Risk, Security, Safety and Resilience Newsletter - Week of 22 Sep 22
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
The following is a summary of security, risk, safety and resilience articles, topics and issues ending the week of 22 Sep 22.
Key themes for this week include:
----------------------------------------------------------
Enterprise risk remains a broad descriptor for many disparate functions, choices and variations across industry, context and commercial pursuits.
If anything, the expression serves as a unifying banner to ensure that the management of things that may be deemed risk at some point, are undertaken in a consistent, cohesive manner.
As a result, for the most part, measurement of 'enterprise risk' from one organisation to another confounds simple comparisons and complex, multivariate calculus.
Notwithstanding, the polycentric, protean nature of corporate objectives, external threats, choice and mounting technical alternatives disrupting, influencing and enabling organisations on a day-to-day basis.
"This NIST Interagency Report (NISTIR) explores the methods for integrating disparate?#cybersecurity?#riskmanagement?(CSRM) information from throughout the enterprise to create a composite Enterprise Risk Profile (ERP) to inform company executives’ and agency officials’?#enterpriseriskmanagement?(ERM) deliberations, decisions, and actions. It describes the inclusion of cybersecurity risks as part of financial, valuation, mission, and reputation exposure. Fig. 1 expands the enterprise risk cycle from previous reports to remind the reader that the input and sentiments of external stakeholders are a critical element of risk decisions.?"
"This handbook brings together leading philosophers and scholars from other disciplines who work on?#risk?theory. The contributions are accessibly written and highly relevant to issues that are studied by risk scholars. We hope that the Handbook of Risk Theory will be a helpful starting point for all risk scholars who are interested in broadening and deepening their current perspectives." - Roeser, S., Hillerbrand, R., Sandin, P., & Peterson, M. (Eds.). (2012).?Handbook of risk theory: Epistemology, decision theory, ethics, and social implications of risk?(Vol. 1). Springer Netherlands.
"Disasters have never waited their turn, and increasingly?#risk?is interconnected. Risk drivers and consequences are multiplying and cascading, colliding in unanticipated ways. We must have a commensurate systemic response with national and local strategies for disaster risk reduction fit for purpose. Political commitment, strategies and scenario planning have never been more important for disaster risk management.
While this report focuses primarily on the staggering rise in climate-related disasters over the last twenty years, it is also a commentary on the need to strengthen disaster?#risk?governance for the entire range of natural hazards and man-made hazards including related environmental, technological and biological hazards and risks.?"
"Chapter 3, Threat Assessments, should be an exciting section for most readers ... well, as exciting as it gets for professional books. The goal of this chapter is to illustrate the dynamic nature of threats that organizations deal with on a daily basis as well as the high impact threats which we face less frequently, but can have a detrimental impact on the assets and organizations we protect." - Vellani, K. (2020) Strategic Security Management: A Risk Assessment Guide for Decision Makers, 2nd ed, CRC Press, p. xviii
"This Strategic Framework and Policy Statement establishes a cross-sector programme to improve the?#resilience?of?#criticalinfrastructure?and essential services to disruption from natural hazards. The purpose is to develop a shared, consistent, proportionate and?#risk-based approach to delivering reductions in vulnerability over a number of years,??"
Personal safety and security issues, particularly when travelling, are routinely conflated with the fear and knowledge of negative events or unknown.
Visceral, topical, extraordinary and top-of-mind events, issues and possible negative outcomes permeate these thoughts across individuals and groups in differing ways.
Moreover, personal, dependent variable attenuate fear, which modifies 'risk'. Such as age, gender, religion, ethnicity, 'in/out group' belonging, education and wealth, just to name a few.
In other words, fear remains a dominant factor in all safety and security narratives, particular individual narratives associated with travel or mobility.
"Due to the cross-disciplinary origins of?#riskmanagement?and the evolution to eventually become ERM, it has assumed and incorporated (many) different functional perspectives that clearly influence the perception of the type of?#risk?factors that appear on the radar screen of those involved in the process. As the field of strategy itself is not a clearly defined academic discipline, or field of study, but entertains many different views and perspectives. The concept of SRM is no different in this regard. Strategy can adopt different theoretical ration- ales, say, from industrial economics to resource-based logics, different perspectives from content to a process view, and different dynamics from causal to effectual. Similar distinctions can be traced to different depictions of SRM as process frameworks, techniques, and analytical tools, employing different practice rationales. In view of this back- drop, it is quite understandable why we observe multiple definitions and views on the concept of SRM." -Andersen, T. & Sax J. (2020) Strategic Risk Management: A Research Overview, Routledge Focus, p.4
"This literature review summarises the evidence demonstrating the impact of the pandemic and the organisational move to working from home on both employee mental?#health?and?#cybersecurity, with a focus on the psychological contract and how a breakdown in implicit agreements can negatively impact both the employee and subsequently, the organisation. This literature review will examine the ways whereby organisations may, or have, mitigated?#risks?posed by this new working environment, considering?#risks?specifically related to employee mental health and cyber?#security.?"
"...as professional areas,?#safety?and?#security?have developed in different ways and supported by quite separate scientific and technological fields.?" - Pettersen, K. & Bieder, C. (2020) Safety and Security: The Challenges of Bringing Them Together?, in Pettersen, K. & Bieder, C. (eds) The Coupling of Safety and Security Exploring Interrelations in Theory and Practice, Springer, p.1
After years of systematic analysis and review of thousands of 'business travel risk management' literature, vendor claims, academic research, industry data and an array of disparate sciences, professions and management practices, I sit to summarise and write my systematic literature review, for my thesis, as part of my doctoral degree.
What is most noticeable is that the COVID-19 pandemic forced a 're-set' in many ways. Not only did it force a rethink of what is acceptable, practised and evidenced when it comes to international business travel risk management, but the lockdowns and diminished work/life activity resulted in a tidal wave of "COVID books" and publications. Most of which now superseded pre-pandemic 'travel risk' literature, practices and knowledge. However, very few of these new findings are apparent, utilised or even known to practitioners, corporates, the 'industry' or business travellers. Moreover, far more scientific investigation has taken place, scrutinising business travel 'safety, security, resilience and risk management, which renders broad, prior publications and findings not only invalid but unfounded. As a result, paradoxically, greater risk now resides within outdated knowledge, practices, and unsubstantiated, disproving personal narratives of popular actors, brands, and themes. This will have considerable ramifications for insurance, litigation, corporate practices (in time) and research moving forward. The popularity and validity of 'standards' have also been found questionable, ad-hoc and largely lacking scientific or empirical ramifications foundations. Where said standard(s) are not the product of corporate, industry or actor lobbying and representation or manipulation in support of preferred services and products (along with representation).
"This paper demonstrates that international aid organisations (IAOs), even though they are non-profit, are subject to the same basic legal ground rules as other any other enterprise – be they commercial, public or associative in nature – and subject to outside scrutiny irrespective of sector specific or internal self-regulatory standards and guidelines.
领英推荐
The paper highlights that IAOs’ concern with the well-being,?#safety?and?#security?of their staff is mandatory, not voluntary or optional. IAOs are subject to and are obliged to conform to legal standards, legislation and provisions in relation to their duty of care and legal liability regarding their employees. This complements and reinforces the existing concerns of IAOs, including risk security management, that focus on the well- being, safety and security of their staff. However, these are generally approached as a matter of choice and thus basically voluntary and subject to various interpretations.?"
"Historical sciences are concerned with chains of proximate and ultimate causes. In most of physics and chemistry the concepts of "ultimate cause," "purpose," and "function" are meaningless, yet they are essential to understanding living systems in general and human activities in particular. For instance, an evolutionary biologist studying Arctic hares whose fur color turns from brown in summer to white in winter is not satisfied with identifying the mundane proximate causes of fur color in terms of the fur pigments' molecular structures and biosynthetic pathways. The more important questions involve function (camouflage against predators?) and ultimate cause (natural selection starting with an ancestral hare population with seasonally unchanging fur color?). Similarly, a European historian is not satisfied with describing the condition of Europe in both 1815 and 1918 as having just achieved peace after a costly pan-European war. Understanding the contrasting chains of events leading up to the two peace treaties is essential to understanding why an even more costly pan-European war broke out again within a few decades of 1918 but not of 1815. But chemists do not assign a purpose or function to a collision of two gas molecules, nor do they seek an ultimate cause for the collision." Diamond, J. (1999) Guns, Germs and Steel: The Fates of Human Societies, Norton, p.422
"Building?#resilience?in our infrastructure is important to reduce our vulnerability to natural hazards. This can be achieved by improving (where necessary) protection; encouraging an ability in organisations and their infrastructure networks and systems to absorb shocks and recover; and enabling an effective local and national response to emergencies.
The UK?s?#criticalinfrastructure?is a complex interconnected system. This Guide has therefore been developed to support infrastructure owners and operators, emergency responders, industry groups, regulators, and government departments to work together to improve the resilience of critical infrastructure and essential services.?"
"When?#risks?materialize, executives are held accountable not only for their actions or lack of action when dealing with the acute phases of response and recovery. They will also be judged subsequently as to whether or not their prevention and preparedness measures have been adequate. The necessary capacities for?#risk?and?#crisis?management must be in place well before an acute incident occurs. Precautions against risks that affect the political sphere and preparations for?#crisismanagement?at the top level will frequently be opposed by sector experts as a waste of valuable resources that are needed elsewhere in the organization or in society at large. Commitment at the top level of the organization is required to ensure that such measures are given priority among many competing claims for time and other scarce resources.?" - Wenger, A., Mauer, V., & Cavelty, M. D. (2008). International handbook on risk analysis and management.?Center for Security Studies at ETH Zurich. Swiss Federal Institute of Technology.
"There is no consensus on the definition of ‘#supplychainrisk’ and ‘#SCRM’ . Without a common understanding and clear definition, researchers would find it difficult to communicate with practitioners and gain access to industry to carry empirical studies. Moreover, a consistent definition helps researchers identify and measure the likelihood and impact of the entire set of?#supplychain?#risks, and evaluate the effectiveness of SCRM methodologies. Therefore, it is imperative to obtain a clear definition of these terms. Sections 3.1 and 3.2 summarise the existing definitions of supply chain risk and SCRM, and also propose new definitions.?" - Ho, W., Zheng, T., Yildiz, H., & Talluri, S. (2015). Supply chain risk management: a literature review.?International Journal of Production Research,?53(16), 5031-5069.
If I had to specify a single book or chain of knowledge that has had a profound influence on my life and thinking over the past decade, it would the the?Half Life of Facts?by Samuel Arbesman. This book, concepts and scientific method of critique and enquiry permeates my every day work, research, thinking and activities. Because it introduced me to the field of enquiry and analysis known as?Scientometrics.
"This report covers 14 countries that are popular locations for offshoring or outsourcing work. These countries typically provide: access to English-language (or other major European language) skills; a low-cost base relative to the domestic market of the organisation outsourcing or offshoring its operations; technical skills in areas such as information technology, computer sciences or engineering; a skilled workforce including a high proportion of graduates; and in some cases, a large labour pool seeking employment. The combination of cost advantages and the availability of skills has led to a significant growth in the use of these offshore centres by large multinational businesses to the extent that it is now considered normal practice. In recent years small to medium-sized businesses have been outsourcing critical parts of their operations (manufacturing of products or volume administrative processes) to realise significant cost reductions and gain a competitive advantage.?"
"When this simulated sandpile reaches what is known as a critical state, it exists in a situation exactly as described above: With the addition of each additional grain, there is absolutely no telling what will happen (p.138)....?…when it comes to the realm of biology, social sciences, or even medicine, where measurements are not always as clear, and the results are often much more noisy (due to messy issues such as human actions), this problem is much more common.
?It’s known as the decline effect. In some situations, repeated examination of an effect or?a phenomenon yields results that decrease in magnitude over time. I addition to facts themselves having a half-life, the decline effect states that facts can sometimes decay in their impact or their magnitude.??(p.155) - Arbesman, S. (2013).?The half-life of facts: Why everything we know has an expiration date. Penguin
"This guide is designed to promote senior executives' awareness of information?#security?issues and to provide information they can use to establish a management framework for more effective information security programs. Most senior federal executives, like many of their private sector counterparts, are just beginning to recognize the significance of these risks and to fully appreciate the importance of protecting their information resources. The opening segments describe the problem of weak information security at federal agencies, identify existing federal guidance, and describe the issue of information?#securitymanagement?in the context of other information technology management issues. The remainder of the guide describes 16 practices, organized under five management principles, that GAO identified during a study of nonfederal organizations with reputations for having good information security programs. Each of these practices contains specific examples of the techniques used by these organizations to increase their security program's effectiveness.?"
It is remarkable how little some individuals know about human resilience before pursuing organisational and community resilience. That is, science and medicine have been collectively exploring, refining and attempting to improve human resilience for centuries.
Evidence of these efforts can be found in life expectancy variance and a significant improvement over the past few hundred years. Most profoundly over the past 100 years. But this outcome is by now means consistent nor sustained across every community, country or environment.
"..we will reduce?#risks?to, and strengthen the?#resilience?of, America’s critical Infrastructure. Our?#safety?and?#security?depend on the ability of?#criticalinfrastructure?to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions. We will proactively reduce?#risk?to infrastructure and systems while also building our stakeholders’ capacity to safeguard their infrastructure from cyber and physical threats and risks. During incidents and major disasters, we stand ready to assist our stakeholders and ensure that government officials and public safety personnel can communicate quickly and efficiently."
"In the United States, the?#risk?that your loved one will be killed by a drunk person is nearly 50 times higher than the risk he or she will be killed by a terrorist. But dramatic terrorist incidents in countries ... receive widespread media coverage that is denied to most victims of alcohol. And the very visible?#security?controls at airports which make the?#risk?lower than ever, might give an impression of increased danger.
One week after September 11, 2001, according to Gallup, 51 percent of the US public felt worried that a family member would become a victim of terrorism. Fourteen years later, the figure was the same: 51 percent. People are almost as scared today as they were the week after the Twin Towers came down." - Rosling, H. (2018). Factfulness: Ten reasons we're wrong about the world - and why things are better than you think. p.120
"Instead of plotting each individual risk onto the matrix, a number of risks have been thematically grouped, bringing together risks that share similar risk exposure and require similar capabilities to prepare, mitigate and respond. This is partly to bring similar risks together in a more usable way, but is also due to the sensitivity of some of the risks assessed in the NSRA. The position of each risk category on the matrix below is an average based on the positions of all the different risks that belong to that category.?"
Risk, Resilience, Safety, Security & Management Sciences