Risk, Security, Safety and Resilience Newsletter - Week of 31 July 24
Risk, Security, Safety and Resilience Newsletter - Week of 31 July 24

Risk, Security, Safety and Resilience Newsletter - Week of 31 July 24

The following is a summary of articles on security, risk, safety, and resilience, as well as topics and issues, ending on 31 July 24.

Key themes for this week include:

  1. Risk: Semantics, Archetypes & Threat(s)
  2. Resilience: Frameworks, Bias & Planning
  3. Security:?Critical Infrastructure, Game Theory & Protective
  4. Safety: Security Overlap, Systems, Security 4 Safety
  5. Business Continuity: Threats, All Hazards & Dynamic Change

-------------------------------------------

Game Theory - Risk, Safety & Security Fallacies

Read Full Presentation Here ---> https://buff.ly/3ZpqtMX

Human systems are far more complex than physical systems and therefore much more difficult to represent in computational models.?"(p.585)

"...Probability is always a measure of degree of belief."

(p.578)

"First, it assumes ideal adversary intelligence and rationality— that the adversary knows which branch choice at a particular decision node best maximizes consequences at tree endpoints.?"

"The second critical assumption, also related to the adversary’s objective function in the decision mode, is that the intelligence community (or anyone else for that matter) knows the objectives the adversary is trying to maximize in the first place."

(p.581)

Read Full Presentation Here ---> https://buff.ly/3ZpqtMX

#RiskManagement = "Activities to handle risk such as prevention, mitigation, adaptation or sharing. It often includes trade-offs between costs and benefits of risk reduction and choice of a level of tolerable risk. " - Society for Risk Analysis https://buff.ly/47s8VBA

Risk Semantics

Read Full Presentation Here ---> https://buff.ly/4efi6HU

“There is no agreed definition of #risk

(p.150) “

...the main component of risk is uncertainty and not probability...To evaluate the seriousness of risk and conclude on risk treatment, we need to see beyond the expected values and the probabilities. “ (p.151)“

...there will always be uncertainties, and in a world where the speed of change is increasing, relevant historical data are scarce and will not be sufficient to obtain accurate predictions “

(p.153)

"Our historical data may include no extreme observations, but this does not preclude such observations from occurring in the future."

(p.154)

- Aven, T. (2015). Risk Analysis, 2nd ed, Wiley

Read Full Presentation Here ---> https://buff.ly/4efi6HU

Protective Security

Read Full Presentation Here ---> https://buff.ly/3XIiZDe

"...#security contexts are dynamic"

(p.636).

"In real life, the concepts of security and that of non-security are not neatly separated but coexist in a 'grey' area, which is the normal state of nature" (p.632)."...the definition of security must be unambiguous"

(p.632).

"The current concept of security is so wide-ranging to be impracticable"(p.631)

"...the mere implementation of the physical and formal aspects of security does not guarantee security. It might even increase insecurity"

(p.631)

"The condition of security is a dynamic equilibrium of opposing wills, desires, fears and actions... relying heavily on perception (of dangers, risks, threats, intentions...)

(p.630)

"...security, as risk, means 'different things to different people and different things in different contexts'?

(p.629)

"Imaginative and reactive antagonists learning from errors, studying their targets and looking for gaps and opportunities to be created and exploited render even successful security decisions and operations rapidly obsolete"

(p.630)

Manunta, G. & Manunta, R. (2006). Theorizing About Security, in Gill, M. (ed) The Handbook of Security, pp.629-657.

Read Full Presentation Here ---> https://buff.ly/3XIiZDe



Cyber-Physical Security Problems

Read Full Presentation Here ---> https://buff.ly/3XrqUDR

"How do we build #resilience across a ‘system of systems’? In critical infrastructure, we often focus on the knock-on effects of an incident, where there is impact on one system because of an event in a different system. The two systems might even exist in different sectors.

We also talk about ‘cascading failures’, where an incident may progress in an uncontrollable way because of a reliance on other systems, sometimes with far-reaching consequences. As technology changes, we see how these technologies rely on each other, as well as on wider infrastructure, for example in telecoms and electricity. It’s important to understand how these systems interact and support each other with new operating models, as well as identifying any new critical activities that underpin these new ways of living.

Read Full Presentation Here ---> https://buff.ly/3XrqUDR

Safety Science: Hyper-Connected Worlds, Systems and Processes

Read Full Presentation Here ---> https://buff.ly/47qztmG

"While #safety , #security , and reliability challenges are interconnected in a global world, the organizations dealing with these #risks are also increasingly more fragmented and more reliant on market-based arrangements"

(p.1)

"...global hyperconnectivity is not limited only to risk and technological issues but also to on-going struggle for global influence between democratic countries, authoritarian countries, as well as disruptive non-state actors.?"

"...a global reliance on digital communication technologies, which has now become an integrated part of contemporary work life along with a more frequent use of remote work and communication through digital platforms without face-to-face interaction"

Read Full Presentation Here ---> https://buff.ly/47qztmG


Critical Infrastructure: Safety & Security

Read Full Presentation Here ---> https://buff.ly/3ZmzDcP

"A comprehensive risk assessment of an industrial site will have to consider not only #safety risks, but also #security risks, including identifying potential hazards that could cause harm to people or the environment, as well as vulnerabilities that could be exploited by malicious actors.?"

(p.6)

"Hybrid threats refer to a wide range of methods and activities used by hostile state (or sometimes non-state) actors in a coordinated manner to target vulnerabilities of institutions and states, that remain below the threshold of armed conflict. The influx of hybrid threats introduces new variables to the intersection between safety and security."

(p.4)

"...in the push to “integrate” safety and security, there is a risk of downplaying the inescapably different natures of safety and security when safety remains the key dependent variable and security is subsumed under the safety umbrella."

(p.3)

Read Full Presentation Here ---> https://buff.ly/3ZmzDcP


Security For Safety: Protection of Assets

Read Full Presentation Here ---> https://buff.ly/3TsxA3j

"...the increasing number of cyber-attacks in the world tends to show that safety-critical systems, and in particular cyber-physical systems, which are particularly exposed by nature, may not be as safe as they claim, if they are not also secure."

"?...certain options, such as security-informed safety may have tremendous impacts on the competencies required by safety experts, whereas other options, such as safety-informed security may require specific trade-off support. The different safety communities do not seem very clear on the directions to take, even if the aeronautical community has recently opted for a safety-informed security approach."

(p.385)

"...?it is very difficult to precisely define what is meant by security for safety, beyond simply stating that safety must be ensured even in case (or in some cases) of malevolent behaviour."

(p.380)

Read Full Presentation Here ---> https://buff.ly/3TsxA3j


Safety & Security Risk Assessments: Bow Tie Perspectives

Read Full Presentation Here ---> https://buff.ly/4erTCvb

Read Full Presentation Here ---> https://buff.ly/4gmW47V

Read Full Presentation Here ---> https://buff.ly/4d8gXRi



Internal Control - Standards (Government)

Read Full Presentation Here --->https://buff.ly/4ekFROL

"Management assesses internal and external #risks and performs risk assessments on a periodic and ongoing basis to achieve its objectives.

These assessments provide the basis for identifying risks and developing appropriate risk responses.

Read Full Presentation Here ---> https://buff.ly/4ekFROL


Threat & Risk Assessment Failures

Read Full Presentation Here ---> https://buff.ly/4eoTUTC


-------------------------------------------

Tony Ridley, MSc CSyP FSyI SRMCP

Risk, Safety, Security, Resilience & Management Sciences

Risk Management Security Management Crisis Management

Risk, Security, Safety, Resilience & Management Sciences

Gavin Ferreiro

Strategic, Tactical and Operational Problem solver, GRC, BCM, DRP, ITIL, Info/CyberSec Consultant

2 个月

Thank you!

要查看或添加评论,请登录

社区洞察

其他会员也浏览了