Question

Apply and elaborate by providing real-life examples on the below mentioned basic concepts that are associated with risk management as per NIST (National Institute of Standards and Technology).   

a. TRUST AND TRUSTWORTHINESS

b. ORGANIZATIONAL CULTURE

Answer 1

Apply and elaborate by providing real-life examples on the below mentioned basic concepts that are associated with risk management as per NIST (National Institute of Standards and Technology).   

a. TRUST AND TRUSTWORTHINESS:

Trust is an important concept related to risk management. How organizations approach trust influences their behaviors and their internal and external trust relationships. This section introduces some conceptual ways of thinking about trust, defines the concept of trustworthiness, and shows how the concept of trustworthiness can be used in developing trust relationships.

Explicitunderstandingandacceptanceoftherisktoanorganization’soperationsandassets,individuals,otherorganizations,andtheNationbyseniorleaders/executives(reflectingtheorganization’srisktolerance)aremadeinaccordancewiththeorganization’sriskmanagementstrategyandaprerequisiteforestablishingtrustrelationshipsamongorganizations.

Trustworthiness is an attribute of a person or organization that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities. Trustworthiness is also a characteristic of information technology products and systems . The attribute of trustworthiness, whether applied to people, processes, or technologies, can be measured, at least in relative terms if not quantitatively.48 The determination of trustworthiness plays a key role in establishing trust relationships among persons and organizations. The trust relationships are key factors in risk decisions made by senior leaders/executives.

Trustworthinessisakeyfactorintheselectionandwiseuseofinformationtechnologyproductsusedinorganizationalinformationsystems.Insufficientattentiontotrustworthinessofinformationtechnologyproductsandsystemscanadverselyaffectanorganization’scapabilitytosuccessfullycarryoutitsassignedmissions/businessfunctions.

ORGANIZATIONAL CULTURE

Organizational culture refers to the values, beliefs, and norms that influence the behaviors and actions of the senior leaders/executives and individual members of organizations. Culture describes the way things are done in organizations and can explain why certain things occur. There is a direct relationship between organizational culture and how organizations respond to uncertainties and the potential for near-term benefits to be the source for longer-term losses. The organization’s culture informs and even, to perhaps a large degree, defines that organization’s risk management strategy. At a minimum, when an expressed risk management strategy is not consistent with that organization’s culture, then it is likely that the strategy will be difficult if not impossible to implement. Recognizing and addressing the significant influence culture has on risk-related decisions of senior leaders/executives within organizations can therefore, be key to achieving effective management of risk.

Recognizing the impact from organizational culture on the implementation of an organization-wide risk management program is important as this can reflect a major organizational change. This change must be effectively managed and understanding the culture of an organization plays an important part in achieving such organization-wide change. Implementing an effective risk management program may well represent a significant organization-wide change aligning the people, processes, and culture within the organization with the new or revised organizational goals and objectives, the risk management strategy, and communication mechanisms for sharing risk-related information among entities. To effectively manage such change, organizations include cultural considerations as a fundamental component in their strategic-level thinking and decision-making processes (e.g., developing the risk management strategy). If the senior leaders/executives understand the importance of culture, they have a better chance of achieving the organization’s strategic goals and objectives by successfully managing risk