SECURITY RISK MANAGEMENT
The “continuum of Prevent – Respond – Recover – Continue Operations” deserves a serious looking into. Over time, large public organizations, complex as they are with a number of unrelated business units may often grow into vertical silos. These are functional structures based on their operational needs. They often result in stand-alone units with very limited integration due to the challenges inherent to such systems.
Therefore the concept of pulling Stakeholders together to coordinate once in a while – while sometimes valid – does not always achieve integration. This concept is used by a number of Municipalities we benchmarked in the last few years. The results have been less than convincing. In essence, stakeholders retain the full authority of their area and no leadership can enforce a mandated cooperation leaving the outcomes uncertain and largely unpredictable.
Thus having the “continuum” referred to above residing in one area may improve the odds of integration, resulting in a greater Security Situational Awareness Level. ( This is a conceptual model we have defined very clearly and published about in columns that appeared in Municipal World and Canadian Security Magazine )
The diagram below illustrates the flow from prevention to business continuity otherwise known in the government sector as “continuity of operations”.
Figure‑1: Simplified Bow Tie Model
The “Bow Tie” risk model was first introduced by Royal Dutch Shell to capture the risk management cycle. The consultants simplified its graphical representation so it may clearly articulate the concept of the security risk continuum: Security – Emergency – Business Continuity or Continuity of Operations.