Christian Meuerers
Austrian National Defence Academy [email protected]
Introduction
In this paper we introduce a meta risk model enabling an abstract view of risk management in general. The underlying open world assumption and the structured method of applying the model allows to consistently integrate various approaches and procedures for e.g. disaster classification, involved roles like first responders, local government, military or administrative personnel. Starting with the recently developed ITspecific model of RiskSense [3], which is using the catalogues of the German IT-Grundschutz, we provide a new possibility for interactive decision making, especially for the needs of Situation Awareness Centers (SAC). In this context, first responders can quickly and effectively gain necessary insights into potential risk factors and their dependencies. Additionally using the structured procedural Z-Model [14], information is gathered and analyzed to identify scenarios, feeding the functional meta risk model to enable transparent decision-making.
State Of The Art And Frameworks
When analyzing the current state of the art in knowledge management, risk analysis, IT-related frameworks, and management disciplines a large number of different risk management and assessment models, methods or at least aspects can be found. Those are coming from frameworks or standards like ITIL [1], COSO [10], COBIT [6], IT Grundschutz [4], ISO 31000 [9], ISO 27005 [5], OCTAVE [8], NIST [7], etc. Furthermore, examining Austrian and European Union legislations (e.g. enterprise law, share law, Solvency II, Basel III, 8th Audit Directive, anti-money laundering directive etc.) as well as scanning for particular risk aspects of motivation, fraud, and business models in the area of
74
risk aspects are sometimes only reduced to the minimal conclusion “risk management has to be applied”, without a further description of how this could be achieved or a reference to one of the frameworks or standards mentioned above. In fact, all risk management models tend to follow a quite similar but not a real common approach.
Consequently, the suggested meta risk model will address the problem of inconsistent and isolated, highly domain-specific models, originating from the lack of a generic risk management approach. Therefore, we used RiskSense [2] as the framework for a situation awareness platform and integrated supporting models like the Multi-Layer Multiple Vector Model [12][13] or the Z-Model [14]. Additionally, we focused on human risk factors to be integrated into the meta risk model to support scenario analysis by covering social science factors.
Prototype (Risk Sense)
In RiskSense [2] Stefan Schiebeck implemented a risk management approach and set up a supporting prototype on the commonly accepted structured model of IT-Grundschutz, allowing the identification, estimation and modeling of dependent organizational assets, protection criteria, threats, safeguards and roles. The main motivation was to provide a simple web tool to support collaborative, interactive decision making. It can be applied as an interactive decision support system aimed at efficiently performing risk management tasks. The method and supporting software prototype has been extensively evaluated by the Austrian Federal Ministry of Defence and Sports and showed high potential for operational deployment.
Underlying Concepts And Models
Furthermore, with the Multi-Layer Multiple Vector Model [12][13] as a basic classification scheme, the Z-Model [14] enables a comprehensive scenario planning process, leading to a functional meta risk model. The developed concept for a generic meta risk model includes all aspects of the studied approaches, methods and models by setting up a general conceptual level. Any specific model should be considered as a particular version of the generic meta model, using a common data representation. By doing so, we harmonize the
core aspects and prepare them for a standardized treatment. The ultimate objective is to develop a robust model which can be flexibly applied for different purposes and by different roles.
Further Work And Outlook
The “Meta-Risk-Approach” allows to take several models, abstraction layers and parameters into account in order to provide a function-oriented meta risk model. Currently we plan to develop the specifications behind the described high-level processes, their interactions and resulting requirements.
The basic demonstrator requirements are aligned with the RiskSense prototype, allowing the integration of sensors and expert knowledge into the meta risk model. The resulting software demonstrator is planned to be evaluated in the context of Situation Awareness Centers (SAC) by the Austrian National Defence Academy, which is supporting the Austrian Armed Forces in providing domestic aid in the case of natural catastrophes and disasters. The overall goal of our research concept is the advancement of existing situational reporting capabilities already implemented in RiskSense, by incorporating additional modelling options based on human factors and strategic long-term scenario planning as provided by the Z-Model. Therefore, the meta risk model enables a comprehensive, scalable, generic and domain- independent risk assessment for all layers and parts of an organisation to develop, implement and enhance a common and advanced risk management as basis for a “shared risk awareness”.
76
‘Emphasizing STARC’! Suggested future ways forward for
contemporary military and special operations intelligence and
knowledge work
Adam Svendsen
Coperhagen Institute for Future Studies, Denmark [email protected]
This paper outlines a proposed interconnected analytical framework and series of concepts for furthering the conduct of military and special operations- related intelligence and knowledge work. Particularly this is as events and developments unfold in contemporary globalised circumstances. Building on ‘System of Systems Analysis’ (SoSA) approaches, a joined-up comprehensive systems-based approach is advanced. Thereby, greater contextualisation potential is also offered by what this paper seeks to communicate.
As this paper goes on to argue, the above SoSA work is undertaken to help with subsequent ‘System of Systems Engineering’ (SoSE) efforts. Those last SoSE efforts would be recognised as ranging from moving on from attaining merely ‘situational awareness’ to ‘mission accomplishment’ by transforming events and developments.
Throughout the paper, it observes that a close eye needs to be maintained on the sustained delivery of core intelligence requirements of ‘getting the right intelligence/information, to the right person/people, at the right time’ (‘3Rs’), as well as on continuing to simultaneously meet and consistently maintain over time all of the highly-pressing customer/end-user intelligence delivery criteria of ‘Specificity, Timeliness, Accuracy, Relevance and Clarity’ (’STARC’). These qualities are held to be especially pressing requirements during our contemporary ‘Big Data’/‘Cyber’ age.
In its conclusions, this paper has been designed to offer suggestions with potential viable utility for being applied in military and special operations intelligence and knowledge work - however precisely that work is configured, calibrated or scaled. That work is seen to be especially pressing while practitioners strive to navigate the demands generated by negotiating the conduct of several multi-functional operations (MFOs), ranging from ‘war’ to ‘peace’ and covering the full-spectrum of diverse concerns currently confronted, not least during an era characterisable as one of strategic globalised risk (GSR) involving much uncertainty. Ultimately, the paper asserts that a constant feedback process of ‘context appreciation’ and ‘solution fashioning’ emerges as important and is deserving of re-emphasis.
78