Security By Design - Part 8

My last blog posts have focused on introducing Systemic Digital Risk in Complex Digital Environments and exploring new frameworks with which to assess Risk in today’s business environments.

Systemic Digital Risk in Complex Digital Environments

I shared the view that Systemic Risk is the threat that component failure in a complex system will cascade and jeopardize the much larger system, and identified five elements of systemic risk that can significantly impact eight digital domains that work together across complex digital systems to produce and preserve business value. These lead us to new models for Integrated Risk Management … the DiRECTOR™ and RISCX™ frameworks (Source: “Systemic Digital Risk: Understanding and Overseeing Complex Digital Environments with The DiRECTOR™ And RISCX™ Frameworks”, Digital Directors Network. Used with permission).

As a quick start to the new year, let’s review the DiRECTOR™ and the RISCX™ frameworks.

The DiRECTOR™ framework shows us eight key domains that enable complex digital systems. From a corporate director’s perspective, these domains represent the key risk areas within a business’ digital system. The domains are co-dependent and influence/control how a digital business system functions and supports business value.

The RISCX™ framework presents for us five drivers of risk which are unique to today’s massively complex and interconnected digital system. Traditional risk management frameworks and assessment models often fail to consider and address these unique drivers of risk which have been seen to be the cause of system and systemic failure on a massive scale.

To fully understand, appreciate, and represent Systemic Digital Risk in the Complex Digital Environments with which we operate our businesses today calls for us to examine each of the five drivers of risk (RISCX™ framework) against each of the eight domains of complex digital systems (DiRECTOR™ framework).

Assess Complex Digital Systems for Systemic Risk Contagion Weakness

Business value, the key digital domains that drive it, and the elements that can cause systemic risk combine as an integrated framework with which to fully view systemic risk in digital systems. By taking this approach to assessing risk we can reveal significant gaps in our understanding of component and systemic risk throughout our digital business systems. This is a risk model that can be applied at any level of an organization, including programs, projects, business units and enterprises. It is only when systemic risk in complex digital systems is understood, that it can be fully managed and mitigated.

This is an approach that reframes how executives and corporate directors comprehend complex systemic risk in digital business ecosystems. It is intended to provide a blueprint for how technology executives can communicate the complex issues they manage to the attention to their senior executive leadership and to the boardroom in a way that resonates with a senior executive’s and/or corporate director’s responsibilities and mindset.

Bringing these views together allows us to frame risk against business value, or rather, assessing risk to the business value of our organizations.

In my next series of posts, I will endeavor to explore with you the exploding Global Risk Ecosystem that threatens our businesses today and into the future, and to help you self-assess as you ask your organization the following question: Do you and your business have the ability to anticipate, prepare for, and adapt to changing conditions to withstand, respond to, and recover from a Cyber Business Disruption?

Note: Source Material for this post- “Systemic Digital Risk: Understanding and Overseeing Complex Digital Environments with The DiRECTOR™ And RISCX™ Frameworks”, Digital Directors Network.

Joseph F. Norton is a Risk, Security, and Crisis Management professional.

He is a founding member and Qualified Technology Executive of the Digital Directors Network, Chair of the Advisory Board with Next Era Transformation Group, and Chief Security Officer with APF Technologies.

He has served as Chief Security Officer, SVP at Atos, Chief Technology Officer and Head of Operations, SVP at Philips, Chief Technology Officer, SVP at Novartis, Executive-in-Residence with McKinsey & Company, and Chief Technology Officer at McDonald’s. He has also held professional roles during his career with JPMorgan Bank, Oracle, Sybase and Grumman Aerospace Corporation, and the United States Navy.