One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 3047619 |
| Date de publication | 2021-07-11 09:37:45 (vue: 2021-07-10 22:05:23) |
| Titre | Managing certainty |
| Texte |  'Reducing uncertainty' is the prime focus of information risk management today. We do our level best to identify, characterise, quantify, evaluate and where possible reduce the probabilities and/or adverse consequences of various possible events. Uncertainty is an inherent part of the problems we typically face. We don't know exactly what might happen, nor how or when, and we aren't entirely sure about the consequences. We worry about factors both within and without our control, and about dependencies and complex interactions that frustrate our efforts to predict and control our fortunes. We adopt fallback and recovery arrangements, and apply contingency thinking with the intention of being better prepared and resourced for unanticipated situations ahead. A random comment on LinkeDin set me thinking about the converse: 'reducing uncertainty' is the flip side of 'increasing certainty', in other words information risk management is equally about increasing certainty of beneficial, valuable outcomes such as not suffering the adverse consequences of incidents as often and/or as severely. It's also about increasing certainty in general, which is why we put so much effort into gathering and assessing information, monitoring and measuring things, implementing mitigating 'information security controls' that give us some semblance of control over the risks.Assurance is a big part of reducing uncertainty. We check and test things, review stuff and conduct audits to increase both our knowledge of, and our confidence in, the arrangements. We seek to identify and tease out potential issues that need to be addressed in order to avoid nasty surprises. Resilience is another chunk. Building the strength and capability to respond effectively and efficiently to whatever might happen, maintaining critical activities throughout, is a powerful approach that extends from individuals through families, teams and departments, to organisations, industries and society at large.Thanks to those uncertainties, we are inevitably building on shaky foundations. Our information risk management practices and information security controls are imperfect ... but at the same time they earn their keep by generating more value than they cost, for example by:Providing credible information about various situations, allowing us to make rational decisions, prioritise and plan things, allocate appropriate resources etc.;Reducing or constraining the problem space where possible, increasing our ability to focus on The Stuff That Really Matters;Allowing us to consider and deal with potential incidents in advance, knowing that we will struggle to do so during some future crisis. Along with |
| Envoyé | Oui |
| Condensat | a uncertainty along i resilience ;reducing ability about activities added addressed adopt advance adverse ahead all allocate allowing also amount and/or and/or adverse another appear apply approach appropriate are aren arguing arrangements aspect assessing assurance audits avoid being beneficial best better big both building business but by:providing capability carrot certainty characterise check chunk clearly comment complex conduct confidence consequences consider constraining context contingency contrast control controls converse: cost credible crisis critical deal decisions departments dependencies don during earn edge effectively efficiently effort efforts emphasis enhancing entirely equally etc evaluate even events exactly example experience extends face factors fallback families flip focus fortunes foundations from frustrate future gathering general generating give happen how identify imperfect implementing incidents inclined increase increasing individuals industries inevitably information inherent intention interactions invest issues keep know knowing knowledge large less level like linkedin loss maintaining make management managers managing mantra matters;allowing measuring might mitigating monitoring more much nasty need negative negatives new nor not of often order organisation organisations other out outcomes over part perception plan please positioned positive positives possible potential powerful practices predict prepared prime prioritise probabilities problem problems put putting quantify random rather rational really recovery reduce reducing resilience resourced resources respond review risk risks same security seek semblance set severely shaky should side situations society some space stick strength struggle stuff such suffering sure surprises talking teams tease test than thanks thing things thinking those though through throughout time today typically unanticipated uncertainties uncertainty valuable value various warning what whatever when where which why will willingly within without words worry |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.