https://andrewsheves.com/tags/risk-management/Recent content in Risk Management on Andrew ShevesHugoen-usFri, 13 Dec 2024 00:00:00 +0000https://andrewsheves.com/2024/12/13/getting-the-risk-assessment-to-work-for-us/Fri, 13 Dec 2024 00:00:00 +0000https://andrewsheves.com/2024/12/13/getting-the-risk-assessment-to-work-for-us/<p>I’ve had a lot of conversations about risk assessments recently and just finished a new feature in the Decis platform, both of which prompted this thought: What if we have things backwards? What if our risk assessment updated us instead of the other way around?</p> <p>We spend days — sometimes weeks — building a comprehensive risk assessment to understand our risks and build mitigation measures. But these are snapshots in time and can quickly become overtaken by events. That’s when we move from risk management to incident management or at minimum, we have to review our mitigation.</p>https://andrewsheves.com/2024/04/02/threats-are-accelerating-so-should-we/Tue, 02 Apr 2024 00:00:00 +0000https://andrewsheves.com/2024/04/02/threats-are-accelerating-so-should-we/<h1 id="we-are-moving-too-slowly">We are moving too slowly</h1> <p>The existential threat that businesses and many countries are facing currently is not from artificial intelligence, climate change, the danger of another financial meltdown or a conflict.</p> <p>The threat they need to address most urgently is an inability to move quickly and the events that we are facing far outpace our ability to understand, orientate, make decisions, and act.</p> <p>(Spoiler: it’s impossible to plan your way out of a problem. At some point, we have to take action.)</p>https://andrewsheves.com/2021/02/24/using-blockchain-to-validate-records-in-dcdr/Wed, 24 Feb 2021 00:00:00 +0000https://andrewsheves.com/2021/02/24/using-blockchain-to-validate-records-in-dcdr/<p>Security is a guiding principle for DCDR, and protecting user data has been baked in from the start. However, there’s more to data security than restricting access and managing user permissions. I’ve used the INFOSEC abbreviation CIA – <em>confidentiality, integrity, and availability</em> – as a guide to help determine the steps required to protect your data while also ensuring that the system does what it’s supposed to. Overall, the intent is to ensure:</p>https://andrewsheves.com/2020/10/25/november-is-risk-management-training-month/Sun, 25 Oct 2020 00:00:00 +0000https://andrewsheves.com/2020/10/25/november-is-risk-management-training-month/https://andrewsheves.com/2020/06/14/whats-a-black-swan-why-you-need-contingency-plans/Sun, 14 Jun 2020 00:00:00 +0000https://andrewsheves.com/2020/06/14/whats-a-black-swan-why-you-need-contingency-plans/<p>I’m sure you’ve heard people referring to COVID-19 as a ‘Black Swan’ – something that no-one could have seen coming – but is that actually the case?</p> <p>Terrible though it is, I don’t think it’s accurate to describe the current situation as a Black Swan because we’ve had to deal with highly contagious, deadly diseases before.</p> <p>Calling this a ‘Black Swan’ is, therefore, a way to excuse a confused response: <em>‘how could we have prepared for something that no-one could see coming?’</em></p>https://andrewsheves.com/2019/05/28/how-to-understand-an-organization/Tue, 28 May 2019 00:00:00 +0000https://andrewsheves.com/2019/05/28/how-to-understand-an-organization/<p>One of the things I’ve enjoyed most as a consultant is having the opportunity to learn about organizations from a wide variety of sectors. These have ranged from schools, NGOs and the private offices of high net-worth individuals to Fortune Five oil and gas companies and governments. On the one hand, I’ve discovered that there are considerable similarities in all organizations, no matter their sector or size. However, I’ve also become acutely aware that the things that make the most significant difference – good or bad – are often very subtle.</p>