Brandt, Revay & Wennberg "Systems Thinking on Risk Analysis"
Posted by: daviding
Date: June 20, 2004 02:42PM
Whenever is see the word "analysis", I always consider whether its complement of "synthesis" would be appropriate for consideration, in a systemic framework. Thus, in addition to the reductive view (which is seems to more obvious to most people these days), I think about what the expansive view might be.
From the description in the paper, security would seem to be the containing whole into which risk is placed. Thus, I was on the lookout for ways that the risk issue might be dissolved (in the Ackoff vocabulary) as a mess, rather than just solved as a problem.
I was also thinking about whether there are opportunities to take risks -- because higher rewards come with higher risks -- and learn to take advantage of those. (This is not to say that higher risks should be unmitigated, but where there is risk, there is opportunity).
In the IT world, as an example, sometimes security operatives create a "honey pot", to which perpetrators get easier access. This provides the information systems architects with data about how secure their systems really are, and an opportunity to capture more intelligence on attackers.
It often seems that so much effort is placed in risk reduction that bureaucracy sets in, and creativity is lost. I'm not sure if this applies to the situation at hand, but since we're in a systems science conference, we probably shouldn't miss the opportunity to look at the expansive side.