• Community Blog

COMMUNITY BLOG - James Meikle - BBQing Risks Steakments (Statements)

Updated: Jan 27

The community blog posts are written by InfoSec professionals from diverse sectors who have kindly provided articles for free to support the demystifying of cyber.


Author: James Meikle


BBQing Risks Steakments Statements


Risk statements have the power to deliver a strong message to people from all backgrounds on something bad that might happen. To be clearly understood common language should be used. There are a few different ways to formulate risk statements this is just one of the common ones. PS: We all need an acronym swear jar!

As I would like to see more powerful messages and I like Aussie BBQ's. It is time for a combo!

Diving in at BBQs you usually need a story, keep the interest going use common tongue, use Aussie slang rarely. You tell a story, and you hope people understand it. Your feedback is provided by still having an audience and as you practice you get better at it. There is a formular for success of storytelling – its watchable if you do not do this yourself.

A formula is also needed for successful risk talking. Let us try a minimal one (in BBQ speak) and yes, I had to change it for the example – but it is still based on a true story in our very own Gold Coast of Australia!

“Our family fun day on a whale sighting trip may be ruined by naughty jet skiers that get too close scaring off whales resulting in no fun and children in tears.”

This is going to get a bit quirky but let us try take this apart. My rough translation of talking risk is people trying to explain the effect of uncertainty against what they want to occur so they can help the situation.

Event

An event is something that happens due to something else that disrupts its objective. In this example the objective is family fun, and the event is a whale sighting tour. Keep it to one event per statement.

“Our family fun day while on a whale sighting trip may be ruined”

Cause

The jet skis cannot be linked directly to kids crying their little hearts out as their effect of being there is scaring whales. Cause and event can be mixed up if you are not careful – events have objectives causes do not. There can be more than one cause.

“… by naughty jet skiers that get too close scaring off whales”

Consequence

The worst examined outcome for the day was whales not being seen on a (first-time) sightseeing tour with crying kids and ruined day. I always seem to focus on this one since it is the meaty part of why we should care about the risk. There can be more than one consequence.

“… resulting in no fun and children in tears”

Okay since my BBQ stories have happy endings when involving children, I must add this bit…

“The day was saved by instant karma when the pair were intercepted by the cops waved at by a few really happy children and camera people. Kids got to see a whale. Day Saved!”

It has been said before we cyber people must speak many languages but common is the most important.

My quick tips advice

1. Use common language

2. Use specific industry language sparingly - only if you must (Aussie Slang at BBQs!)

3. Use an obvious formular like: There is a risk that “Event” occurs that can be “caused by” resulting in “the bad thing”.

4. Use your voice and read them out loud (take care of surroundings people)

5. Use the basic one you come up with to build on what you and add to the narrative.

Break up the statement using spreadsheeting or other tools to make it easier to consume if appropriate

6. Use ISACA’s good quality risk statement questions to sound your content:

What could happen, Why could it happen, Why do we care.

Helpful links

https://www.isaca.org/


.......................

COMMUNITY BLOG - guest author James Meikle - 26 January 2022

31 views0 comments

Recent Posts

See All

The community blog posts are written by InfoSec professionals from diverse sectors who have kindly provided articles for free to support the demystifying of cyber. Author: Ella