practical skills and applied knowledge in Security, defense, and risk management


operational risk Management

How can you get started?

Operations can be interrupted by commercial events (such as failures of supply or income), political events (such as government regulation), crime, terrorism, insurgency, war, natural events (such as flooding), accidents (such as fire), personnel actions (such as labor strikes), organizational failures (such as inept management), or technical failures (such as a failed transport vehicle). Operations often offer compound risks that are easy to overlook. For instance, in unstable areas, we can expect increased rates of crimes and accidents. If we were to suffer an attack, we should expect negative returns such as casualties and compound effects such as more accident-prone, illness-prone, or nonperforming personnel. Accidents are associated with increased likelihood of illness, which in turn is associated with increased likelihood of accidents. Operations away from home tend to be more stressful. Employees who underperform or are incapacitated must be repatriated and replaced, but communications become less secure as the area becomes less stable.

In principal, assessing risks to operations is as simple as:

1. Identifying the sources of the risks - the hazards and threats, which may include the stakeholders or targets of the operations. Many threats, such as thieves, saboteurs, vandals, and corrupt officials, are easy enough to profile, but terrorists, kidnappers, blackmailers, and corrupt governments are more agile and need more specialized assessments, particularly in foreign cultures. 2. Assessing the likelihood of hazards being activated as threats,

3. Assessing the intents and capabilities of the threats, and 4. Identifying operational exposures and vulnerabilities to those intents and capabilities.

Having assessed the operational risks, how do we manage them? Inherently, operational security improves when

1. the sources of the risks (the hazard and threats) are removed,

2. our exposure and vulnerability decline, or

3. we control the negative returns from a potential threatening event.