Risk, Security, Safety and Resilience Newsletter - Week of 30 Apr 24
Risk, Security, Safety and Resilience Newsletter - Week of 30 Apr 24

Risk, Security, Safety and Resilience Newsletter - Week of 30 Apr 24

The following is a summary of articles on security, risk, safety, and resilience, as well as topics and issues, ending on 30 April 24.

Key themes for this week include:

  1. Risk: Perspectives, Small Risks & Maturity Levels
  2. Resilience: Maturity, intelligence & planning
  3. Security: Threats, Management & Intelligence
  4. Safety: Safety I, Safety II and Safety III
  5. Business Continuity: Awareness and application of the above & below 🤓

-------------------------------------------

Small Risks: "De minimis risk"

Read Full Presentation Here ---> https://buff.ly/3SYrzuT

"...risk is more than probabilities" (p.94)

"...the strength of the knowledge supporting the probabilities needs to be taken into account"

(p.95)

"The main motivation for applying the principle is that it can lead to effective resource use. Decision-making can focus on important issues and risks." (p.90)

"A de minimis risk should not be based on specific probabilities alone; risk is more than probability judgements."

“A key activity of risk management is to assess risk and implement measures to meet the risks.“

(93)

"Measures designed to reduce vulnerabilities and strengthen the resilience need to be considered, to meet the uncertainties. "

“To justify the de minimis principle, we need to control the ‘full risk’ and not only one aspect of the risk, a metric more or less reflecting the risk.”

"Individually, people commonly apply the de minimis principle on the basis of low probability and rather strong scientific evidence. Whether this evidence is sufficiently strong to rationally"

(p.95)

Aven, T., & Seif, A. (2022). On the foundation and use of the de minimis principle in a risk analysis context. Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, 236(1), 90-97.

Read Full Presentation Here ---> https://buff.ly/3SYrzuT

Small risks

Risk/Security Maturity Level(s)

Read Full Presentation Here ---> https://buff.ly/3SVsg8a

It's important to recognise that your self-declared, perceived, or 'standards-based' levels of security or risk 'maturity' are not guaranteed indicators of survival or adequate benchmarks against the myriad of threats, hazards, dangers, or risks that you, your organisation, systems, or personnel face on a 24/7 basis.

That is, any reasonable threat actor has already considered your defence(s) and will plan to circumvent these 'controls', many of which remain theoretical, aspirational or never proven to work collectively (especially if you are working to a mash-up of standards and technical references).

Notwithstanding, plans and preparations made in the absence of specific threats, hazards, dangers and qualified 'risks' are not really a plan; hence "no plan survives first contact with the enemy", because you failed to even consider or structure your readiness and defence in accordance with the adversary(ies) specific capabilities, history, intent or tactics, techniques and procedures (TTPs), which are constantly evolving at differing rates, technology augmented and digitally enhanced and free of most of the 'rules' governing defenders and 'good' or 'white hat' protectors.

Read Full Presentation Here ---> https://buff.ly/3SVsg8a


Risk and security levels

Safety I, Safety II & Safety III: Risk Science

Read Full Presentation Here ---> https://buff.ly/46Qn6Aa

"... #safety cannot be meaningfully defined, assessed and managed without taking into account #risk. When safety science research discusses risk, it is usually by reference to traditional probabilistic perspectives which are not in linewith contemporary risk science knowledge."

"A shift is needed from accurate risk estimation to improving the understanding of risk. There will always be qualitative aspects to report beyond quantification. Potential surprises may occur relative to the knowledge reflected by the risk assessments" "Acknowledging these limitations of risk assessment means giving weight to #resilience-based thinking and analysis, as risk control cannot be ensuredby risk assessments and their follow-up."

(p.9)

"...problems arise when analysing intractable and complex systems."

"If risk is expressed through probabilities alone, this link between safety and riskwould not apply. " (p.7)

" The focus is on preventing hazards and losses but also on learning from events, accidents, incidents and audits of how the system is performing. The system must be designed to allow humans to be flexible and resilient and to handle unexpected or surprising events" (p.2)

Aven, T. (2022). A risk science perspective on the discussion concerning Safety I, Safety II and Safety III. Reliability Engineering & System Safety, 217, 108077.

Read Full Presentation Here ---> https://buff.ly/46Qn6Aa

Safety I, Safety II and Safety III

Risk Perspectives

Read Full Presentation Here ---> https://buff.ly/4dPtWIo

“...the main component of #risk is uncertainty and not probability...To evaluate the seriousness of risk and conclude on risk treatment, we need to see beyond the expected values and the probabilities. “ (p.151)

“...there will always be uncertainties, and in a world where the speed of change is increasing, relevant historical data are scarce and will not be sufficient to obtain accurate predictions “ (p.153)

"Our historical data may include no extreme observations, but this does not preclude such observations from occurring in the future." (p.154)

- Aven, T. (2015). Risk Analysis, 2nd ed, Wiley

Read Full Presentation Here ---> https://buff.ly/4dPtWIo

Risk Perspectives

Safety I & Safety II

Read Full Presentation Here ---> https://buff.ly/3yMClxr

"#Safety: Freedom from unacceptable risk. #Risk. An estimate of the probability of a hazard-related incident or exposure occurring and the severity of harm or damage that could result. Acceptable Risk. That risk for which the probability of an incident or exposure occurring and the severity of harm or damage that may result are as low as reasonably practicable (ALARP) in the setting being considered. As Low As Reasonably Practicable (ALARP). That level of risk which can be further lowered only by an increase in resource expenditure that is disproportionate in relation to the resulting decrease in risk. Safety: Freedom from unaffordable harm. " - ANSI

Read Full Presentation Here ---> https://buff.ly/3yMClxr


Safety I and Safety II

-------------------------------------------

Tony Ridley, MSc CSyP FSyI SRMCP

Risk, Safety, Security, Resilience & Management Sciences

Risk Management Security Management Crisis Management

Risk, Security, Safety, Resilience & Management Sciences

Hammad Al Habib

Senior EHS & Security Manager at Richemont | Championing Innovative Safety & Security Solutions | AI & ML Enthusiast

4mo

I've always wondered if the lack of precedent and historical data would push the world to "minimize AI's risk." On the other hand, I can't help but put my faith in humanity's consistent survival instincts that kept us alive since the dawn of time. In the spirit of this thought-provoking edition, let's brainstorm some mitigations: 1. Could we develop robust scenario planning techniques that account for a wide range of potential AI outcomes instead of relying solely on historical data? 2. How can we leverage collective intelligence from diverse fields (e.g., ethics, sociology, computer science) to better understand and manage AI risks? 3. What if we created a global AI risk observatory to share insights and best practices across industries and nations? Finally, hats off to Ilya Sutskever for taking the alignment of superintelligences and AI safety tasks on his shoulders. If anyone can figure it out, my bet is on him.  Thanks, Tony Ridley, MSc CSyP FSyI SRMCP, for such a rich edition.

To view or add a comment, sign in

More articles by Tony Ridley, MSc CSyP FSyI SRMCP

Insights from the community

Others also viewed

Explore topics