Having just concluded our first quarter Clinic series on Risk Management, some very interesting things emerged. Though we are still putting the finishing touches on our Summary of Findings, I thought I would take a moment to share one of the more interesting insights.
As practitioners, we all know that culture and the other facets of our lives that comprise our worldview have an impact on how we perceive and respond to risk. What was interesting to note from our Clinic series was how detailed the manifestations of this impact were.
Naturally, the attendees in the southeast (both Houston and Orlando) were particularly concerned about hurricanes, while those attendees in the pacific northwest (Portland and Seattle) were more focused on volcanoes and earthquakes. It is the personal experiences that each attendee brought to bear on the brainstorming that really shows the most interesting findings.
Let me cite a couple of specifics:
- When talking with a group of security managers from the energy industry (specifically, the utility side), there was obvious overwhelming concern for natural disasters. But what was interesting was that old fashioned system failures beat it out as a primary concern. When queried, the group responded that aging infrastructure was an issue for two reasons: the age of their industry and respective companies, and the pressure on profits in this heavily regulated sector. The latter contributed to a “if it ain’t broke, dont fix it” mentality in management that left these people concerned about the stability of the infrastructure that was already deployed. It became not an if but when question.
- Vandalism and theft ranked higher in the pacific northwest than other regions. Civil unrest was mentioned specifically, and was rooted in the experience that some shared about service disruptions during the protests surrounding the 1999 World Trade Organization conference . Theft of copper cabling also was cited as an issue with regards to network and power availablility. When asked for details, attendees pointed to the large volume of methamphetamine abuse in the area and the fact that the thefts were motivated by monetary gain from selling the stolen copper for scrap to feed addictions. For these managers, physical security of their infrastructure was a very important facet of thir risk planning activities, something many information security oriented people tend to downplay, offload, or outright dismiss.
I hope that the findings we publish will help broaden all of our horizons and introduce some fresh vantage points when it comes to identifying and managing risk. Through the collected experiences of our community, we have seen and heard things that most of us have not had to deal with before. It has been eye opening for those of us involved in the research and I hope that you find it equally enlightening.
No related articles.
