Security & Risk

Analysis
Thinking About Thinking
(Structured or Sense-Making)

Tony Ridley MSc CSyP CAS MSyl

Risk, Security, Safety, Resilience & Management Sciences (Applied) www.risk-management.au
Security & Risk Analysis: Structured or Sense-Making?

A foundational, yet under emphasised, element of security and risk

analysis is the means in which we think about the environment,
context, threat and subsequent concerns that result in the
management of security and risk issues of the day.

In short, the way we think about problems of security and risk

influences our analysis that must remain a key inclusion of over
overall assessment of threats, harms and danger because we may
distort the truth to suit our own limitations or beliefs.
Tony Ridley MSc CSyP CAS MSyl
Risk, Security, Safety, Resilience & Management Sciences (Applied) www.risk-management.au
Security & Risk Analysis: Structured or Sense-Making?

Two schools of thought within analytic and intelligence approaches are that of structured
analysis and sense-making.

The primary distinction, when applied as a repeatable, rigorous process is that structured
forms a more machine learning approach, whereas sense-making provisions for humans as
sentient, intelligent beings, aware of their own role and contribution to the process.

Put another way, structured seeks to disconnect human flaws and limitations in lieu of
robotic, infallible procedures evident in post-incident analysis and audits. Sense-making is
reflexive and compounds learning, knowledge and experience.

Tony Ridley MSc CSyP CAS MSyl

Risk, Security, Safety, Resilience & Management Sciences (Applied) www.risk-management.au
Security & Risk Analysis: Structured or Sense-Making?

Management, courts, investigators, auditors and the post-crisis public

prefer structured analysis and all its limitations.

Sense-making tends to yield broader perspectives and more inclusive

results utilising the inherent and nurtured intelligence of humans.

Especially when it comes to security and risk analysis.

Tony Ridley MSc CSyP CAS MSyl

Risk, Security, Safety, Resilience & Management Sciences (Applied) www.risk-management.au
Security & Risk Analysis: Structured or Sense-Making?

Therefore, it remains essential to

disclose, consider and evaluate the
thinking process utilised to create
security and risk work product.

Analysis, assessments, ratings,

matrices, registers.

Tony Ridley MSc CSyP CAS MSyl

Risk, Security, Safety, Resilience & Management Sciences (Applied) www.risk-management.au
Security & Risk Analysis: Structured or Sense-Making?

No matter the work product, output or end state... the prevailing

analytical thinking models used by individuals and groups remains
concealed behind the results and must be analysed with each
produced analysis and on a routine basis.

Wicked problems require wicked thinking, not universal checklists

or constrained analysis.

Tony Ridley MSc CSyP CAS MSyl

Risk, Security, Safety, Resilience & Management Sciences (Applied) www.risk-management.au
Security & Risk Analysis: Structured or Sense-Making?

In sum, the value and efficacy of any and all security and risk
analyses are entirely dependent upon the thinking process
and procedures utilised by one or more humans. As a result,
greater consideration, awareness and education should be
focused in this area, in addition to critical reviews of these
and other processes that invisibly contribute to one or more
security or risk perspectives... long before management even
arrives.
Tony Ridley MSc CSyP CAS MSyl
Risk, Security, Safety, Resilience & Management Sciences (Applied) www.risk-management.au