One of the aims of risk management is to select and implement approaches to minimize any expected loss by reducing the likelihood of the risk, its impact, or both. When a security risk or threat has been identified and deemed unacceptable, some form of approach is required to manage that risk or threat. It is not possible to completely remove all risk, such as terrorism. Therefore, risks should be identified, tiered, and treated as early as possible so that any proposed approaches can be most effective.
One of the aims should be to manage and reduce the risk to a level that is acceptable. Such an approach may involve review and enhancement of existing policies, procedures, and practices (PPP), or the creation of new PPPs aimed at dealing with the identified risk. In the security arena, risk management tends to rely on an unrealistic and sometimes “optimistic” focus on one mitigation approach to the possible exclusion of other approaches. An example of this optimistic or unrealistic approach is an over-dependence on recent technologies promising to deal with “what keeps you up at night.” In reality, new integrated technologies may be creating a single point of failure which creates new risks rather than mitigating the original risk. On the other hand, an overreliance on purely physical measures, the adage “more walls, bars and guards,” returns us to outdated approaches that we now attempt to improve upon through technology. As such, it is necessary to consider a balanced approach that considers the physical and technological solutions while remaining cost-effective in terms of capital and human resources.
The mixture of proposed physical, PPPs and technical measures must be directly linked to the risk or threats that the measures are intended to address. Reality remains that it is not possible to protect all assets against all risks or threats. We must decide what risk we cannot live with and what risk we may be able to tolerate.
“Risk management is a more realistic term than safety. It implies that hazards are ever-present, that they must be identified, analyzed, evaluated, and controlled or rationally accepted.”
Jerome F. Lederer: Known as “Mr. Aviation Safety” was NASA’s first director of Manned Flight Safety and was later appointed as director of the Office of Manned Space Flight Safety for the Apollo Program. In 1970, he became director of safety for all of NASA.