February 2010
|
|
Need Your Own Copy of The Risk Communicator?
|
|
Write for Us
|
| Have you seen a story you would
like to see included in The Risk Communicator? Do you have a research project you want to share with your colleagues? If so, please contact
the newsletter staff at newsletter@sarma.org. |
Legal Matters
|
Copyright 2010
SARMA
All Rights Reserved
Privacy Policy
The views expressed in The Risk Communicator reflect the views of their authors, and do not neccesarily reflect the views of SARMA, the US Government or the employers or clients of the contributors.
|
|
|
President's Corner
|
|
Dear Fellow SARMA Members,
If you are like me, your tolerance for winter weather has been seriously eroded at this point. Old Man Winter's march through the mid-Atlantic has even forced us to delay our one-day conference on The Relevance of Risk Management and Information Sharing to Homeland Security, previously scheduled for this week, until March. Making matters worse was the note we received this week from Julian Talbot, Chair of the SARMA International Affairs Committee, describing the lovely weather in Tanzania -- thanks for the morale boost, Julian!
Besides attempting to stay warm and dry, however, one thing we can all do while we wait for the snow plows to do their work is read the Quadrennial Homeland Security Review (QHSR) Report. Released this past week, the QHSR Report responds to a specific requirement in the Implementing the Recommendations of the 9/11 Commission Act of 2007, and represents the first effort to create a true strategic roadmap for the U.S. homeland security enterprise since the creation of the Department of Homeland Security in 2003.
This is a significant accomplishment, providing needed structure and focus. Of note, the report recognizes the multi-dimensional nature of the hazards we face, as well as the shared nature of an effective response (federal departments and agencies; state and local governments; the private sector; individuals, etc.). It also enshrines the critical role that sound risk analysis and risk management principles must play.
While it stops short of providing guidance for how to address many of the long-standing challenges in this regard, it does identify a number of areas where further maturation is required. These include: - Establishing a comprehensive system for building and sharing awareness of risks and threats; and
- Building a homeland security professional discipline.
Like many reports of this type, the QHSR promotes goals, objectives and actions designed to produce a future state. Typically, such documents are not prescriptive in how this is to be achieved. In fairness, issues of such complexity are not well suited for such general reporting. However, the fact that solutions are being sought rather than listed only points to the opportunities we, as security and risk management professionals, have to help the nation attain the security it needs at an affordable price.
Some thoughts include: - Part of the challenge in making effective use of risk as an enterprise-wide decision support tool has been the lack of a common lexicon. By investing in the Common Knowledge Base (CKB) Project and SARMApedia, SARMA has provided the foundation for standardizing nomenclatures throughout the security risk management community. The SARMApedia also already incorporates much of what is in the DHS Risk Lexicon.
- Likewise, another challenge has been the lack of a uniform system of governance. SARMA has made substantive recommendations on ways to address this in the past, and will seek to reengage with DHS and the Obama Administration on this issue in the days ahead.
- SARMA is also in the process of establishing a Government Advisory Panel to more effectively harness one of our core strengths -- the knowledge and experience of SARMA's members -- for the purpose of providing non-partisan, professional advice to policymakers. As a core mission component of the Association, the Government Advisory Panel will be available to provide support for DHS' efforts to implement national-level homeland security risk assessments.
- Finally, as another core mission, we strongly believe in the need for professional education and training. To that end, SARMA is in the process of establishing such a program for the security risk analysis and management discipline -- something DHS could also leverage.
Think about these issues as you sip your hot cocoa and read through the report. I'd be very interested in your thoughts on these and other ways we can collaboratively engage with policymakers to advance the use of security risk management principles as a sound decision support tool.
My best,
Kerry
Kerry L. Thomas President Security Analysis and Risk Management Association |
| News |
|
DHS Releases QHSR, Emphasizes Risk Management Issues
The Department of Homeland Security this month released its first quadrennial report on the nation's anti-terrorism policies, thereby fulfilling a leading recommendation of the 9/11 Commission and setting out a path for homeland security strategy and budgeting in the years to come. Covering threats and strategic responses at the federal, state and local levels, and incorporating the views of hundreds of government agencies and stakeholder organizations, the effort marks the most comprehensive anti-terror assessment to date.
Unsurprisingly, the Quadrennial Homeland Security Review lists effective risk management policies among DHS's chief objectives. "Acquisition, access, retention, production, use, and management of threat and risk information must be maximized through compatible information architecture and data standards," explains the report. "Risk management decisions made by homeland security partners must account for interdependencies across sectors and jurisdictions."
To achieve this, the QHSR recommends that DHS "develop and implement a methodology to conduct national-level homeland security risk assessments" as a "fundamental step toward informing our priorities and the allocation of resources." Such a "deliberative analytic method," the report says, would ideally include threat assessments from the intelligence community and other federal departments involved in the homeland security enterprise.
Risk management experts responded to the review with cautious optimism. Although pleased with its emphasis on an overarching risk management paradigm, some noted that the report wasn't specific enough about how it would achieve its objectives. In particular, they said, the QHSR doesn't address how many of the long-standing challenges to the effective use of risk as an enterprise-wide tool should be overcome. "While the QHSR clearly recognizes the importance of risk as a metric relative to homeland security, it remains silent on key enablers, such as governance and lexicon, that are central to the enterprise-wide application envisioned," said SARMA President Kerry Thomas. "In that regard, SARMA looks forward to serving as a resource to DHS and others as the QHSR is put into practice."
|
|
Events |
|
SARMA Announces 2010 Annual Conference Dates
SARMA's 4th annual conference on security analysis and risk management has been scheduled for 15-17 June 2010. As in previous years, the event is co-hosted by George Mason University's Center for Infrastructure Protection and will take place on the school's Arlington, Virginia campus.
This year's theme is Confronting the Challenges of Multi-Hazard Preparedness. Planned tracks
include: risk methodologies, the role of government in risk management
policy and planning, threat assessment and multi-hazard risk management, public health and mass care, and cyber-security.
SARMA's annual conferences are
known as exceptional forums for collaboration, information sharing and
networking. With speakers and panelists providing fresh perspectives on
the latest trends and initiatives, the conferences have proven ideal settings for sharing thoughts and ideas on evolving national and international
strategies for security risk management.
For more information about SARMA's conferences, please visit our website.
Former DHS Secretary Michael Chertoff addresses a reception on the
evening before SARMA's 2009 annual conference.
|
Information Sharing Conference
Rescheduled for March
Owing to inclement weather in the Washington, DC region, SARMA has postponed its February conference on The Relevance of Risk Management and Information Sharing to Homeland Security. The one-day event, which is co-hosted by George Mason University's Center for Infrastructure Protection, will be rescheduled for a date in March to be announced shortly.
For more information about the March conference, please visit the conference website. |
| Analysis |
|
| Making the Most of Expert Judgments
by Stephen Hora
As mathematical models of social and human behavior become more realistic and complex, data requirements mushroom. Yet the most sophisticated models require data that may not exist in the traditional sense of statistical information, or the data may be so sparse that making statistical inferences is impossible. It is therefore not surprising that experts are often called upon to interpret available information and quantify models.
Expert judgments have been successfully used in a wide range of activity, from risk models of nuclear power generation to diagnostic programs for medical applications. But there are also limits. If reliable data is available in sufficient quantity, then the data should provide the quantification -- not the experts. At the other extreme, if there is no basis from which to make judgments, then the conclusions will be no more than guesses. It is the intermediate range -- between nearly perfect knowledge and near ignorance -- that is the ideal realm for expert judgment processes.
One of the earliest formal applications of expert judgment to risk modeling was undertaken as part of the Reactor Safety Study, produced in 1975 for the Nuclear Regulatory Commission. The NRC's NUREG-1150 study of 1991 updated these methods and provided more structure to the process of acquiring judgments. These methods were fashioned for physical models of operating systems that, while complicated, are more straightforward than models of terrorist behaviors. Moreover, the subject matter experts were invariably engineers or physical scientists who felt relatively comfortable expressing their knowledge through probabilities and probability distributions.
The situation facing risk modelers of terrorist threats, however, is different and may require some rethinking. As opposed to the reactor safety world, which emphasizes exact expression, experts from the intelligence community have worked in a culture where verbal expressions of uncertainty are the rule. It is worthwhile, therefore, to step back and examine the important issues that arise when developing a successful expert judgment process.
The first of these issues is the definition of the quantities or events that are the subject of the expert judgment. It is deceptively difficult to develop statements that are crystal clear and mutually well understood. The problem may be that the risk modelers make implicit assumptions that are different from those made by the subject matter experts. Or it may be that the subject matter experts don't agree with the model that the risk analysts are trying to quantify. Testing of questions may help sort out these differences. The testing should involve the use of stand-in experts who are not part of the staff conducting the risk study. A dry run of this kind can often lead to needed changes in the questions that would otherwise seriously interfere with obtaining the best expert analysis.
Along with defining the issues, the selection of experts is critical. Preparing some criteria for choosing them is a good first step. After all, experts need to have special knowledge or access to such knowledge. But they also must be free of prejudices that might lead them to answer in a less-than-straightforward manner. Even the appearance of bias can lead to an analysis being discredited.
It is also possible that the selection process itself is subject to motivational distortions. An individual choosing subject matter experts can inadvertently suppress diversity of opinion by selecting experts who share the chooser's own methods or opinions. Alternatively, differences among judgments given by multiple experts will often convey more information about the real uncertainty than do the individual judgments. Diversity of opinion is helpful and should not be repressed either through the selection process or through some well-intentioned method of aggregating judgments.
After an appropriate slate of experts has been selected, the forum for collecting their judgments can take many forms. The experts may work in isolation from one another, or they may come together physically or electronically to share information. The choice made here can implicate the dual issues of independence and shared knowledge. When experts meet together to share information, they become less independent but more knowledgeable, and vice versa. Decisions need to be made about the degree of interaction allowed among the experts.
Another challenge is that subject matter experts may not be skilled in expressing their judgments through probabilities. This is a cognitively difficult task that improves with practice. Thus, some training in probability judgments that involves practice questions and feedback on the quality of the judgments should be mandatory. Training is not only known to improve the quality of the judgments, but it also instills confidence in the experts concerning the appropriateness of the expert judgment process.
Finally, some random thoughts. Documentation is critical. Not only the judgments but also the rationales and reasoning processes by which the experts reach their judgments should be documented. Those who will be using the judgments as input for models need to understand how the judgments were developed. The experts' names should also be attached to their conclusions. Doing so helps ensure that the experts will be diligent.
Often times judgments will be aggregated to the level of a single probability distribution that will be used to quantify a risk model. After all, one distribution is much is easier to deal with than many distributions, and using a single distribution avoids the possibility of contradictory results caused by disagreement among the experts. Whenever aggregation is employed, care should be taken not to suppress diversity through mathematical methods that shrink uncertainty or through behavioral consensus methods that force agreement when in reality there are unresolved differences of opinion.
The science, and art, of obtaining judgments as probabilities is still in development. There is no single right way to do things but there are some good rules of thumb: two (or more) heads are better than one; develop unambiguous questions; provide training; and do not suppress diversity of opinion. All are principles that should aid the development of an effective expert judgment process.
Stephen Hora is Director of the USC Homeland Security Center for Risk and Economic Analysis of Terrorism Events (CREATE).
|
Key Reports
|
|
UN: Earthquakes Caused the Deadliest Disasters in the Past Decade
Nearly 60 percent of international disaster victims over the last 10 years have died because of earthquakes, according to a new study by the United Nations International Strategy for Disaster Reduction.
Get the report
McAfee: Critical Infrastructure in the Age of Cyber War
This survey of 600 international security and IT executives provides for the first time "a detailed picture of the way those charged with the defense of critical IT networks are responding to cyberattacks, attempting to secure their systems and working with government."
Get the report
Harvard: Al Qaeda Weapons of Mass Destruction Threat: Hype or Reality?
In this recently-released report from Harvard's Kennedy School of Government, Rolf Mowatt-Larssen assembles "the best publicly-available evidence" and chronology of "al Qaeda's roughly 15-year quest to acquire WMD."
Get the report
|
Jobs
|
|
DHS: Six Analyst Positions Open at RMA
The Office of Risk Management and Analysis (RMA) has six vacancies for Management and Program Analysts at the GS-11/13 grades.
View the notice
Analyst Position with the Federal Emergency Management Agency (FEMA)
ABS Consulting is seeking a talented professional to provide technical and management consulting services to the federal government, specifically in the area of homeland security risk analysis for grant allocation at FEMA. Education and experience with economics or a related field is a key requirement. An active security clearance is preferred.
View the notice
Corporate Security Analyst Position in Switzerland
SMR Group, an international executive search firm whose global practice is focused exclusively on professional- and executive-level corporate security positions, is seeking candidates for the position of Corporate Security Analyst, located in Switzerland. The Corporate Security Analyst will be responsible for protecting business operations and associates throughout the organization from external threats by the collection, analysis and dissemination of strategic and tactical threat assessments, and production of both analytical and intelligence products designed to support investigations and protective security operations.
View the notice
Security Intelligence Analyst Based in Indianapolis
The US-based arm of SMR Group (see above), Security Management Resources, is seeking candidates on behalf of its client for a Security Intelligence Analyst, reporting to the Vice President of Corporate Security and located in the Indianapolis metro area. The successful candidate will provide value added, risk-based security intelligence products to support the safety and security of associates, non- associates, visitors and our facilities.
View the notice
|
|
|
|
|
