Have you noticed the plethora of risk management and uncertainty commentators? By far the great majority of the comments and guidelines essentially are outlines to help you organize and focus your risk management processes.
For example, the new February 12, 2014, National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity by itself doesn’t identify, suggest or implement any particular action for your computer system or equipment that will prevent hacking. And isn’t that along with monitoring hacking and hacks and timely responding and resolving them what you are really interested in for safety?
But in addition to providing outlines for risk management processes the comments and guidelines create potential or actual rather vague, unspecific standards of care to be followed with the potential for criticism or liability if you don’t. The result is useful not only for risk management but also for people who want to criticize and for plaintiff attorneys including for punitive damage claims. See my prior post Rise of the Processes, http://tatetalk.com/2014/05/03/rise-of-the-processes.
What should you do? Learn and keep on top of the risk and uncertainty management processes that apply to your activities, business and industry, and apply them. That’s really the only solution. Ignore risk and uncertainty management at your own risk.
Is it safe yet? Dave Tate, Esq. (San Francisco / California)