Beck and beyond: Selling security in the world risk society

©2010 British International Studies AssociationExpanding on the works of Beck and others on the growing business of risk, this article examines the role of the private security industry in the creation, management and perpetuation of the world risk society. It observes that the replacement of the concept of security with risk over the past decades has permitted private firms to identify a growing range of unknown and unknown-unknown dangers which cannot be eliminated, but require permanent risk management. Using the discourse of risk and its strategies of commercialised, individualised and reactive risk management, the private risk industry thus has contributed to the rise of a world risk society in which the demand for security can never be satisfied and guarantees continuous profits

Risk Management for e-Business

In the new Internet economy, risk management plays a critical role to protect the organization and its ability to perform their business mission, not just its IT assets. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. The risk management is an important component of a IT security program. Information and communications technology management and IT security are responsible for ensuring that technology risks are managed appropriately. These risks originate from the deployment and use of IT assets in various ways, such as configuring systems incorrectly or gaining access to restricted software.risk, e-business, threat, vulnerability

The commodification of security in the risk society

Expanding on the works of Beck and others on the growing business of risk, this paper examines the role of private industry in the creation, management and perpetuation of the world risk society. It observes that the replacement of the concept of security with risk over the past decades has permitted private firms to identify a growing range of unknown and unknown-unknown dangers which cannot be eliminated and require continuous risk management. Using the discourse of risk and its strategies of commercialized, individualized and reactive risk management, the private risk industry has thus contributed to the rise of a world risk society in which the demand for security can never be satisfied and so guarantees continuous profits

AUTOCHTHONOUS APPROACHING IN THE MANAGEMENT OF THE SECURITY RISK

An optimal management for a corporation, no matter what size the corporation is, it must contain the management of the security risk. On the importance that is given to the risk management can depend the well functioning of the corporation. An important role in this process has the owner of the business and the way that this one understands the risk. A good understanding of the risk by the owner will have as effect the allocation of sufficient funds to implement controls meant to bring the risk level in order to be an acceptable one. The autochthonous corporations, in a great part even because of the inexistence of reglementations in this domain, have an empiric approach of the phenomena.approaching, autochthonous, controls, resource owner, risk, risk analysis, risk level, risk management, security, vulnerability

Food security, risk management and climate change

This report identifies major constraints to the adaptive capacity of food organisations operating in Australia. This report is about food security, climate change and risk management. Australia has enjoyed an unprecedented level of food security for more than half a century, but there are new uncertainties emerging and it would be unrealistic – if not complacent – to assume the same level of food security will persist simply because of recent history. The project collected data from more than 36 case study organisations (both foreign and local) operating in the Australian food-supply chain, and found that for many businesses,  risk management practices require substantial improvement to cope with and exploit the uncertainties that lie ahead. Three risks were identified as major constraints to adaptive capacity of food organisations operating in Australia:  risk management practices; an uncertain regulatory environment – itself a result of gaps in risk management; climate change uncertainty and projections about climate change impacts, also related to risk management

Are we predisposed to behave securely? Influence of risk disposition on individual security behaviors

Employees continue to be the weak link in organizational security management and efforts to improve the security of employee behaviors have not been as effective as hoped. Researchers contend that security-related decision making is primarily based on risk perception. There is also a belief that, if changed, this could improve security-related compliance. The extant research has primarily focused on applying theories that assume rational decision making e.g. protection motivation and deterrence theories. This work presumes we can influence employees towards compliance with information security policies and by means of fear appeals and threatened sanctions. However, it is now becoming clear that security-related decision making is complex and nuanced, not a simple carrot- and stick-related situation. Dispositional and situational factors interact and interplay to influence security decisions. In this paper, we present a model that positions psychological disposition of individuals in terms of risk tolerance vs. risk aversion and proposes research to explore how this factor influences security behaviors. We propose a model that acknowledges the impact of employees' individual dispositional risk propensity as well as their situational risk perceptions on security-related decisions. It is crucial to understand this decision-making phenomenon as a foundation for designing effective interventions to reduce such risk taking. We conclude by offering suggestions for further research.</p

Information Security Risk Management: In Which Security Solutions Is It Worth Investing?

As companies are increasingly exposed to information security threats, decision makers are permanently forced to pay attention to security issues. Information security risk management provides an approach for measuring the security through risk assessment, risk mitigation, and risk evaluation. Although a variety of approaches have been proposed, decision makers lack well-founded techniques that (1) show them what they are getting for their investment, (2) show them if their investment is efficient, and (3) do not demand in-depth knowledge of the IT security domain. This article defines a methodology for management decision makers that effectively addresses these problems. This work involves the conception, design, and implementation of the methodology into a software solution. The results from two qualitative case studies show the advantages of this methodology in comparison to established methodologies

The Information Security Management System, Development and Audit

Information security management system (ISMS) is that part of the overall management system, based on a business risk approach, that it is developed in order to establish, implement, operate, monitor, review, maintain and improve information securitysecurity, information management system, audit

The Economic Case for Cyberinsurance

We present three economic arguments for cyberinsurance. First, cyberinsurance results in higher security investment, increasing the level of safety for information technology (IT) infrastructure. Second, cyberinsurance facilitates standards for best practices as cyberinsurers seek benchmark security levels for risk management decision-making. Third, the creation of an IT security insurance market redresses IT security market failure resulting in higher overall societal welfare. We conclude that this is a significant theoretical foundation, in addition to market-based evidence, to support the assertion that cyberinsurance is the preferred market solution to managing IT security risks.