Risk Scenario Building

Being risk-informed, requires a constant reappraisal of capabilities and challenges. One of the main aims of scenario-building is to develop situational awareness and explore 'critical' uncertainties. An organisation cannot really decide how critical an uncertainty is until it first tackles the issue of deficient risk awareness. Optimal Risk provides a proprietary scenario-building methodology that builds that awareness in a form that empowers decision-makers, and priorities for risk mitigation initiatives.

The convergence of risk requires a shared understanding between physical and IT security functions. Both require a broader appreciation of dynamics & uncertainty, if they are to be better prepared, and work towards multi-dimensional solutions.

Drawing the appropriate conclusions from scenario exercises leads to a re-examination of priorities for security procedures, and investment in processes & technology, which is likely to involve both security functions.

Building a shared understanding of priorities is crucial to scenario-building because subsequent investment decisions will related to most future risks, and justify better investment decisions.

Scenarios enable managers to prepare a schedule of responses, and serve as roadmaps for setting future investment & priorities without dismissing certain risks on the basis of lack of awareness, or misunderstanding of interdependent dynamics.

Scenarios are specifically relevant to developing a shared appreciation of risks, particularly when mapping interdependencies, and their function within the larger networks of infrastructure

This can serve a number of purposes, both in identifying sources of risk, and preparing for crisis response as well as constructing exercise scenarios that are more relevant

Using Scenarios to Build Deception Plans

The scenario building process can be specific tailored to illustrate several ways that a threat can evolve, and develop into different plausible outcomes that deception planners need to anticipate and exploit.

The scenario build creates specific points of focus around attacker intentions, capabilities, and behavioural uncertainties, which will drive tactical deception decisions, dynamically.

They also build awareness of how the relationship between key factors can influence attacker decision-making, and better understanding of how defenders can manipulate them.

More importantly scenarios can specifically establish recognition of unwanted outcomes and the vulnerabilities that deception may create, and inform options & implications for the trade-offs that managers need to consider.

Finally, scenarios help managers to recognise when plans are being ‘challenged by events’, and identify their options at each stage. This in turn can be used to set priorities for war-games that will exercise the capability to respond appropriately to unpredictable and unanticipated events during an attack.

Risk Scenario Building Flyer

  • Please complete your details below and we will email you a copy of our Risk Scenario Building Flyer