The folks over at the NIST Information Technology Labs (ITL) have been busy. One complaint about the recently released Risk Management Framework (RMF) [1], developed in response the President’s Executive Order 13636 on Improving Critical Infrastructure Cybersecurity, was that it did not address application security (the coding practices that allow for SQL injection, buffer overflow, etc). [2]. Continue reading
ISO 31000 needs to address the understanding of the fundamental nature of risk if it hopes to advance the maturity of risk practices in business.
Risk Management is firmly entrenched in a world of re-active modelling and reporting that belies the goals of ISO 31000 and until there is an epiphany in the industry on understanding the nature of risk, it is unlikely that ISO 31000 will achieve anything more than a documentary role in corporate governance and business management. Risk Management must add value, and this means add Shareholder Value, if it is to be accepted as a part the strategic management of business. Continue reading
While the Internet abounds with information on history of Logistics and with logistical stories, it is instead quite poor with information on effective risk fighting, save for some very specific topics.
History is full of episodes where in winning battles, and therefore wars, Logistics was an instrumental challenge. Continue reading
I came across an article that caught my attention. Finally, we have some data on why people do what they do in the office.
We’ve all been the leader who struggles with getting the messaging across to employees about what needs to be done when, but often forget that how information is packaged is the difference between them doing their jobs – or not. Continue reading
The Failure Mode and Effect Analysis is a great tool to evaluate the potentials risks existent in every activity or process. Take a look at my article ‘FMEA in the Kitchen.’
The PFMEA – Process Failure Mode and Effect Analysis has focus into eliminate or reduce the potential issues in a new or current process. After calculating the RPN – Risk Potential Number – it is possible to decide if preventive actions need to be done. The PFMEA is done step by step, but is necessary pay attention in some points to avoid common mistakes. Continue reading