Search results

Recent earthquake-induced liquefaction events and associated losses have increased researchers’ interest into liquefaction risk reduction interventions. To the best of the authors’ knowledge, there was no scholarly literature related to an economic appraisal of these risk reduction interventions. The purpose of this paper is to investigate the issues in applying cost–benefit analysis (CBA) principles to the evaluation of technical mitigations to reduce earthquake-induced liquefaction risk.

CBA has been substantially used for risk mitigation option appraisal for a number of hazard threats. Previous literature in the form of systematic reviews, individual research and case studies, together with liquefaction risk and loss modelling literature, was used to develop a theoretical model of CBA for earthquake-induced liquefaction mitigation interventions. The model was tested using a scenario in a two-day workshop.

Because liquefaction risk reduction techniques are relatively new, there is limited damage modelling and cost data available for use within CBAs. As such end users need to make significant assumptions when linking the results of technical investigations of damage to built-asset performance and probabilistic loss modelling resulting in many potential interventions being not cost-effective for low-impact disasters. This study questions whether a probabilistic approach should really be applied to localised rapid onset events like liquefaction, arguing that a deterministic approach for localised knowledge and context would be a better base for the cost-effectiveness mitigation interventions.

This paper makes an original contribution to literature through a critical review of CBA approaches applied to disaster mitigation interventions. Further, this paper identifies challenges and limitations of applying probabilistic based CBA models to localised rapid onset disaster events where human losses are minimal and historic data is sparse; challenging researchers to develop new deterministic based approaches that use localised knowledge and context to evaluate the cost-effectiveness of mitigation interventions.

The purpose of this paper is to examine social media security risks and existing mitigation techniques in order to gather insights and develop best practices to help organizations address social media security risks more effectively.

This paper begins by reviewing the disparate discussions in literature on social media security risks and mitigation techniques. Based on an extensive review, some key insights were identified and summarized to help organizations more effectively address social media security risks.

Many organizations do not have effective social media security policy in place and are unsure of how to develop effective social media security strategies to mitigate social media security risks. This paper provides guidance to organizations to mitigate social media security risks that may threaten the organizations.

The paper consolidates the fragmented discussion in literature and provides an in‐depth review of social media security risks and mitigation techniques. Practical insights are identified and summarized from an extensive literature review. Sharing these insights has the potential to encourage more discussion on best practices for reducing the risks of social media to organizations.

Malicious attackers frequently breach information systems by exploiting disclosed software vulnerabilities. Knowledge of these vulnerabilities over time is essential to decide the use of software products by organisations. The purpose of this paper is to propose a novel G-RAM framework for business organisations to assess and mitigate risks arising out of software vulnerabilities.

The G-RAM risk assessment module uses GARCH to model vulnerability growth. Using 16-year data across 1999-2016 from the National Vulnerability Database, the authors estimate the model parameters and validate the prediction accuracy. Next, the G-RAM risk mitigation module designs optimal software portfolio using Markowitz’s mean-variance optimisation for a given IT budget and preference.

Based on an empirical analysis, this study establishes that vulnerability follows a non-linear, time-dependent, heteroskedastic growth pattern. Further, efficient software combinations are proposed that optimise correlated risk. The study also reports the empirical evidence of a shift in efficient frontier of software configurations with time.

Existing assumption of independent and identically distributed residuals after vulnerability function fitting is incorrect. This study applies GARCH technique to measure volatility clustering and mean reversal. The risk (or volatility) represented by the instantaneous variance is dependent on the immediately previous one, as well as on the unconditional variance of the entire vulnerability growth process.

The volatility-based estimation of vulnerability growth is a risk assessment mechanism. Next, the portfolio analysis acts as a risk mitigation activity. Results from this study can decide patch management cycle needed for each software – individual or group patching. G-RAM also ranks them into a 2×2 risk-return matrix to ensure that the correlated risk is diversified. Finally the paper helps the business firms to decide what to purchase and what to avoid.

Contrary to the existing techniques which either analyse with statistical distributions or linear econometric methods, this study establishes that vulnerability growth follows a non-linear, time-dependent, heteroskedastic pattern. The paper also links software risk assessment to IT governance and strategic business objectives. To the authors’ knowledge, this is the first study in IT security to examine and forecast volatility, and further design risk-optimal software portfolios.

While there is a rich body of risk management literature and while there have been valuable theoretical advancements on the specific impact of the COVID-19 pandemic on risks, this paper aims to posit that at least four more advancements are needed.

The co-author from Rolls Royce (RR) illustrates the risks experienced and risk management approaches taken in its manufacturing and supply chain operations both in the earlier stages of the pandemic as well as after the first year of the pandemic.

The COVID-19 pandemic offers a unique risk scenario that is beyond the scope of most existing risk management literature. The impact of the pandemic is very multi-faceted, not location specific but very global and experienced throughout the entire supply chain, across industries and over a much extended timeline with multiple time horizons. In manufacturing operations, there have been major instances of supply chain heroism in the first year of the pandemic and there is a lot more work ahead.

The authors' co-created paper enriches the perspective on COVID-19 research in manufacturing and supply chain operations by pointing at empirical opportunities, the need for more inter disciplinary research and the need to consider multiple time horizons.

Various organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.

The approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security.

The results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.

The paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations.

Attack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.

There are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.

The paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.

Foreign exchange risk might exist in any situation where a business' operations can be affected by changes in exchange rates. The objectives of the present paper, are therefore to identify the current state‐of‐practice in managing foreign exchange exposure.

To present a wide perspective the analysis includes questionnaire surveys regarding foreign exchange exposure in three different sectors. The three sectors are: international special purpose companies engaged in project financing; large‐scale international construction companies; and highly export‐oriented small and medium‐sized enterprises, all based in Singapore.

The analysis demonstrates that all three sectors are exposed to a degree of foreign exchange risk. The paper also demonstrates that foreign exchange exposure is not as very well managed as it might be.

The three sectors might have different needs in protecting their cash flow from foreign exchange exposure but the analysis could help them learn from one another in identifying common trends and drawing universal conclusions where appropriate.

To improve on the presently identified state‐of‐practice, various foreign exchange risk mitigation techniques more commonly used, their perceived effectiveness, and factors of concern in using them, are discussed.

Customer participation (CP) has received considerable interest in the service literature as a way to improve the customer experience and reduce service providers' costs. While its benefits are not in question, there is a paucity of research on potential pitfalls. This paper provides a conceptual foundation to address this gap and develops a comprehensive model of the risks of customer participation in service delivery, integrating research from the marketing, operations and supply chain management, strategy, and information technology fields.

The model is derived deductively by integrating insights from research in marketing, operations and supply chain management, strategy, and information technology.

This paper identifies three categories of potential risks of CP (i.e. market, operational, and service network) and discusses ways that firms can mitigate these risks. Building on the model, it develops a CP risk assessment tool that managers can use when evaluating increases in CP.

The conceptual model proposed in this paper can serve as a robust basis for future research in customer participation, particularly in such areas as sharing economy services, service delivery networks, and experiential services. The risk assessment tool offers clear guidelines for managers who are considering an increase in customer participation in their service.

This is the first attempt to conceptually define customer participation risk and develop a comprehensive model of its drivers and strategies to mitigate it. This paper develops a straightforward method for managers to evaluate CP risk.

The purpose of this paper is to suggest the utility of an emergency management perspective as a guide for policy makers as they respond to the challenges of global climate change.

This analytical paper begins with a review of scientific literature in an effort to highlight the consensus about risks and vulnerabilities associated with climate change or global warming. Applying the terminology and techniques of natural disaster planning, preparedness, response, and mitigation to climate change, an emergency management perspective is articulated as a viable framework for policy development.

Based on the evidence of a growing consensus in the scientific assessment of climate change, and the need for policy interventions to address the risks and vulnerabilities associated with it, the need for a unifying perspective for policymakers at all levels is apparent. An emergency management perspective is offered herein and holds the potential to provide a foundation for meeting that need.

An emergency management perspective for global climate change highlights the linkages between the challenges it poses and natural disaster preparedness in general. This may enable policy analysts to draw on the natural hazards literature and techniques as a guide for planning and policy development.

The effort to create a consensus of approach that will enable policy makers to speak the same language, participate in the same analysis, contribute to the same dialogue, and pursue the same goals may be advanced by this discussion.

An emergency management perspective on climate change may offer the potential for developing the least problematic model for policy makers to incorporate as they seek to make their efforts more consistent and more responsible in the face of a global challenge.

With the increasingly complex global environment companies are facing increased regulations. Financial and social risks are often overlooked but the key in establishing the necessary framework for risk management. Under pressure(s) from the media, public and government, the current companies within the oil and gas fields have taken precautionary steps to reduce their carbon footprint and have allowed technological innovations to take a proactive role in maintaining efficiency and sustainability. The purpose of this paper is to propose a framework outlining how organizations are implementing risk assessment and analysis to determine sustainable operations and methods in developing low-risk outcomes.

The authors used a case study approach to develop and illustrate the risk management framework.

This study provides a theoretical framework for analyzing and reducing risk within the oil and gas sector through explaining various means of innovation and sustainability. Risk integration and mitigation are modeled and quantified within an evolutionary framework. The case study illustrates the risk management techniques currently used in a corporate setting.

Using innovation and sustainable technologies, organizations can take a proactive role in reducing risk in the oil and gas industry in northern Alberta. Providing shareholders with an innovative framework dealing with strategic implications to reduce risk in compliance with operational costs.