Search results

Consumers increasingly rely on organisations for online services and data storage while these same institutions seek to digitise the information assets they hold to create economic value. Cybersecurity failures arising from malicious or accidental actions can lead to significant reputational and financial loss which organisations must guard against. Despite having some critical weaknesses, qualitative cybersecurity risk analysis is widely used in developing cybersecurity plans. This research explores these weaknesses, considers how quantitative methods might address the constraints and seeks the insights and recommendations of leading cybersecurity practitioners on the use of qualitative and quantitative cyber risk assessment methods.

The study is based upon a literature review and thematic analysis of in-depth qualitative interviews with 16 senior cybersecurity practitioners representing financial services and advisory companies from across the world.

While most organisations continue to rely on qualitative methods for cybersecurity risk assessment, some are also actively using quantitative approaches to enhance their cybersecurity planning efforts. The primary recommendation of this paper is that organisations should adopt both a qualitative and quantitative cyber risk assessment approach.

This work provides the first insight into how senior practitioners are using and combining qualitative and quantitative cybersecurity risk assessment, and highlights the need for in-depth comparisons of these two different approaches.

The purpose of this paper is to review the methods for assessing food safety risk within a food safety plan.

The research involved analysis of both qualitative and quantitative methods of risk assessment.

Risk assessment is a key element of the HACCP approach to food safety. It requires food business operators and those on HACCP teams to determine both the acceptable level of contamination and the risk for the food business, and ultimately the consumer. The choice of food safety risk assessment model is crucial to an organisation. The mechanisms to determine what is acceptable can be a combination of scientific based and value based criteria and utilise qualitative or semi‐quantitative approaches. Whilst fuzzy logic has a place in making risk assessment more quantitative; specific software tools are required to enable quantitative risk assessment especially where what is acceptable at one point could, subject to other factors later in the supply chain, change to an unacceptable level of risk to the consumer. Quantitative mechanisms are required to make these decisions at organisational, or indeed at policy level, fully transparent.

This research is of academic value and of value to policy makers and practitioners in the food supply chain.

This paper aims to address how to systematically address vulnerability in a maritime transportation system using a formal vulnerability assessment approach, create quantitative measures of disruption risk and test the effect of mitigating measures. These quantitative data are prerequisites for cost efficiency calculations, and may be obtained without requiring excessive resources.

Supply chain simulation using heuristics‐based planning tools offers an approach to quantify the impact of disruption scenarios and mitigating measures. This is used to enrich a risk‐based approach to maritime supply chain vulnerability assessment. Monte Carlo simulation is used to simulate a stochastic nature of disruptions.

The exemplary assessment of a maritime liquefied natural gas (LNG) transportation system illustrates the potential for providing quantitative data about the cost of disruptions and the effects of mitigating measures, which are foundations for more precise cost efficiency estimates.

This simulation was done on a simplified version of a real transportation system. For resource reasons, several simplifications were made, both with regards to modeling the transportation system and with the implementation of the formal vulnerability assessment framework. Nevertheless, the authors believe the paper serves to illustrate the approach and potential outcome.

Practitioners are provided with an approach to get more precise quantitative data on disruption costs and cost/efficiency of mitigating measures, providing background data for decisions on investing in reduction of supply chain vulnerability.

The combination of risk assessment methods and inventory routing simulation of maritime supply chain problems is a novelty. Quantifying vulnerability, effects of disruptions and effects of mitigating measures in maritime transportation systems contributes to a little‐researched area.

Businesses are increasingly vulnerable and exposed to physical climate change risks, which can cascade through local, national and international supply chains. Currently, few methodologies can capture how physical risks impact businesses via the supply chains, yet outside the business literature, methodologies such as sustainability assessments can assess cascading impacts.

Adopting a scoping review framework by Arksey and O'Malley (2005) and the PRISMA extension for scoping reviews (PRISMA-ScR), this paper reviews 27 articles that assess climate risk in supply chains.

The literature on supply chain risks of climate change using quantitative techniques is limited. Our review confirms that no research adopts sustainability assessment methods to assess climate risk at a business-level.

Alongside the need to quantify physical risks to businesses is the growing awareness that climate change impacts traverse global supply chains. We review the state of the literature on methodological approaches and identify the opportunities for researchers to use sustainability assessment methods to assess climate risk in the supply chains of an individual business.

The purpose of this paper is to identify the risks and methods for their assessment in the case of maintenance activities in Sri Lanka. The main objectives were to identify the occupational risks in maintenance work and the risk assessment methods in place and their drawbacks in the Sri Lankan context.

The identification and assessment of risks were undertaken through a study of three fast-moving consumer products manufacturing organisations. The relevant data were collected through personal interviews and site visits.

Most typical risks associated with maintenance are cuts, slips and falls, with severe or fatal injuries as the result of negligence of SOP and failure to use the PPE. Checklists, brainstorming and decomposition techniques were identified as the preferred methods in maintenance for risk identification while a risk rating matrix is used for risk analysis. Lack of awareness and indifference towards risk assessment; make effective risk assessment very difficult. These drawbacks can be minimised by education, systematic training and enforcing rules, regulations and procedures for controlling risks.

Studies on maintenance worldwide have identified several maintenance-specific risks such as working at heights, the pressure of time, etc. However, there is a dearth of published research on risks and risk assessment methods in maintenance in Sri Lankan context. The findings highlighted the safety risks and risk assessment tools entailed in the maintenance operations of manufacturing organisations. The findings will be useful for those in maintenance operations in managing risks effectively through designing work environments that are risk-free.

This study aims to argue that in the case of quantitative security risk assessment, individuals do not estimate probabilities as a likelihood measure of event occurrence.

The study uses the most commonly used quantitative assessment approach, the annualized loss expectancy (ALE), to support the three research hypotheses.

The estimated probabilities used in quantitative models are subjective.

The ALE model used in security risk assessment, although it is presented in the literature as quantitative, is, in fact, qualitative being influenced by bias.

The study provides a factual basis showing that quantitative assessment is neither realistic nor practical to the real world.

A model that cannot be tested experimentally is not a scientific model. In fact, the probability used in ISRM is an empirical probability or estimator of a probability because it estimates probabilities from experience and observation.

Limited facilities operating and modernization budgets require organizations to carefully identify, prioritize and authorize projects to ensure allocated resources align with strategic objectives. Traditional facility prioritization methods using risk matrices can be improved to increase granularity in categorization and avoid mathematical error or human cognitive biases. These limitations restrict the utility of prioritizations and if erroneously used to select projects for funding, they can lead to wasted resources. This paper aims to propose a novel facility prioritization methodology that corrects these assessment design and implementation issues.

A Mamdani fuzzy logic inference system is coupled with a traditional, categorical risk assessment framework to understand a facilities’ consequence of failure and its effect on an organization’s strategic objectives. Model performance is evaluated using the US Air Force’s facility portfolio, which has been previously assessed, treating facility replicability and interruptability as minimization objectives. The fuzzy logic inference system is built to account for these objectives, but as proof of ease-of-adaptation, facility dependency is added as an additional risk assessment criterion.

Results of the fuzzy logic-based approach show a high degree of consistency with the traditional approach, though the value of the information provided by the framework developed here is considerably higher, as it creates a continuous set of facility prioritizations that are unbiased. The fuzzy logic framework is likely suitable for implementation by diverse, spatially distributed organizations in which decision-makers seek to balance risk assessment complexity with an output value.

This paper fills the identified need for portfolio management strategies that focus on prioritizing projects by risk to organizational operations or objectives.

In the continuous development of high-speed railways, ensuring the safety of the operation control system is crucial. Electromagnetic interference (EMI) faults in signaling equipment may cause transportation interruptions, delays and even threaten the safety of train operations. Exploring the impact of disturbances on signaling equipment and establishing evaluation methods for the correlation between EMI and safety is urgently needed.

This paper elaborates on the necessity and significance of studying the impact of EMI as an unavoidable and widespread risk factor in the external environment of high-speed railway operations and continuous development. The current status of research methods and achievements from the perspectives of standard systems, reliability analysis and safety assessment are examined layer by layer. Additionally, it provides prospects for innovative ideas for exploring the quantitative correlation between EMI and signaling safety.

Despite certain innovative achievements in both domestic and international standard systems and related research for ensuring and evaluating railway signaling safety, there’s a lack of quantitative and strategic research on the degradation of safety performance in signaling equipment due to EMI. A quantitative correlation between EMI and safety has yet to be established. On this basis, this paper proposes considerations for research methods pertaining to the correlation between EMI and safety.

This paper overviews a series of methods and outcomes derived from domestic and international studies regarding railway signaling safety, encompassing standard systems, reliability analysis and safety assessment. Recognizing the necessity for quantitatively describing and predicting the impact of EMI on high-speed railway signaling safety, an innovative approach using risk assessment techniques as a bridge to establish the correlation between EMI and signaling safety is proposed.

With increasing exposure to disruptions, it is vital for supply chains to manage risks proactively. Prediction of potential failure points and overall impact of these risks is challenging. In this paper, systems thinking concepts are applied for modelling supply chain risks. The purpose of this paper is to develop a holistic, systematic and quantitative risk assessment process for measuring the overall risk behaviour.

A framework for supply chain risk management (SCRM) is developed and tested using an industrial case study. A systematically developed research design is employed to capture the dynamic behaviour of risks. Additionally, a system‐based supply chain risk model is conceptualized for risk modelling. Sensitivity modelling results are combined for validating the supply chain risk model.

The systems approach for modelling supply chain risks predicts the failure points along with their overall risk impact in the supply chain network. System‐based risk modelling provides a holistic picture of risk behavioural performance, which is difficult to realise through other research methodologies commonly preferred in SCRM research.

The developed framework for SCRM is tested in an industry setting for its viability. The framework for SCRM along with the supply chain risk model is expected to benefit practitioners in understanding the intricacies of supply chain risks. The system model for risk assessment is a working tool which could provide a perspective of future disruptive events.

A holistic, systematic and quantitative risk modelling mechanism for capturing overall behaviour of risks is a valuable contribution of this research. The paper presents a new perspective towards using systems thinking for modelling supply chain risks.