Search results
1 – 10 of over 8000Nadeeshani Wanigarathna, Keith Jones, Federica Pascale, Mariantonietta Morga and Abdelghani Meslem
Recent earthquake-induced liquefaction events and associated losses have increased researchers’ interest into liquefaction risk reduction interventions. To the best of the…
Abstract
Purpose
Recent earthquake-induced liquefaction events and associated losses have increased researchers’ interest into liquefaction risk reduction interventions. To the best of the authors’ knowledge, there was no scholarly literature related to an economic appraisal of these risk reduction interventions. The purpose of this paper is to investigate the issues in applying cost–benefit analysis (CBA) principles to the evaluation of technical mitigations to reduce earthquake-induced liquefaction risk.
Design/methodology/approach
CBA has been substantially used for risk mitigation option appraisal for a number of hazard threats. Previous literature in the form of systematic reviews, individual research and case studies, together with liquefaction risk and loss modelling literature, was used to develop a theoretical model of CBA for earthquake-induced liquefaction mitigation interventions. The model was tested using a scenario in a two-day workshop.
Findings
Because liquefaction risk reduction techniques are relatively new, there is limited damage modelling and cost data available for use within CBAs. As such end users need to make significant assumptions when linking the results of technical investigations of damage to built-asset performance and probabilistic loss modelling resulting in many potential interventions being not cost-effective for low-impact disasters. This study questions whether a probabilistic approach should really be applied to localised rapid onset events like liquefaction, arguing that a deterministic approach for localised knowledge and context would be a better base for the cost-effectiveness mitigation interventions.
Originality/value
This paper makes an original contribution to literature through a critical review of CBA approaches applied to disaster mitigation interventions. Further, this paper identifies challenges and limitations of applying probabilistic based CBA models to localised rapid onset disaster events where human losses are minimal and historic data is sparse; challenging researchers to develop new deterministic based approaches that use localised knowledge and context to evaluate the cost-effectiveness of mitigation interventions.
Details
Keywords
The purpose of this paper is to examine social media security risks and existing mitigation techniques in order to gather insights and develop best practices to help organizations…
Abstract
Purpose
The purpose of this paper is to examine social media security risks and existing mitigation techniques in order to gather insights and develop best practices to help organizations address social media security risks more effectively.
Design/methodology/approach
This paper begins by reviewing the disparate discussions in literature on social media security risks and mitigation techniques. Based on an extensive review, some key insights were identified and summarized to help organizations more effectively address social media security risks.
Findings
Many organizations do not have effective social media security policy in place and are unsure of how to develop effective social media security strategies to mitigate social media security risks. This paper provides guidance to organizations to mitigate social media security risks that may threaten the organizations.
Originality/value
The paper consolidates the fragmented discussion in literature and provides an in‐depth review of social media security risks and mitigation techniques. Practical insights are identified and summarized from an extensive literature review. Sharing these insights has the potential to encourage more discussion on best practices for reducing the risks of social media to organizations.
Details
Keywords
Baidyanath Biswas and Arunabha Mukhopadhyay
Malicious attackers frequently breach information systems by exploiting disclosed software vulnerabilities. Knowledge of these vulnerabilities over time is essential to decide the…
Abstract
Purpose
Malicious attackers frequently breach information systems by exploiting disclosed software vulnerabilities. Knowledge of these vulnerabilities over time is essential to decide the use of software products by organisations. The purpose of this paper is to propose a novel G-RAM framework for business organisations to assess and mitigate risks arising out of software vulnerabilities.
Design/methodology/approach
The G-RAM risk assessment module uses GARCH to model vulnerability growth. Using 16-year data across 1999-2016 from the National Vulnerability Database, the authors estimate the model parameters and validate the prediction accuracy. Next, the G-RAM risk mitigation module designs optimal software portfolio using Markowitz’s mean-variance optimisation for a given IT budget and preference.
Findings
Based on an empirical analysis, this study establishes that vulnerability follows a non-linear, time-dependent, heteroskedastic growth pattern. Further, efficient software combinations are proposed that optimise correlated risk. The study also reports the empirical evidence of a shift in efficient frontier of software configurations with time.
Research limitations/implications
Existing assumption of independent and identically distributed residuals after vulnerability function fitting is incorrect. This study applies GARCH technique to measure volatility clustering and mean reversal. The risk (or volatility) represented by the instantaneous variance is dependent on the immediately previous one, as well as on the unconditional variance of the entire vulnerability growth process.
Practical implications
The volatility-based estimation of vulnerability growth is a risk assessment mechanism. Next, the portfolio analysis acts as a risk mitigation activity. Results from this study can decide patch management cycle needed for each software – individual or group patching. G-RAM also ranks them into a 2×2 risk-return matrix to ensure that the correlated risk is diversified. Finally the paper helps the business firms to decide what to purchase and what to avoid.
Originality/value
Contrary to the existing techniques which either analyse with statistical distributions or linear econometric methods, this study establishes that vulnerability growth follows a non-linear, time-dependent, heteroskedastic pattern. The paper also links software risk assessment to IT governance and strategic business objectives. To the authors’ knowledge, this is the first study in IT security to examine and forecast volatility, and further design risk-optimal software portfolios.
Details
Keywords
Remko van Hoek and David Loseby
While there is a rich body of risk management literature and while there have been valuable theoretical advancements on the specific impact of the COVID-19 pandemic on risks, this…
Abstract
Purpose
While there is a rich body of risk management literature and while there have been valuable theoretical advancements on the specific impact of the COVID-19 pandemic on risks, this paper aims to posit that at least four more advancements are needed.
Design/methodology/approach
The co-author from Rolls Royce (RR) illustrates the risks experienced and risk management approaches taken in its manufacturing and supply chain operations both in the earlier stages of the pandemic as well as after the first year of the pandemic.
Findings
The COVID-19 pandemic offers a unique risk scenario that is beyond the scope of most existing risk management literature. The impact of the pandemic is very multi-faceted, not location specific but very global and experienced throughout the entire supply chain, across industries and over a much extended timeline with multiple time horizons. In manufacturing operations, there have been major instances of supply chain heroism in the first year of the pandemic and there is a lot more work ahead.
Originality/value
The authors' co-created paper enriches the perspective on COVID-19 research in manufacturing and supply chain operations by pointing at empirical opportunities, the need for more inter disciplinary research and the need to consider multiple time horizons.
Details
Keywords
Abel Yeboah-Ofori and Francisca Afua Opoku-Boateng
Various organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their…
Abstract
Purpose
Various organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.
Design/methodology/approach
The approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security.
Findings
The results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.
Research limitations/implications
The paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations.
Practical implications
Attack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.
Social implications
There are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.
Originality/value
The paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.
Details
Keywords
Matthias Ehrlich, David Woodward and Robert Tiong
Foreign exchange risk might exist in any situation where a business' operations can be affected by changes in exchange rates. The objectives of the present paper, are therefore to…
Abstract
Purpose
Foreign exchange risk might exist in any situation where a business' operations can be affected by changes in exchange rates. The objectives of the present paper, are therefore to identify the current state‐of‐practice in managing foreign exchange exposure.
Design/methodology/approach
To present a wide perspective the analysis includes questionnaire surveys regarding foreign exchange exposure in three different sectors. The three sectors are: international special purpose companies engaged in project financing; large‐scale international construction companies; and highly export‐oriented small and medium‐sized enterprises, all based in Singapore.
Findings
The analysis demonstrates that all three sectors are exposed to a degree of foreign exchange risk. The paper also demonstrates that foreign exchange exposure is not as very well managed as it might be.
Practical implications
The three sectors might have different needs in protecting their cash flow from foreign exchange exposure but the analysis could help them learn from one another in identifying common trends and drawing universal conclusions where appropriate.
Originality/value
To improve on the presently identified state‐of‐practice, various foreign exchange risk mitigation techniques more commonly used, their perceived effectiveness, and factors of concern in using them, are discussed.
Details
Keywords
Uzay Damali, Enrico Secchi, Stephen S. Tax and David McCutcheon
Customer participation (CP) has received considerable interest in the service literature as a way to improve the customer experience and reduce service providers' costs. While its…
Abstract
Purpose
Customer participation (CP) has received considerable interest in the service literature as a way to improve the customer experience and reduce service providers' costs. While its benefits are not in question, there is a paucity of research on potential pitfalls. This paper provides a conceptual foundation to address this gap and develops a comprehensive model of the risks of customer participation in service delivery, integrating research from the marketing, operations and supply chain management, strategy, and information technology fields.
Design/methodology/approach
The model is derived deductively by integrating insights from research in marketing, operations and supply chain management, strategy, and information technology.
Findings
This paper identifies three categories of potential risks of CP (i.e. market, operational, and service network) and discusses ways that firms can mitigate these risks. Building on the model, it develops a CP risk assessment tool that managers can use when evaluating increases in CP.
Research limitations/implications
The conceptual model proposed in this paper can serve as a robust basis for future research in customer participation, particularly in such areas as sharing economy services, service delivery networks, and experiential services. The risk assessment tool offers clear guidelines for managers who are considering an increase in customer participation in their service.
Originality/value
This is the first attempt to conceptually define customer participation risk and develop a comprehensive model of its drivers and strategies to mitigate it. This paper develops a straightforward method for managers to evaluate CP risk.
Details
Keywords
The purpose of this paper is to suggest the utility of an emergency management perspective as a guide for policy makers as they respond to the challenges of global climate change.
Abstract
Purpose
The purpose of this paper is to suggest the utility of an emergency management perspective as a guide for policy makers as they respond to the challenges of global climate change.
Design/methodology/approach
This analytical paper begins with a review of scientific literature in an effort to highlight the consensus about risks and vulnerabilities associated with climate change or global warming. Applying the terminology and techniques of natural disaster planning, preparedness, response, and mitigation to climate change, an emergency management perspective is articulated as a viable framework for policy development.
Findings
Based on the evidence of a growing consensus in the scientific assessment of climate change, and the need for policy interventions to address the risks and vulnerabilities associated with it, the need for a unifying perspective for policymakers at all levels is apparent. An emergency management perspective is offered herein and holds the potential to provide a foundation for meeting that need.
Research limitations/implications
An emergency management perspective for global climate change highlights the linkages between the challenges it poses and natural disaster preparedness in general. This may enable policy analysts to draw on the natural hazards literature and techniques as a guide for planning and policy development.
Practical implications
The effort to create a consensus of approach that will enable policy makers to speak the same language, participate in the same analysis, contribute to the same dialogue, and pursue the same goals may be advanced by this discussion.
Originality/value
An emergency management perspective on climate change may offer the potential for developing the least problematic model for policy makers to incorporate as they seek to make their efforts more consistent and more responsible in the face of a global challenge.
Details
Keywords
Kalinga Jagoda and Patrick Wojcik
With the increasingly complex global environment companies are facing increased regulations. Financial and social risks are often overlooked but the key in establishing the…
Abstract
Purpose
With the increasingly complex global environment companies are facing increased regulations. Financial and social risks are often overlooked but the key in establishing the necessary framework for risk management. Under pressure(s) from the media, public and government, the current companies within the oil and gas fields have taken precautionary steps to reduce their carbon footprint and have allowed technological innovations to take a proactive role in maintaining efficiency and sustainability. The purpose of this paper is to propose a framework outlining how organizations are implementing risk assessment and analysis to determine sustainable operations and methods in developing low-risk outcomes.
Design/methodology/approach
The authors used a case study approach to develop and illustrate the risk management framework.
Findings
This study provides a theoretical framework for analyzing and reducing risk within the oil and gas sector through explaining various means of innovation and sustainability. Risk integration and mitigation are modeled and quantified within an evolutionary framework. The case study illustrates the risk management techniques currently used in a corporate setting.
Originality/value
Using innovation and sustainable technologies, organizations can take a proactive role in reducing risk in the oil and gas industry in northern Alberta. Providing shareholders with an innovative framework dealing with strategic implications to reduce risk in compliance with operational costs.
Details