Go Where there is No Path. But, I Can't, I'm Afraid of Snakes
A few months ago, my wife and I were shopping and came
across this saying on a night shirt, “Go where there is no path”. When I showed it to her, her reaction caught
me a little off guard. She said, “I can’t
I’m afraid of snakes”. And, of course, being the person I am, I immediately
translated that into a language I can understand – security-ish.
My first thought was, that explains why people don’t conduct risk
analysis or even more importantly why they don’t even start the process. They don’t tread into uncharted territory because
there are snakes hiding in all that tall grass, so they stay where they’re comfortable
– on the path. Doing what is comfortable
causes two problems.
First, as Defense
Secretary Don Rumsfeld, said, “We don’t know what we don’t know”, which
translates into, we’re only protecting ourselves against what we can see, expect
and believe is likely to occur. Since,
we don’t know what we don’t know, we’re not planning on dealing with its
affects either. This can be extremely more sinister because a lack of action could
result in someone getting seriously injured or worse.
Fortunately, there are methodologies out there that can get
rid of the snakes. I’m consulting on security matters with a
local school district. During our
initial meeting, the District Superintendent, said, “Okay, where do we start?
With an assessment to see where we are?”
Absolutely!
Risk management is about managing risks. In order to do that, you have to accept five
factors:
1) You can’t prevent or deter everything
2) Protection from one threat may allow for some protection
against another unrelated threat
3) Protection options must be in place before the event
occurs
4) Risk Management must address the following pillars;
detection, assessment, plans and procedures, response and engagement
5) Risk management and the assessment process is continual and
is just part of what we do.
For ways to tame the snakes, read related articles here:
No comments:
Post a Comment