WHAT DO WE KNOW ABOUT SECURITY RISK MANAGEMENT?
The world is coping with a wide range of challenges such as migration, cyber-attacks, organized crime and other new challenges, including a recent (current) virus-led crisis. In the past years these challenges have also become security issues of importance to many European countries.
At the moment it is clear that European countries deal with these challenges in different ways. There are no unified standards and approaches as to how specialists should deal with these kinds of challenges. There is a need for professional, well trained specialists who can realize sound security risk management at various levels and in different kinds of organizations.
At the same time, it is also clear that there are no shared standards and approaches to training such specialists and thus there is no shared approach to managing these crisis situations within Europe.
The question is whether it is necessary to deal with these challenges in a uniform manner. In the ERASMUS+ SECUREU project we believe that the challenges do not necessarily need to be tackled in a uniform manner, because each country, due to its cultural context, has its own way of dealing with risks. It is therefore more important to us that professionals in Europe understand that there are different ways in which European countries work when dealing with risks. Our goal is a mutual understanding of each other’s situation and context, having a shared base from which an insight sharing conversation with a fellow professional can evolve. It is essential to know where a particular approach differs from yours, keeping in mind that the both of you can still achieve the same goal, namely: ‘controlling the risks’.
To create a shared base, various proven methods in the field of security/risk management will be touched upon, such as the Enterprise Security Risk Management of the American Association for International Security, Security Program Life Cycle of the Security Executive Council, COSO model from The Committee of Sponsoring Organizations of the Treadway Commission and the ISO 31000 Risk Management of the International Standard Organization.
The SECUREU project has chosen to work with the structure of ISO 31000. This norm provides a standard for risk management which is internationally supported and whose structure: Risk Management Framework – Leadership and Commitment; Risk Management Principles – Value creation an protection and Risk Management Process – Scope, Context, Criteria, Risk Assessment (Risk Identification, Risk Analysis, Risk Evaluation ), Risk Treatment, Recording & Reporting, Communication & Consultation, Monitoring & Review provides a shared base for understanding the different ways of managing security risks in Europe. Read more about ISO 31000 framework, key principles, management process:
Although this approach has never been tested in the field of security studies and practices, it has now been applied as the starting point for the modules to be developed in the field of security risk management for young security specialists, in order to make them better prepared for a crisis. Additionally, to hand them tools for eliminating hazards and threats before they happen and turn into crises and of course to provide a shared base from which a conversation can be started with a colleague from another European country, knowing that despite some differences in their work methods they can still achieve the same goal, namely: “management of the risks”.
The materials found in the SECUREU website are designed according to the framework, principles and management process steps of the ISO 31000 standard. With the published materials (videos, articles, assignments) you will find a visual indication that will explain which step of the risk management framework, values or process the relevant material referred to.
For example, best practice article, task or video published on SECUREU project webpage and marked with such icon will explain two ISO 31000 key principles of risk management – Transparent communication and Customization.