¶ … crisis, risk, and security all play a role and are linked within an organizational context. It is also important to examine the role gaming and simulation play within this phenomena. In the past, risk was established as an idea that generated academic interest not just in social sciences but in pure sciences. It also has become subject to overzealous social and political controversy. Risk management has then become the main source of debate as well as theory development (Borodzicz, 2005) As risk can appear within anything from public safety, to transportation, and health, businesses must learn an effective way to manage it. Security management however, has less developed theories and debates but still plays a vital role is lessening risk and increase proper risk management. It is then crucial to understand how both play roles in the stability and safety of any organization.
In John Adam's Risk at the beginning of Chapter 1, he discusses the development of a person's expertise as it concerns coping with the unknown. "The development of our expertise in coping with uncertainty begins in infancy. The trial and error processes by which we first learn to crawl, and then walk and talk, involve decision-making in the face of uncertainty" (Adams, 1995). The origins of calculating and preventing risk thus starts in a person's earliest stages of life. It here Adams notes, one learns to assess and predict. Through this beginning stage, one can derive the seeds to start understanding what it takes to lessen risk and most importantly, manage it.
He also suggests on the same page, there is a sort of balancing act that happens during childhood that is carried on into adulthood. "In our development to maturity we progressively refine our risk-taking skills; we learn how to handle sharp things and hot things, how to ride a bicycle and cross the street, how to comminicate our needs and wants, how to read the mood of others" (Adams, 1995). As this refinement continues so it can run parallel to a business/organization. Within its formative stage, a business has just begun understanding risk and so forth. As the company grows and the employees within it gain experience, so does the efficacy of risk management rise. It is then more likely such risk management becomes more possible in implementation then initially.
Because risk management is then so imperative in maintaining the continuity of a business, it is important to understand how to perform such actions. In a book by Labib, the writer discusses bad management in India and the perils of forgoing a risk management strategy. "the Indian Government, although keen to attract foreign investment, needed to factor in basic safety requirements for its citizens. During future MNC projects, designs of installations need to be peer reviewed and more stringent environmental, health, and safety measures adopted" (Labib, 2014, p. 60). Not only did the company lack in basic safety requirements, increasing risk greatly, it also failed to assess any additional safety measures. Needless to say the business experienced several issues due to its negligence.
Another thing that was mission was segregation of dangerous processes. "Governements also need to be aware of the requirement for segregation of hazardous operations from other industrial facilities and from adjacent populations" (Labib, 2014, p. 60). This means any accidents that might occur are adjacent to other facilities posing a risk to more workers then if they were in separate locations. Errors like these become costly in the event of an accident.
Lack of training in respect to security managers also increase risk. "This also requires security managers to demonstrate generic business...
This also means that security specialists should be represented on the board and in some organizations..." (Button, 2008, 207). These risks, coupled with low amount of safety overall means danger not just for the business but also its employees. Essentially this company based in India, failed to do anything to minimize risk. Instead they've increased risk that could lead to major problems. These problems could include employee deaths, even lawsuits.
In order to circumvent such dangers an approach must be adopted. Such approach is business continuity management or BCM. "...business continuity management (BCM) has emerged in many industries as a systematic process to counter the effects of crises and interruptions, although its potential to play a more strategic role is still largely under-explored" (Herbane, Elliott & Swartz, 2004, p. 435). BCM plays a significant role or can play a significant role in gaining or preserving a competitive edge/advantage. Some of the essential components of BCM is operational continuity and value preservation, which is central to business strategy dynamic. BCM as mentioned in the article, can serve as a means of implementing a mission-critical method. The focus then becomes on delivering clear objectives and structure.
Although there is less research on BCM than overall risk management, it is still an important method to consider as it delivers sound structure for a business. Furthermore, it is a means to lower risk and therefore improve safety in organizations. The need to decrease is paramount and risk management can benefit greatly from implementation of BCM.
Another article discusses risk management as an exercise in caution "directing the company activities towards conservative activities and proposing procedures that can be viewed by some employees as highly inconventient and unnecessary- they have done it in a particular way for year..."(Devargas, 1999, p. 35). It also talks about responsibility and the denial of people in taking such responsibility for a pre-existing management system. Everyone wants to create a business continuty plan, yet no one actually does anything towards fulfilling that objective. However, there are ways to persuade managers for example, to perform tasks they do not want to. Additionally, decreasing risks and lowering insurance premiums is a means of persuasion.
Sometimes one has to persuade managers and employees within a business to do something and do something well. This can take place in the form of rewards like bonuses or work parties. Either way, it is important to get staff willing to work with and take responsibility as it relates to risk management. There must be some accountability on the company's part as well as the employee to avoid pitfalls.
Further background information on BCM reveals additional noteworthy details. The evolution of BCM has occurred ever since the 1970s. It was primarily in response to operational and technical risks that could possibly threaten an organizations recovery from interruptions and hazards. As Herbane suggests, events have a way of dictating risk management. "From the resulting historical review, three distinct phases of management practice and four phases in the development of drivers are identified, revealing the influence of events over governance, the internationalisation of influence, and organisational resilience as a meta-institution. " (Herbane, 2010, p.978). It makes sense since people only do something when bad things happen. Going back to the India-based company, they continued to neglect the safety of their employees. It woud only be when a big accident happens will they adopt measures to lower risk and improve safety.
History has proven time and time again companies fail to decrease risk or handle properly risk management until after a big disaster occurs. A good example is BP and the oil spill that affected thousands of wildlife and hundereds of businesses along the coast. After such a disaster struck were they able to create better structures and assessments to avoid these kinds of disasters. To avoid disasters like these from happening altogether, there must be effective execution of business related processes.
The continuous and efficient execution of business related processes is important in being able to meet organization objectives. As an article on business process modeling states, "Business process modeling and simulation are used to enable desired business process optimizations. However, current approaches mainly focus on economic aspects while security aspects are dealt with in separate initiatives" (Tjoa et al., 2011, p.153). This means any missing interconnection could lead to major variances in augmentation suggestions like security investments and differing valuation. Business process simulation could then provide enough capabilities to pave the way for assessment of security investments during process design stage through allowance of deliberation over stochastic influences of the risk level of possible threats on process resources and acitivites.
Another article explains the various phases of business continuity. "The key BCM tasks have been categorized into three phases of business continuity -- Pre-event Preparation, Event Management, and Post-event Continuity" (Tammineedi, 2010, p. 36). These three phases not only offer a means of implementation and strategy, it also allows for planning on the part of management. Just like any big objective, preparation can help employees become familiar with what neds to be done and help transition in to the second phase, event management. Event management is crucial in securing stability within the organization as it pertains to ris management and business continunity. Afterwards, keeping that continuity through…
Security Management The role of a security manager varies widely according to the particular organization and its needs, but despite this variety, there remain certain best practices and policies that can help maintain security and stability. This is nowhere more true than in the case of organizational loss, because while loss can mean widely different things depending on the field, the underlying theoretical concepts which inform attempts to minimize loss are
Crisis Management and Public Relations Strategies Individual Portfolio: Case Studies on Louis Vuitton, Miley Cyrus and PETA Louis Vuitton (Fashion Brand) The primary source of Louis Vuitton's success was the emergence of consumers with a desire in luxury, especially in emerging markets. However, the firm has made some decisions, which has seen consumers provide negative feedback. For instance, the company has introduced bags, which have logos. The logos have become the brands most visible
Phishing Spear Phishing and Pharming The following is intended to provide a very brief overview of examples of some the most dangerous and pervasive security risks in the online and networked world. One of the most insidious of identity theft is known as phishing. The term 'phishing' refers to the practice of "fishing for information." This term was originally used to describe "phishing" for credit card numbers and other sensitive information
Chief Information Security Officer-Level Risk Assessment The objective of this work in writing is to examine Chief Information Security Officer-Level Risk Assessment. Specifically, the scenario in this study is securing information for the local Emergency Management Agency in an Alabama County. The Director of Emergency Management in this County has tasked the Chief Information Security Officer with setting out a plan for information security of the Department's networking and computing systems. Information
Security Management 1. Some operational contingencies are considered core because the operation could not function without it. A core operational contingency is one that must remain functioning. This is important for contingency planning, so that when you plan for the more common risks that the operation faces, you ensure that the core ones are taken care of, and will continue to run. If you run an e-commerce site, for example, you
Crisis Management Crisis management refers to the process of comprehensive risk assessment and strategic planning. A Community Emergency Response Team (CERT) provides proactive strategies for mitigating risk and managing crises through effective mobilization of human, financial, and technological resources, coordination of different support agencies and allies, and the implementation of recovery and response missions. There is no one central crisis management protocol, for each organization or community will have its own specific