	Risky Thinking – On Risk Assessment, Risk Management, and Business Continuity
Home / Essays & Articles / The Archive		4 February, 2012

Risky Thinking

Threat Analysis and Risk Management Essay Archive

Here are some of the older essays and articles on Risk Analysis, Threat Analysis, and Risk Management that you may have missed:

100% Uptime Anybody?
Online service providers make extravagant claims about the availability of their services. But what does 100% uptime mean? And how much is it worth? (Full Text)
A Tale of Two Risk Management Decisions
Two of us looked at an event and made similar estimates of the likelihood of it recurring. However, one of us chose to accept the risk; the other, chose to mitigate it. Which of us was right? (Full Text)
Another Country
In different countries, different rules apply. Yet we tend to think that everywhere people are like us and that our own rules apply. Unless we are careful, this can lead us to assume some unexpected risks. (Full Text)
Business Continuity During a Recession
The world economic crisis is having an impact on business continuity, disaster recovery, and risk management. But there are some opportunities among the darkening clouds... (Full Text)
Changed a Light Bulb Recently?
Disruptive technologies can change what a company has to make and do to stay in business. Even the humble light bulb is undergoing some major changes. (Full Text)
Crime and Technology
Why doesn't the technology of crime match what we see in the Hollywood movies? Some advanced criminal technology exists, but it's all a question of economics... (Full Text)
Does Pure Risk Exist in Business?
Risk text books always used to begin with a section explaining the distinction between pure risk and speculative risk. But is there really such a thing as pure risk in business? (Full Text)
Double or Lose?
Games provide useful analogies for many aspects of life. Is there a game which offers good analogies for risk management? (Full Text)
Email Identity Theft
If you're in business, your email address is going to be forged. Perhaps for phishing, but more likely by spammers. What can you do? (An updated version of one our most popular articles) (Full Text)
GroupThink
The buzzword may have vanished, but the phenomenon is still very much alive in organizations and every day life. Where can we see GroupThink? And how can we deal with it? (Full Text)
How far away should a hot site or mirror site be?
A question that is often asked when designing a disaster recovery plan is how far away a hot site or mirror site should be. Is there a simple answer? (Full Text)
How Many Business Continuity Plans Do You Need?
You have a main office and several branch offices. Should you have one big plan, or one for each office? (Full Text)
How Much is a Business Continuity Plan Worth (Part 1)
A radio station's phone-in game can give some insights into that tricky question: just how do you calculate the ROI on a Business Continuity Plan? (Full Text)
How Much is a Business Continuity Plan Worth (Part 2)
In Part 1 of this article we suggested that much could be learned about the value of a Business Continuity Plan by examining the optimal strategy for a radio show's call-in game. In this second part we build upon this by answering the question "How much is a Business Continuity Plan Worth?". (Full Text)
How Much is a Business Continuity Plan Worth (Part 3)
In parts 1 and 2 I proposed a method of valuing a company's Business Continuity Program. Here's (possibly) where I went wrong... (Full Text)
How To Put Yourself Off Dinner
A fast-food restaurant is not a good place for a discussion on risks. Common industry practices can amplify otherwise miniscule risks, and the restaurant owner may well be the victim of the risk management practices of his suppliers. (Full Text)
In Business Continuity, Size Matters
On a forum somewhere in cyberspace, a poster lamented attending a lecture on business continuity. Her impression was that it was just backup. It isn't, but why might she have been given the wrong impression? (Full Text)
Is it (fire) safe?
If you put your backup tapes in a fire safe you probably think it will protect them from fire. But that isn't always the case... (Full Text)
It's Enough To Put Yourself Off Lunch
Fast food restaurants face special risks, some of which are not completely under their own control. In particular, a supplier with a massive positive feedback loop can cause things to go wrong, as the mad cow case demonstrates. (Full Text)
Key People Never Die
When does key person insurance make sense? A look at some of the reasons why Key Person insurance is not always a good risk management strategy. (Full Text)
Lessons from Hurricane Katrina
Watching the news coverage of hurricane Katrina has been like watching a Greek tragedy as forces beyond human control push events toward their inevitable conclusions. The play is unfinished. We know that more horrors have yet to be revealed. But what lesson, if any, can we learn from Katrina? (Full Text)
Looking for Lessons from Mumbai
The tragic events in Mumbai are rapidly disappearing over the world's news event horizon. Often the only positive feature of any tragedy is to ask what lessons can be learned from it. What lessons can be learned by business continuity planners from the terrorist attacks in Mumbai? (Full Text)
No More Cheap Shots!
Video surveillance is undergoing a digital revolution, yet the newspapers still show blurred pictures of unrecognizable supsects. Is the quality of your CCTV system a risk? (Full Text)
Of Backups and Bare Metal Restore
Your data’s safe, isn’t it? If a disaster happened, you could simply buy new computers, restore from backups, and continue working. Or could you? Welcome to Mike's First Rule of Real World Backups: backups don’t exist unless you test them. (Full Text)
Of Tomatoes, Traceability, and Terrorism
It hasn't been a good summer for the food industry in North America, with major outbreaks of Salmonellosis and Listeriosis. What can we learn from these even if we aren't in the food industry? (Full Text)
On Eggs and Baskets
It's common advice to not put all your eggs in one basket, but does that mean it's always the right thing to do? (Full Text)
On the difference between Wide Area and Local Area Disasters
Hurricane Katrina reminded us that there are major differences between a local disaster and a wide area disaster. Just what are they? It's time to make a list. (Full Text)
Phishing for Customers
Phishing seeks to dupe your customers into disclosing account details and passwords. It's a new twist on an old crime. But what can your company do to fight the phishing menace? (Full Text)
Political Risk and Economics
Politics mostly consists of making policy decisions which benefit one group of people at the expense of another. How do you keep a check on policies which will affect you without spending too much time and effort on the process? (Full Text)
Putting Your Plan Where It Counts
Is your business continuity plan just gathering dust on a shelf somewhere? There are various places parts of your plan should be. (Full Text)
Should It Be In The Plan?
A question which confuses many people is whether a document, data, or procedure should be included in the business continuity or disaster recovery plan, or should it simply be referenced by it. As so often is the case, it's a trade-off... (Full Text)
Supplier Risk and Brand China
Recently there has been a spate of recalls involving Chinese goods. Is there something wrong with goods made in China? If you source components or products in China should you be worried? And what should you do? (Full Text)
Taking BCP to the Next Level
So you have your Business Continuity Plan or Plans written and ready... What now? What should you do next? (Full Text)
Taking BCP to the Next Level: Suppliers
Once you have your own business continuity plan in place, another way of taking business continuity to the next level is to seek to eliminate or reduce a major source of indirect risk: suppliers. (Full Text)
The 2009 Pandemic Flu: A Premature Retrospective
We may have been lucky once again. The H1N1 / Swine flu epidemic which was first reported in Mexico in 2009 hasn't proved as deadly as early reports suggested it might be. It's influenza. It's a pandemic. It will kill a lot of people over the next three years. But it doesn't look like it will be anywhere near as deadly as the flu pandemic of 1918. It looks like it is another near miss, which means that we may have the chance to learn some lessons from the current outbreak... (Full Text)
Time To Get Out? Building Evacuation in Terrorist Times
The closest most companies are likely to come to a terrorist attack is responding to a bomb threat or evacuating a building. It sounds easy, but do you know how to do it right? (Full Text)
Two (or more) Types of Emergency Notification System
I was sitting in a meeting listening to a sales presentation on an Emergency Notification System. The client needed an Emergency Notification System. This wasn't what the client needed. What went wrong? (Full Text)
What Do Emergent Risks Do Next?
Can you study emergent risks? And what can you say about them? (Full Text)
When Bollywood Meets Business Continuity
What's the connection between the death (through natural causes) of a 77 year old Indian film star and business continuity? Read on... (Full Text)
Y2K Revisited
In a recent radio show, the glib radio host implied that the Y2K risk never really existed. Was he right? Or do his comments tell us more about human nature than about the risks arising from time representation in computer systems? (Full Text)
Your Money or Their Life?
How do you put a dollar value on a human life? It's not something anybody likes to do, but when faced with a decision as to whether to spend money to reduce some risks, it's what you have to do ... (Full Text)