Risk assessment and relationship management: practical approach to supply chain risk management

The literature suggests the need for incorporating the risk construct into the measurement of organisational performance, although few examples are available as to how this might be undertaken in relation to supply chains. A conceptual framework for the development of performance and risk management within the supply chain is evolved from the literature and empirical evidence. The twin levels of dyadic performance/risk management and the management of a portfolio of performance/risks is addressed, employing Agency Theory to guide the analysis. The empirical evidence relates to the downstream management of dealerships by a large multinational organisation. Propositions are derived from the analysis relating to the issues and mechanisms that may be employed to effectively manage a portfolio of supply chain performance and risks

A Question of Evidence: A Critique of Risk Assessment Models Used in the Justice System

This report explores the problems with the present state of risk assessment in the justice field as we at NCCD see them. The critique offered here is the result of many conversations with others in the justice community as well as a review of predictive research conducted in other fields. We recognize that much of what is presented is contrary to current understanding and acceptance, but we hope that it clarifies what evidence is required for the designation of best practice

Web Service Trust: Towards A Dynamic Assessment Framework

Trust in software services is a key prerequisite for the success and wide adoption of services-oriented computing (SOC) in an open Internet world. However, trust is poorly assessed by existing methods and technologies, especially in dynamically composed and deployed SOC systems. In this paper, we discuss current methods for assessing trust in service-oriented computing and identify gaps of current platforms, in particular with regards to runtime trust assessment. To address these gaps, we propose a model of runtime trust assessment of software services and introduce a framework for realizing the model. A key characteristic of our approach is the support that it offers for customizable assessment of trust based on evidence collected during the operation of software services and its ability to combine this evidence with subjective assessments coming from service clients

Cyber insurance of information systems: Security and privacy cyber insurance contracts for ICT and helathcare organizations

Nowadays, more-and-more aspects of our daily activities are digitalized. Data and assets in the cyber-space, both for individuals and organizations, must be safeguarded. Thus, the insurance sector must face the challenge of digital transformation in the 5G era with the right set of tools. In this paper, we present CyberSure-an insurance framework for information systems. CyberSure investigates the interplay between certification, risk management, and insurance of cyber processes. It promotes continuous monitoring as the new building block for cyber insurance in order to overcome the current obstacles of identifying in real-time contractual violations by the insured party and receiving early warning notifications prior the violation. Lightweight monitoring modules capture the status of the operating components and send data to the CyberSure backend system which performs the core decision making. Therefore, an insured system is certified dynamically, with the risk and insurance perspectives being evaluated at runtime as the system operation evolves. As new data become available, the risk management and the insurance policies are adjusted and fine-tuned. When an incident occurs, the insurance company possesses adequate information to assess the situation fast, estimate accurately the level of a potential loss, and decrease the required period for compensating the insured customer. The framework is applied in the ICT and healthcare domains, assessing the system of medium-size organizations. GDPR implications are also considered with the overall setting being effective and scalable

Resilient Critical Infrastructure Management using Service Oriented Architecture

Abstract—The SERSCIS project aims to support the use of interconnected systems of services in Critical Infrastructure (CI) applications. The problem of system interconnectedness is aptly demonstrated by ‘Airport Collaborative Decision Making’ (ACDM). Failure or underperformance of any of the interlinked ICT systems may compromise the ability of airports to plan their use of resources to sustain high levels of air traffic, or to provide accurate aircraft movement forecasts to the wider European air traffic management systems. The proposed solution is to introduce further SERSCIS ICT components to manage dependability and interdependency. These use semantic models of the critical infrastructure, including its ICT services, to identify faults and potential risks and to increase human awareness of them. Semantics allows information and services to be described in such a way that makes them understandable to computers. Thus when a failure (or a threat of failure) is detected, SERSCIS components can take action to manage the consequences, including changing the interdependency relationships between services. In some cases, the components will be able to take action autonomously — e.g. to manage ‘local’ issues such as the allocation of CPU time to maintain service performance, or the selection of services where there are redundant sources available. In other cases the components will alert human operators so they can take action instead. The goal of this paper is to describe a Service Oriented Architecture (SOA) that can be used to address the management of ICT components and interdependencies in critical infrastructure systems. Index Terms—resilience; QoS; SOA; critical infrastructure, SLA

Introducing risk management into the grid

Service Level Agreements (SLAs) are explicit statements about all expectations and obligations in the business partnership between customers and providers. They have been introduced in Grid computing to overcome the best effort approach, making the Grid more interesting for commercial applications. However, decisions on negotiation and system management still rely on static approaches, not reflecting the risk linked with decisions. The EC-funded project "AssessGrid" aims at introducing risk assessment and management as a novel decision paradigm into Grid computing. This paper gives a general motivation for risk management and presents the envisaged architecture of a "risk-aware" Grid middleware and Grid fabric, highlighting its functionality by means of three showcase scenarios

Australian forensic psychologists' perspectives on the merits and limits of actuarial instruments in predicting recidivism among violent offenders and sex offenders

Actuarial approaches are regarded as more accurate than both unstructured and structured clinical approaches in assessing risk of recidivism among sex offenders. While there has been a plethora of research on evaluating the effectiveness of actuarial instruments, there has been a paucity of research investigating their actual level of use in forensic settings. In addition, little is known about the practical difficulties associated with administering actuarial instruments. This paper reports on a survey completed by forensic psychologists in Australia about the risk assessment tools they prefer and the benefits and difficulties associated with their use. In addition, the paper explores the extent to which forensic psychologists use clinical information to adjust the level of risk identified through the actuarial approach. The findings are discussed in light of the utility of particular approaches to assessing risk of recidivism among violent offenders and sex offenders

Negotiation and Decision Making to Develop a Public-Private-Partnership: A Case-Based Approach

Decision making in practice varies from theoretical models and processes. Unpredictable and ill-structured operating conditions require dynamic resolution approaches underpinned by effective negotiation and decision making strategies to support collaborative work and partnerships. This short paper evaluates negotiation strategies and decision making approaches adopted to reach agreement for a unique Public-Private-Partnership. It examines how decision criteria were formulated and decision rules generated through negotiation process executions, and uncertainties addressed by adopting multi-criteria and evidential reasoning approach. Findings are presented to help improve business performance in future PPPs by making effective decisions based on experience gained through past process execution