Risk, Security, Safety and Resilience Newsletter - Week of 31 Aug Jul 22
Risk, Security, Safety and Resilience Newsletter - Week of 31 Aug Jul 22. Tony Ridley, MSc CSyP MSyI M.ISRM

Risk, Security, Safety and Resilience Newsletter - Week of 31 Aug Jul 22

The following is a summary of security, risk, safety and resilience articles, topics and issues ending the week of 31 Aug 22.

Key themes for this week include:

  1. Risk:?Timelines, Integration, Evolution... & Matrices
  2. Resilience: Disasters, Complexity & Quantitative/Qualitative Analysis
  3. Security:?Human, IT & Standards
  4. Business Continuity: Plans, Guides & Frameworks

----------------------------------------------------------

Risk and the 3 States of Organisation: Past, Present and Future

Consideration, management and analysis of?#risk ?occurs across different timelines. That is, 'risk' presents as past, present and future constructs, often simultaneously.

In other words, where?risk?is written, spoken or referenced, it may mean something that has occurred already, something happening now, or sometime in the immediate, near or distant future. It could also mean all three, at different times and scales.

In sum,?risk?is not fixed in time nor context.

Read More...

Risk and the 3 States of Organisation: Past, Present and Future

Embedding Risk Management; Risk & Performance

“Ensuring effective?#riskmanagement ?in any organisation is essential. This report takes a close examination of the practices organisations are adopting to embed risk management practices across the organisation. Using an in depth case study approach, it explores how businesses can overcome the common challenges presented in implementing effective risk management processes and suggests good practices for aligning these to the delivery of strategic goals.”

Read More...

Embedding Risk Management; Risk & Performance
No alt text provided for this image

HB 167:2006 Security Risk Management - The "blunt old axe" your grandfather still insists on using

All too often, security, risk and security risk practitioners, professionals, governments and organisations cling to long outdated security management and risk management practices, ideology, cultures and even 'standards'.

HB 167:2006 Security Risk Mangement?stands out as just one such example, which refuses to die and remains the stalwart terms of reference to security 'purists' and the unaware alike.

As a result, just like generations before, this 'blunt old axe' (read: blunt instrument) continues to be laboured and applied, over and over again, despite the obsolete nature of the content, instructions and positioning of the document, just like a beloved, well meaning grandparent might insist on using, because 'it was the tool of his time'.

While parts may seemingly remain useful or valuable, for the most part, the tool and concept(s) are?long past retirement.

Read More...

HB 167:2006 Security Risk Management - The "blunt old axe"? your grandfather still insists on using

The Risk Matrix Myth

"Let’s start with some basics. All models are semiotic representations of something. The model or graphic is NOT the thing in itself. All models are like metaphors, they seek to describe something by what it is not (Lakoff and Johnson). All models are constructed by someone for a purpose and are either useful, helpful or ethical depending on their outcome. Without some level of critical thinking the purpose of such models often remains hidden. So, any graphic, whether drawn in science, engineering or safety is not the thing in itself but a representation of it. Such a representation is an interpretation of a concept or idea." - Dr Rob Long

Read More...

The Risk Matrix Myth

Data Centre Security: Guidance for Owners

“Cyber intrusion methodology evolves constantly, and sophisticated attackers have a strong incentive to defeat the defences you put in place. It should be assumed that at some point your defences will be breached and therefore it is also important to be able respond proactively by detecting attacks and having measures in place to minimise the impact of any?#cybersecurity ?incidents.”

Read More...

Data Centre Security: Guidance for Owners
No alt text provided for this image

IT Risk Management Framework

"The purpose of this framework document is to provide guidance for conducting risk assessments of government organizations. Risk assessments are part of an overall risk management process—providing senior leaders/executives with the information needed to determine appropriate courses of action in response to identified risks. In particular, this document provides guidance for carrying out each of the steps in the risk assessment process (i.e., preparing for the assessment, conducting the assessment, communicating the results of the assessment, and maintaining the assessment) and how risk assessments and other organizational risk management processes complement and inform each other.?"

Read More...

IT Risk Management Framework

Enterprise Security Risk Management & Climate Change: The bumpy, unpredictable and highly variable road ahead, laden with complexity and change

Enterprise security risk management and climate change are subject to similar, concealed, subtle, compounding and complex influences, inadequately summed up in topline reports, metrics, models or narratives.

Moreover, these dependent and independent variables amass over disparate timelines, geographies, and across varying disciplines or knowledge-based professions.

That is, both climate change and enterprise security risk management are routinely represented by summary findings in the form of reports, metrics or extended, simplified storylines, yet, as a phenomenon, are comprised of a complex, layers, highly variable and ever-changing network of influences, variances, natural forces and human actors.

In other words, what any one person, organisation or country understands about either climate change or enterprise security risk management is attenuated by countless factors, various observable facts, intangible or invisible influences and narrated or analysed by an array of qualified and unqualified representatives that are captured in a series of reports, opinions and research, culminating in a single, consolidated summary of all these factors.

Read More...

Enterprise Security Risk Management & Climate Change: The bumpy, unpredictable and highly variable road ahead, laden with complexity and change

Understanding Risk: The Evolution of Disaster Risk Assessment

"Disasters caused by natural hazards can trigger chains of multiple natural and man-made hazardous events over different spatial and temporal scales. Multi-hazard and multi-risk assessments make it possible to take into account interactions between different risks. Classes of interactions include triggered events, cascade effects, and the rapid increase of vulnerability during successive hazards?"

Read More...

Understanding Risk: The Evolution of Disaster Risk Assessment
No alt text provided for this image

Quantitative & Qualitative Risk Analysis: Practicalities, Rationalisations and Convergence of Practice(s)

Threats, hazards, danger, perils and risk(s) do not materialise or present with numerical values or self-authoring, objective units of measure. Humans conduct varying degrees of analysis, which result in numbers assigned to these risk factors or categories.

Therefore, both qualitative and quantitive methods are required and practices in real world risk environments.?The question is, how are quantitative and qualitative risk(s) analysis converged, rationalised or integrated from various sources, literature or disciplines?

In other words, try as we may, risk(s) aren't spawned with prescribed, objective numbers such as numbers extracted in a lottery or other games of chance.

Read More...

Quantitative & Qualitative Risk Analysis: Practicalities, Rationalisations and Convergence of Practice(s)

Business Continuity Management: Keeping the Wheels in Motion

"This Guide presents a structured approach to business continuity management. The approach involves identifying preventative treatments for continuity risks that can be routinely managed, and developing an organisation- wide business continuity plan?to deal with the consequences should the preventative treatments fail. The approach should be tailored to meet organisational needs while satisfying the major steps identified for business continuity management in the context of overall?#riskmanagement .?"

Read More...

No alt text provided for this image
No alt text provided for this image

Business Travel Risk Management: An ensemble of generic opinions, branding, marketing, business data, tourism statistics & quasi-scientific research

Business travel safety, security and risk management have a modest, disparate and immature literature foundation.

That is, when speaking to either 'business travel risk management', or any number of derivatives such as 'travel security', 'business travel safety' or 'business travel risk', practitioners, organisations and researchers will encounter a myriad of unrelated, opinion-centric and marking-dominated content in the form of books, articles, white papers and websites.

Each competing for popularity, universal application and 'status' within corporates, the travel industry and the remaining few vendors competing in a predominately insurance-driven market, with an after market representation in the form of information subscription(s) and templated, unsubstantiated, non-comparative scales of risk.

Read More...

Business Travel Risk Management: An ensemble of generic opinions, branding, marketing, business data, tourism statistics & quasi-scientific research

Post Pandemic Travel: Terrorism & Security Risks

Travel has always contained degrees of uncertainty, no matter how confident beliefs in forecasting the future and the complex, interconnected actions of others. The pandemic created by COVID-19 has reminded us all of this reality. The post-pandemic world will be different in many ways.?#Security ,?#safety ,?#crime ?and?#terrorism ?are just some of the critical areas for change and uncertainty likely to be experienced by travellers. Therefore, greater knowledge of past vulnerabilities and essential life safety and security principles will assist in reducing uncertainty and the identification of a change to modify actions and behaviour. To remain safe and secure at all stages of the journey.

Read More...

Post Pandemic Travel: Terrorism & Security Risks

Human Security: Handbook

"Human?#security ?addresses the full range of human insecurities faced by communities including, but not limited to, violent conflicts, extreme impoverishment, natural disasters, health pandemics, etc., as well as their interdependencies, both across human securities and geographically. In particular, as an operational approach, human security:

- Underlines the importance of addressing the totality of conditions that impact human beings and highlights the need to refrain from looking at people’s lives through the lens of specialized entities or interested parties, which often results in silo- or supply-driven responses.

- Addresses the root causes of threats both within and across borders, and advances multisectoral/multi-stakeholder responses to advance integrated and prioritized solutions over the short, medium and long run.?"

Read More...

Human Security: Handbook
No alt text provided for this image

Business Continuity Management Framework

"Effective?#businesscontinuitymanagement ?reaches beyond developing of business continuity plans. It requires all of us to acknowledge uncertainty as a natural part of business planning. We all need to be aware that?#risk ?is inherent in all decisions and activities and that some risks have the potential to interrupt services, and we need to be prepared to respond to and manage such interruptions.

Successfully applying this Business Continuity Management Framework will increase our ability to absorb, respond to and recover from disruptions. It also offers opportunities to understand how we create value and establishes direct relationships to dependencies and vulnerabilities inherent in delivering our outcomes.?"

Read More...

Business Continuity Management Framework

Data, Numbers & Statistics in Risk, Security, Safety & Management

For the past couple of decades, I've been immersed in data, numbers and statistics informing?#risk ,?#security ,?#safety ,?#resilience ?and management. More specifically, the way in which numbers are complied, interpreted, distributed and influence confidence, findings and decisions associated with? #riskmanagement ?,? #securitymanagement ,? #safetymanagement ?and the pursuit of resilience objectives. Including the quantitative and qualitative 'wars'. As the Dunning-Kruger model promises.... the task is never 'done' and there is always 'more' to learn, consider and comprehend. However, diverse consideration of opinions, applications and research help improve my understanding and contribute to informed critiques of risk calculations, computations and algorithms. Here are a few of my favourite desktop references and resources. Let me know, what are yours...and why?

Data, Numbers & Statistics in Risk, Security, Safety & Management

Ridley Tony

Risk, Safety, Security, Resilience & Management Sciences

#security ?#risk ?#resilience ?#safety ?#management ?#sciences #enterpriseriskmanagement ? #enterprisesecurity ?#corporatesecurity #enteprisesecurityriskmanagement ? #ERM ?#ESRM

Alumni:

英国莱斯特大学 ?- Master of Science (MSc), Security & Risk Management

Doctoral Candidate:

Charles Sturt University ?- Doctor of Public Safety

Member:?

Register of Chartered Security Professionals ?(CSyP)

The Security Institute ?(MSyl)

Anti Terrorism Accreditation Board (ATAB) ?(CAS)

International Association of Crime Analysts

ASIS International

The BCI

The Institute of Strategic Risk Management (ISRM)

International Professional Security Association (IPSA)

Risk, Security, Safety and Resilience Newsletter - Week of 31 Aug Jul 22
Michael W.

CP Provider for over 40 years Private and Govt. contracts. Well travelled. CP training, Local Liaison, investigation services for CP Teams travelling to Iberian peninsula+LATAM Physical combative solutions. Educator

2 年

Tony Ridley, MSc CSyP MSyI M.ISRM Very interesting in general Tony. I would like to comment more but unfortunately (or indeed fortunately) I have spent all my lunch break "reading more" ! You hooked me good. So good I forgot to eat lunch haha. So much I had forgotten I′d learned and so much more to learn. Thank you for the share.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了