Sunday, April 07, 2019

Preemption: An Operational Risk Perspective...

"The global regulation of cybersecurity is one of the most contentious topics on the international legal plane. States, the actors primarily responsible for arranging most other international regulatory regimes, have so far been incapable of reaching a consensus on how to govern international cyberspace. For example, in 2017, the United Nations Group of Governmental Experts, arguably the most promising effort to create international norms for cyberspace, collapsed. In this vacuum, private tech companies are seizing the opportunity to create norms and rules for cyber operations, essentially creating a privatized version of cybersecurity law."  LawfareBlog Ido Ikilovaty

Preemption - A Knife That Cuts Both Ways by Alan M. Dershowitz should be considered for the professional Operational Risk Managers reference library:

Decisions to act preemptively generally require a complex and dynamic assessment of multiple factors. These factors include at least the following:
  1. The nature of the harm feared.
  2. The likelihood that the harm will occur in the absence of preemption.
  3. The source of the harm--deliberate conduct or natural occurrence?
  4. The possibility that the contemplated preemption will fail.
  5. The costs of a successful preemption.
  6. The cost of a failed preemption.
  7. The nature and quality of the information on which these decisions are based.
  8. The ratio of successful preemptions to unsuccessful ones.
  9. The legality, morality, and potential political consequences of the preemptive steps.
  10. The incentivizing of others to act preemptively.
  11. The revocability or irrevocability of the harms caused by the feared event.
  12. The revocability or irrevocability of the harms caused by contemplated preemption.
  13. Many other factors, including the inevitability of unanticipated outcomes (the law of unintended consequences).
Regardless of the agreement or bias of the reader, this book makes you think upside down and sideways about decisions you have made, and will make.

While Mr. Dershowitz takes time to make his own opinions known, his mastery of building the foundation for transformation is unequaled on such a topic; controlling dangerous and destructive human behavior and how to confront terrorism, crime and warfare.

During the course of a single day in the life of the Operational Risk Manager there are dozens if not hundreds of preemptive or preventive decisions to be made.

Private Sector vs. Public Sector is not so much the issue here. Whether you are the Chief Operational Risk Officer at a major banking institution or the Commander in the local Emergency Operations Center, you both have the same dilemma.

A decision must be made quickly and you must be able to live with the implications of either decision.

No comments: