Fixing Security Risk Management: focus on the threat actor

Government and private industry place enormous emphasis on the concept of Risk Management and Security Risk Management. In an article published in Security Solutions Magazine in November 2016, it was identified how dangerous and ineffective this concept actually is. It was shown that in areas where the concepts of Risk Management and Security Risk Management were implemented, crime rates actually increased. Such a … [Read more...]

4 Steps To Integrate Risk Management Into Strategic Planning

Let me first start by saying integrating risk management into strategic planning is NOT doing a startegic risk assessment or even having a risk conversation at the strategy setting meeting, it is so much more. You will also find it difficult to relate if the objectives have not been defined or documented in your company or if the objectives are not measurable.  Kevin W Knight, during his first visit to Russia a few … [Read more...]

Risk Management After the Atrocity

For this issue, I was asked to write about risk management as it would apply in the aftermath of a terrorist attack. It is an interesting subject because if risk management strategies had been effective then arguably, the atrocity would not have occurred. However, disturbing surprises and risk management failures do happen. I want to look at risk management from the point of view of both sides - those on the receiving end … [Read more...]

Building Risk Culture Is Easier Than Making Hot Dogs

Yes, building risk culture is that easy! Before I explain, let me first clear some misconceptions about risk culture that have been floating around in the non-financial companies. Making decisions under uncertainty is not natural for humans Back in the 1970s, scientists had a breakthrough in understanding how the human brain works, what influences people’s decisions, how cognitive biases impact on their perception … [Read more...]

Crime Statistics And Risk Management

When I started my research in the late 1980s, I quickly came to the view that risk management is a simple idea that is implemented easily in most routine circumstances. However, there are some situations when there are many complicating factors that can result in poor decisions and risk management failure. The authors of standards like AS/NZS 4360, ISO 31000 and ANSI/ASIS/RIMS RA.1-2015 cannot provide a standard risk … [Read more...]

Top 10 Tips For Building The Most Ineffective Security Risk Management Systems In The World

By Julian Talbot. After more than 25 years working in security risk management on four continents, I believe I can safely say that I know every trick in the book – except the one they are using right now! Years of working in interesting parts of the world, such as Asia, Africa and parts of Australia that most people never see, has given me some insights into the minds of the people who seek to breach our security … [Read more...]

Cultural Sensitivity And Awareness As A Part Of Risk Management

By Paul Mitchell. History is full of examples where the wellbeing of companies, and those that represent them, have fallen prey to inadvertent or willful lack of cultural sensitivity that has resulted in both financial and personal disaster. Probably the most catastrophic example of corporate loss as a result of cultural insensitivity was that of the East India Company in 1857. Formed 150 years beforehand, to trade … [Read more...]

Is A Holistic View Of Security Needed To See Risks?

By John Kendal. Recent breaches at major telecommunication, financial and news organisations in Australia continue to occur despite investments in security measures because organisations lack a holistic view of security systems. Many organisations lack a real understanding of their security situation because they use a variety of security-point solutions that aren’t linked or cross referenced. This leads to a fragmented … [Read more...]