Posts

This post originally appeared on Quora in answer to the question “How does risk management fit in security risk management profession?” Link How does risk management fit in security risk management profession? Ideally, a security manager will use a risk management foundation for their security management system. This will help integrate security risks into the organization’s understanding of its overall risk environment. This focus also ensures that the security program is focussed on protecting the organization’s objectives which aligns with the ISO definition of risk: ...

Summer’s here* which means it’s time for a change of pace and a chance to try something different for a couple of months. So instead of the normal longer-form pieces or interviews, I am going to stick to nice, short pieces for the next month or two. Perfect, bite-sized risk nibbles to keep your risk synapses firing during these long, hot days. To start with, these will be re-posts of answers to questions posed on Quora which I have been trying to do more regularly. I’m really enjoying Quora for two reasons. Firstly, I don’t need to think about a subject (which I often find is the hardest part of writing). It’s right there, waiting for me. Secondly, it’s great practice in condensing and summarizing something that might otherwise become a 1,500-2,000 word essay. ...

(This post was updated on Nov 7, 2018 to reflect the discontinuation of the free SOLO plan.) Launch day! For about 15 months now, I have been working on a project to build a better piece of risk management software. This is something I have been thinking about since 2002 and I think now, more than ever, we need – and deserve – a better piece of software for risk management. Why? ...

OK, I confess that this took me a little longer than I had hoped but I finally updated the risk management maturity tool to reflect the 2018 ISO 31000 risk management standard. The new tool is available here and you can read my review of the standard here. So if you were wondering how mature your risk management system was, wonder no longer! The assessment only takes a few minutes and you get a nifty report like this emailed to you right away. ...

Yawn! Aside from GDPR-inspired emails with news of updated terms and conditions , this will be the most boring thing you will read all week…. *However, it might be one of the more important if you are a risk manager because one of the core risk management references has just been updated and there are a few changes to be aware of. * I had to review these documents to ensure that my material was up to date so I thought I should keep some notes as I want to save you from having to go through the same ‘compare and contrast’ exercise. Plus, I love standards. : ) ...

Risks don’t just arise from operational incidents. Often the conduct of the organization and its senior leaders result in a type of risk that is very different but just as threatening as a large, physical event. In this conversation with Nick Smart we explore the intersection of risk, ethics and governance. Nick is an independent strategic risk advisor and was the chief ethics and compliance officer (CECO) for a global energy services company, before which he designed and built the security risk management function for the same company in his capacity as chief security officer (CSO). ...

I have been thinking about effective crisis management a lot recently and am working on a more in-depth piece on managing a crisis which I hope to publish soon. However, crises don’t wait until we are properly prepared before they strike so I put together this quick set of suggestions as a stop-gap. Normally, I wouldn’t make a top-10 list but sometimes it’s the easiest way to share ideas. So here goes and I hope you find these suggestions useful. ...

KISS – keep it simple stupid – was drilled into us in the military and it’s hard to unlearn some things. I still make my bed each morning – even in hotels – and always tuck in my shirt. However, KISS is more than a tired old army saying. The more I look around and think about it, the more keeping things simple seems to be the key to success. Importantly, the more complex and consequential something is, the more important it is to keep things simple. ...

The WDYMB…Crisis? article explained what a crisis is and how these can arise. One of the most important points stressed is that crises are often avoidable and in many cases, survivable. Ultimately, this might come down to good luck and obviously the skills and abilities of the team responding play a big part. However, the chances of surviving a major event are significantly increased if the organization has prepared in advance. As far as a crisis is concerned, one of the key elements of this preparation is a crisis management plan (CMP). This article will explain what a CMP is, what it should contain and how you can develop one for your organization. ...

I have known Andy Cuerelfor a number of years and have always appreciated his in-depth yet practical approach to business continuity management. So when it was time to have someone provide a high-level overview of BCM for Riskademy, Andy was an obvious choice. I hope our conversation helps clarify the relationship, and differences, between crisis management and business continuity management and gives you a good overview of BCM. (If you missed the last few posts, you can read more about crisis management here.) ...