Security & Risk Management Modelling Problems: Socio-Technical Systems, Variance & Decay

To apply security and/or risk management in isolation without understanding or consideration of the broader socio-technical system/s, is to fail.

That is, what practitioners, professional, organisations and governments believe to be either security and/or risk management is but a snapshot in time and practice of the broader issues of integration, overlap, conflict, evolution and tension between cultural, sociological, economic, political, scientific and legal systems.

In other words, disparate elements of socio-technical systems are in a constant state of evolution, decay and variance which confounds models, consistency or static approaches to security and/or risk management, inclusive of safety.

Risk is often socially constructed. Community fear, uncertainty, doubt and politics are powerful influences on risk narratives and what is/isn't considered a risk.

Security for whom, when, how and under what context? Public and private security often overlap but who pays, who is protected, who is included/excluded and those that are considered either a threat or vulnerable individual/cohort is highly subjective and variable.

Socio-technnical systems influence security, risk, safety and our perceptions or practice of these disciplines. It even contributes to decay.

Moreover, the systems, relationships, network and complexity continues to growth exponentially with the ubiquitous inclusion, growth and evolution of technologies.

Models change. Systems change. Knowledge changes. Information changes. Communities change. Governments change. In short, many things change over the lifecycle of any security, risk or safety management initiative or practicing body of knowledge. As a result, if people, practice, knowledge and the discipline does not change, it is already negatively influencing and impacting the objective and system.

Decisions, choices, judgement, evidence and trade-offs at all levels and stages of a single systems, let alone multiple, complex systems obfuscate security, risk and safety management perspectives, ideology and practices.

In sum, socio-technical systems have considerable influence on security and/or risk management practices, knowledge, beliefs, standards and models.

As a result, to apply security, safety or risk management without consideration, understanding or inclusion of the ever evolving system/s is to fail.

In other words, blind application of a favorite, popular or preferred security, safety or risk management practice or model, is to ignore spatiotemporal decay and variance of complex systems, networks and the world in general.

Do so at your own peril, and that of others.

Conversely, pursue security, safety and risk management as a lifelong learning objective and keep updated and aware of changes to the system/s, model and practicing body of knowledge.

Failure may still be possible, but proactive measures and humility significantly minimise most preventable limitations, shortfalls and failures.

In short, sharpen the saw.

Tony Ridley, MSc CSyP MSyI M.ISRM

Security, Risk, Safety and Management Sciences

Reference:

Rasmussen, J., (1997) Risk management in a dynamic society: a modelling problem, Safety science, 27(2), pp.183-213.