SECURITY RISK MANAGEMENT AND AVOIDANCE. (1)
What is risk?
There are different definitions:
• An uncertain consequence of an event or an activity with regard to something that humans value
• The probability of an adverse future event multiplied by its magnitude
• The potential for damage or loss of an asset
• The likelihood that a specific vulnerability to the asset will be exploited by a particular threat
NB: Risk management is not the same as risk avoidance
• Risk avoidance = eliminating risks to maximum possible extent
• Risk management = dealing with risks while accepting they can never be fully eliminated
According to ROPER, risk management offers a rational and defensible method for making decisions in order to protect valued assets. It is the process of selecting and implementing security counter-measures to achieve an acceptable level of risk at an acceptable cost.
Countermeasures are an action taken or a physical entity used to reduce or eliminate one or more vulnerabilities
- ASSET: Any person, facility, material, information, or activity that has a positive value to its owner.
- THREAT: Any indication, circumstance, or event with the potential to cause loss or damage to an asset.
- VULUNERABILITY: Any weakness that can be exploited by an adversary to gain access to an asset.
Roper’s approach: The Rational System Approach
What is a system approach? A system approach is composed of parts and all parts are related (directly or indirectly). It receives input from, and sends output into, the wider environment and consists of processes that transform inputs into outputs
What is a rational approach?
• Systematic
• Balancing out
• Reasoned decisions
• Justification
• Rationality = ordering preferences in a consistent manner
Roper’s 5-steps for the risk management process
NB: Risk management is not the same as risk assessment
• Risk assessment = The process of evaluating the threats/ vulnerabilities to an asset so as to give an expert opinion on the probability of loss/ damage and its impact as a guide to taking action
• Risk management = The process of selecting and implementing security countermeasures to achieve an acceptable level of risk at an acceptable cost
Difference between safety and security management:
• Safety management = fighting error
• Security management = fighting evil threats
Three worlds of safety and security
- International security
- Public safety
- Industrial safety
Adversaries includes;- Bad’ intentions
- Purposive threats
- Geo-politics
- Civilizations and spheres of influence
- Rational analysis of ‘weak spots’
- Social change
- Visions of the ‘good life’
- Cultural differences
- Morality and emotionality
- Living and surviving
- Unwanted conflicts
- Politicization and medialization
- Complicated processes and reactions
- Individual skills and impossibilities
- Economic calculus
- Knowledge and ignorance
- Routinization versus organizational change
- Cultures of safety
Focal actor: “The enemy” “The citizen" “The organization man”
PHOTOCREDIT; https://www.google.com/search?q=images+of+risk+management&client=firefox-b-ab&tbm=isch&source=iu&ictx=1&fir=tHq0X-DaIbfASM%253A%252CssXdfADgwcKvmM%252C_&usg=__L__OPW1hVCQ8pQE-WhPCdB7lWG4%3D&sa=X&ved=0ahUKEwjvrMjw9pfcAhWFSsAKHSiBATMQ9QEIPTAL&biw=1366&bih=654#imgdii=vOi4QgUCmL-YFM:&imgrc=NvS8yoNBc317AM:
RESEARCH SOURCE: Roper's analysis on risk management
Thanks for reading.
UPVOTE!
RESTEEM!
COMMENT!
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by favour Sampson from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.
Congratulations @wakkyblogger! You received a personal award!
Happy Birthday! - You are on the Steem blockchain for 1 year!
Click here to view your Board
Congratulations @wakkyblogger! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!