Digital Paladin

Improving lives through technology!

Digital Maturity Framework – Risk

“You have power over your mind – not outside events, realise this, and you will find strength”

Source: The Meditations of Marcus Aurelius.

Following on from our recent post on digital maturity and strategy alignment, we turn to Risk which is another key aspect of the Digital Paladin Maturity Model.

The following four books are all excellent resources on the subject of risk:

  • Peter Bernstein’s “Against the Gods: The Remarkable Story of Risk” provides a fascinating history of how our understanding of risk has evolved over time.
  • Nassim Talib’s “The Black Swan” takes an insightful look at why we fail to sufficiently consider long tail risks.  His book was remarkably prescient being published just prior to the 2008 global financial crisis. In a recent interview with Tim Ferriss and Scott Patterson, Nassim explains the importance of considering fat tails when assessing risk.
  • Stanley McCrystal’s “Risk, A User’s Guide” provides a practical guide to managing risk in organisations.  He advocates responding to risks by building a stronger risk immune system and managing ten factors which are typically within the control of most organisations.  The risk immune system responds to threats by following the Risk Management Cycle: Detect -> Assess -> Respond -> Learn.
  • In Chapter 5 of “The Design of Everyday Things“, Don Norman examines “human error” and why risk mitigation strategies need to do more than simply relying on humans not to make mistakes.

In the context of digital maturity, start by thinking about the consequences of digital and ICT risks which typically fall into the following categories for most organisations:

  • Confidentiality
  • Integrity
  • Availability
  • Safety
  • Financial
  • Brand/Reputation

Once the consequences have been considered, identify and catalogue the types of vectors and events that could trigger one or more of these consequences. Then use this in conjunction with the risk management cycle to drive prioritisation and action. The following example illustrates how this approach could be applied to analysing cyber security risks:

digitalpaladin1

, ,

Back to On the Grapevine