety, security and management practices, professions and application.
"This third edition of Human #Safety and #RiskManagement, inter alia, includes an expanded chapter on the human sensory system (HSS), the rationale for which includes the following:
1. We rely on our senses for all behaviors engaged in as well as the cognitive and emotional basis for those behaviors, including those associated with #safety, danger, and #risk.
2. It is important to be aware of HSS limitations when designing tasks or systems, particularly when these involve risk.
3. We need to understand how the limitations of the HSS impact learning and error rates, which are two sides of the same coin (Chapter 5).
4. Many features of advanced technology expand upon the HSS in a great variety of ways, for example, extending human sensory capabilities, or sensing critical environmental features that are outside our sensory range (Chapter 3). Effective equipment design often relies upon a thorough understanding of the HSS.
5. The HSS and its correlates provide the basis for considering more applied topics, for example, attention is a key component of consciousness (Chapter 2), and is also critical to #risk perception (Chapter 4) and situation awareness (Chapter 5), as well as to error detection and avoidance (Chapter 5)." -
"#RiskAssessment is the procedure by which the #risks posed by inherent hazards and associated #risk involved in the processes or situations are estimated either quantitatively or qualitatively. "
The Sciences of Risk: Implications for the Regulation of the Financial Sector
"...the variation in financial #risk preferences reflects the fact that individuals living in more collectivist cultures are cushioned from the consequences of negative outcomes, so can get away with more risky decisions "
Pandemic #riskmanagement: "For politically responsible and vulnerable officials, comparable doubts were likelier to follow from unstated presumptions that they tended to perceive as facts (or not perceive at all). Had those been stated and debated as explicit presumptions, then the laymen might have noticed that the expertise involved was mostly managerial, media-related, or political, not medical." -
----------------------------------------------------------
Tony Ridley, MSc CSyP MSyI M.ISRM
Risk, Resilience, Safety, Security & Management Sciences
