Security, Risk, Safety and Resilience Newsletter - Week of 20 Jan 22
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
The following is a summary of security, risk, safety and resilience articles, topics and issues ending the week of 20 Jan 22.
"Aeronautical decision-making?(ADM) is a systematic approach to?#riskassessment?and stress management. To understand ADM is to also understand how personal attitudes can influence decision-making and how those attitudes can be modified to enhance?#safety?in the flight deck. It is important to understand the factors that cause humans to make decisions and how the decision-making process not only works, but can be improved.?"
Security and risk management sciences are processes which can be subjected to analytical rigour, structured planning, empirical evaluation and other?scientific methods.
That is, not only is there an underlying body of knowledge, empirically proven application and parameters for efficacy, but there is also a formal process for evaluation, design, implementation and revision.
"The Department of Homeland?#Security?(DHS) has developed nine criteria that consider various factors—including the willingness of various stakeholders, such as asset owners and operators, to participate and concentrations of high-risk critical infrastructure—when identifying possible locations for Regional Resiliency Assessment Program (RRAP) projects. According to DHS officials, final project selections are then made from a list of possible locations based on factors including geographic distribution and DHS priorities, among other considerations. However, it is unclear why some RRAP projects are recommended over others because DHS does not fully document why these decision are made. Federal internal control standards call for agencies to promptly record and clearly document transactions and significant events. Because DHS’s selection process identifies a greater number of potential projects than DHS has the resources to perform, documenting why final selections are made would help ensure accountability, enabling DHS to provide evidence of its decision making.?"
Elements of cybersecurity benchmarking offer businesses, boards and government entities artificial assurance and confidence by means of simplistic scales of measurement when it comes to risk, resilience, protection and the current efficacy of what could be categorised as security management.
This benchmarking and reporting fallacy is most concerning in environments, contexts and government networks where even the most basic of cybersecurity or cyber resilience tactics and strategies are not universally applied or remain a varying, disparate levels of completeness or consistency... exposing the entire network to elevated risk, which is not declared or captured in maturity, resilience or self-assessment declarations.
"The purpose of the Explosive Management Plan is to outline management practices employed on the Project that are aimed to minimize the?#safety?and environmental?#risks?of handling ammonia nitrates, which are present in blasting agents. Specifically, methods used to minimize ammonia nitrate losses to the environment will be explained.?"
No assessment of risk, including security, is either value or judgement free.
That is, analysis of any situation by humans invariable contains degrees of 'noise' and bias that influences the focus, analysis and final risk determinations in positive and negative ways.
This variance is rarely adequate disclosed or even considered in most security risk assessments.
In other words, a security or risk assessment that yield significantly variable outcomes when conducted by different people is more akin to an alchemistic or artistic process than a professional procedure informed by research, statistics and structured knowledge or analysis.
领英推荐
"Emergency management is about preventing, preparing for, responding to, and recovering from emergencies that may affect the community and endanger life, property or the environment. Community expectations, recent emergency events and shifts in policy and legislation are creating new expectations of local government in relation to emergency management, and adding to an already complex policy and legislative framework.?"
Pursuit of managing risk/s associated with people is plagued by numerical values and calculations that inadequately capture or consider human factors, natural variances and the full spectrum of hazards, threats, harm and ultimately matters considered as 'risk'.
In other words, people risk management practices predominately seek to convert select information, behaviours and historical events into future, numerical risk models that serve very few and lack even rudimentary risk sciences inclusions.
This includes people risk management practices undertaken in the name of security and safety.
"Today, the internet allows?#terrorist?and extremist groups to create, post, copy and distribute extremist material, which can be made accessible to over a billion people in a matter of seconds. Crucially, the speed at which material can be created and distributed, and the interactive nature of certain web services and social media platforms, means that the authors are able to interact with their audiences, and discuss current events or recent attacks, for example, in a manner that was not possible previously.?"
'Analytic rigour' is the much mentioned and often lauded saviour of views and analysis associated with risk, resilience, security and intelligence. But what does it look like?
That is, simply assuring 'analytic rigour' without evidence, structure or clear guidelines results in empty promises and hollow attestations.
In other words, wherever analytic rigour is stated, assured or referenced.... ask for the terms of reference or supporting framework.
"Effective?#riskmanagement?is fundamental to the business activities of the group. While we remain committed to increasing shareholder value by developing and growing our business within our board-determined?#risk?appetite, we are mindful of achieving this objective in line with the interests of all stakeholders.?"
"ISO 31000 contains much valuable information and it represents robust, high-level guidelines for the management of risk. However, there is no step-by-step checklist to implementation of the risk management initiative. The challenge for?#risk?professionals is to rearrange the guidance in ISO 31000 to align with their own approach
to implementing a risk management initiative. This guide provides an analysis of ISO 31000, a comparison with the ISO format for management system standards (Annex SL) and outlines a checklist for the implementation of a risk management initiative in Section 9.?"
Tony Ridley, MSc CSyP MSyI M.ISRM
Security, Risk, Resilience, Safety & Management Sciences
Bachelor of Commerce - BCom from Nizam College at Hyderabad Public School
2 年????
Managing Director at TechnologyCare
2 年Risk is passed on "off loaded" to service providers (subcontractors, agents, "experts" monitoring centres, investigators, guards, patrols, etc)?Reading through several articles on RISK (especially SECURITY RISK), how important would it be for the provider to comply with risk assessment themselves? How does non compliance of a subcontractor affect the Risk Profile of the principal provider?
I Use Security Risk Analysis to Streamline & Simplify the Process of Proactive Protection. I recently used intelligence gathering, CCTV camera review and data analysis to recover stolen items at Penn District, NYC.
2 年This is a scholastic presentation with invaluable information. Thanks for sharing.