Threat and #risk assessment(s) that require the consideration of malevolent human adversaries, bad actors, human threats, criminals and 'bad guys' necessitates far more than basic probability and impact calculations. Because human adversaries remain motivated, agile, adroit and adapt to protection and defensive practices. In other words, they deliberately seek to circumvent plans, artefacts, resources and countermeasures. Therefore, multivariate, complimentary and longitudinal considerations are required. "Some approaches can be used to directly analyse and measure risk (these form the ‘basis of the analysis’ in Figure https://buff.ly/3LSEtWP). Other approaches, under certain circumstances (context-specific), can provide approximates of analysis and measurement of risk. Other approaches are best used to inform the analytical methodology. " - HB 167:2006 Security Risk Management, Standards Australia, p.166-167 Therefore, strengths, weaknesses and limitations of various methods need to made in advance and compared with alternate or updated approaches. Especially when distilling 'threat' or 'risk' to algorithmic formulas or numerical scale(s). What does your comparitive analysis look like? Has it aged well? Is it based on flawed or layperson assumptions, dressed as authoritative analysis? Moreover, does everyone involved in the process understand options, alternatives and choices within the assessment and resulting judgements made with incomplete information and varying degrees of uncertainty? #security #securityriskmanagement #securitymanagement #securityrisks #enterprisesecurity #cybersecurity #physicalsecurity #informationsecurity #digitalsecurity #securityoperations #enterprisesecurityriskmanagement #securityassessment #intelligence #threatlintelligence #risk #riskmanagement #risk #risks #enterpriserisk #enterprisesecurityriskmanagement #intelligence #threatlintelligence #riskmanagement #riskanalysis #riskassessment #riskmanagementframework #operationalriskmanagement #projectriskmanagement #projectrisk #operationalresilience #resilience #operationalrisk #riskintelligence #governance #crisis #crisismanagement #complexity #chaos #crisisleadership #crisisplan #crisismanagementplan #stress #governance #decisionmaking #riskmanagement #riskinformed #securitymanagement #securityriskmanagement #resilience #humanfactors #emergency #disaster #emergencyresponse #safety #safetyfirst #safetymanagement #safetyassessment #safetyrisks #safetyculture #safetyanalysis #personalsafety #workplacesafety #healthandsafety #hazard #danger #peril #threat #PPE #protectivesafety #workplacesafety #travelsecurity #travelsafety #travel #businesstravel #tourism #travelrisks #travelriskmanagement
