Security, Risk, Safety and Resilience Newsletter - Week of 3 Mar 22
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
The following is a summary of security, risk, safety and resilience articles, topics and issues ending the week of 3 Mar 22.
Key themes for this week include:
-------------------------------------------------
Long before the management and mitigation of risk begins, how any one person, group or community perceives risk remains an essential yet routinely glossed over aspect of risk management and resilience practices.?
That is:
What you think, see or believe to be a 'risk' determines your focus, interest and evaluation of that issue and all related factors
Moreover, these perceptions are influenced and created through varying lenses.?
For example, you may observe directly a hazard, danger, threat, peril or 'risk'.?
Not surprisingly, this personal perception is highly variable between people, cultures, time and experience levels.
"The public health?#risks?associated with emergencies and disasters stem from the interaction of biological, technological, societal and/or natural hazards, with communities. When risks related to emergencies and disasters are not effectively managed, they may result in significant short- and long-term consequences at the individual, community, city, national and global levels.?"
The single most persistent truism across security, risk, resilience and management practices is that most practices remain unsubstantiated beliefs and habits of an accepted cohort as opposed to objective, substantiated findings of applied research and knowledge.?
The most expedient means upon which to demonstrate this reality is to ask for source material, references or citations in any one or more security, risk, resilience or management doctrine, practice or applied process.?
While day-to-day business and life is not one big academic exercise requiring countless qualitative references and citations, life-saving or protective and risky practices demand a different standard of rigour and accountability.?
It is simply not enough to?do, because everyone else is or there is no objection to one's methods
"Unit Objectives: 1) Explain what constitutes a vulnerability. 2) Identify vulnerabilities using the Building Vulnerability Assessment Checklist. 3) Understand that an identified vulnerability may indicate that an asset: a) is vulnerable to more than one threat or hazard; b) and that mitigation measures may reduce vulnerability to one or more threats or hazards. 4) Provide a numerical rating for the vulnerability and justify the basis for the rating"
Security risk management is implemented through a series of negotiated trade-offs and prioritisation's, modelled around foreseeable adversarial threats and specified protective measures.?
Agreed security countermeasures and treatments are based on models of operational security derived from a balanced equation.?
In other words, security is the outcome of many opinions, choices and prioritization resulting in an agree balance of priorities and supporting protection.?
The critical problem with security choices and alternate models is that they are rarely visualised and compared with alternates.
"The purpose of the?#riskassessment?portion of the emergency plan is to conduct a facility – based and community-based?#risk?assessment utilizing an all hazards approach including addressing scenarios involving missing residents. An all hazards risk assessment is to assist facilities in identifying the greatest threats and vulnerabilities within the facility and the community. It focuses on developing the capabilities and capacities that support and promote preparedness for a large spectrum of emergencies. Facilities are encouraged to utilize community based risk assessments developed by their state or other entities, bust must maintain a copy of the risk assessment and align the emergency preparedness plan with the risk assessment findings.?"
Not only is the word?security?distinctly different around the world, but so too is the culture which enables, shapes and supports protective and preventative 'security' initiatives.?
The following article offers a global fly around of security risk management in varied contexts within different public environments.?
Firstly, unpacking online search results, demonstrated not only is security definitions and terms highly varied but it also modified by context.?
领英推荐
Above all else,?security?remains very personal, according to ideology, experience, culture, gender, age and community influences such as insecurity, unsafe, representation and cognitive threat/risk awareness.
"The intention of the (All Hazards Risk Assessment - AHRA) process is therefore to produce a whole-of-government?#risk?picture to support EM planning across federal government institutions and to ensure that interdependencies are recorded and managed. The risk picture provides an enhanced planning baseline for federal government institutions to support the development of EM plans, as outlined in the Guide, and future capacity and investment decisions in areas where attention may be required. As well, the methodology can be used by federal institutions to perform their own risk assessment and ensure integration and alignment with the whole-of-government process. Finally, this initiative provides a venue for the creation of a federal AHRA community of practice, and a forum for sharing risk information, tools and methodologies.?"
Security risk management is not only the science of risk identification, calculation and protection but also the consideration of adaptive, intelligent and purposeful individuals/groups seeking to circumvent controls and impose loss, harm or damage on assets.?
In other words, bad actors, criminals, terrorists and an array of adversaries.?
Without adequate and detailed consideration of adversaries, security and all acts, artefacts and expenditure in the name of 'security' are blunt instruments applied to everyone at all times. That is?not contemporary security risk management nor security as a science.?
Therefore, it is not only essential to study, anticipate and protect against specific and broad adversaries, it is also essential to analyse these adversarial actors, associations and capabilities in depth.
"Recognizing hazards is critical to beginning the?#riskmanagement?process. Sometimes, one should look past the immediate condition and project the progression of the condition. This ability to project the condition into the future comes from experience, training, and observation.?"
Business continuity, security and risk management do not operate in a vacuum.?
That is, each aspect of business continuity and security risk management, regardless of technology and automation, operate across complex human endeavours, relationships, culture and interactions.?
The resulting cultural web for business continuity creates the paradigm for individuals, organisations and organisations, which in turn is inherently unique.?
Business continuity, security and risk management practitioners should take heed and caution to map and understand these informal structures and relationships as they remain essential elements for activation of strategy, results and resilience.
"In situations where immediate danger exists to human life or property, an agency may operate temporarily on any regularly assigned frequency in a manner other than that specified in the terms of an existing assignment. Emergency operations under such situations should continue only as long as necessary to ensure that the danger to human life or property no longer exists. Emergency operations under these circumstances shall be reevaluated on a regular basis until such time as normal/routine operations can be reestablished."
Consideration of human threats, adversaries and bad actors requires not only formulation of indicative behaviours but also foreseeable exploitation and tactics applied against assets/s.?
That is,?what?will any one person or group?do?in order to get into, around and out of a physical or cyber environment.?
Despite significant limitations in the approach, such as depicting adversaries as 'like' to that of protectors or defensive security actors, valuable thought processes and primers present for practitioners at all levels of security risk management. Notwithstanding the dominant military and masculine themes throughout some of these concepts.?
Find, Fix, Track, Target, Engage and Access (F2T2EA)
"Artificial intelligence (AI) applications are ubiquitous in business and our personal lives. From asking your smartphone for the weather forecast to determining the credit worthiness of a customer, AI creates efficiencies in our personal lives but may pose complexity and risk for our internal audit profession. Often its presence is so subtle that many of us do not even realize the impact of AI on the workplace of our clients and, by extension, our audits. While many internal auditors are competent in information technology (IT) governance,?#risk, and controls (GRC), it would be dangerous to overlay IT audit concepts and techniques onto AI applications absent an appreciation of AI and its unique characteristics. The purpose of this report is to begin by explaining two such characteristics.?"
Tony Ridley, MSc CSyP MSyl M.ISRM
Security, Risk, Resilience, Safety and Management Sciences
Bachelor of Commerce - BCom from Nizam College at Hyderabad Public School
3 年??