In the defense industry operational risk is a big deal. Operation risk is that risk associated with an organizations activities. That is a broad term that applies to any organization, but in the defense industry operational risk can also be the risk of human life so its a HUGE part of DIARMF & risk management framework.
Confidentiality, Integrity and Availability in Operational Risk
A big part of operational risk is trusting you people to safeguard the confidentiality, integrity and availability of operational information.
When I was in the military, it meant keeping our mouth shut about missions. In high profile cases, the media was a huge operational risk because they would try to give away the positions of US Armed services in the middle of a war. For them its important journalism, for the guy on the ground that kind of operational information is life or death. In defense, to mitigate operational risk they practice they give the people the least amount of information and privileges they need to do there job. Because if ONE person knows everything there is a great risk that they will intentionally or accidentally release information that can damage or destroy the operations of the organization by leaking it. Information leakage is very popular these days, as there is less and less loyalty and more and more access to all information.
Operational risk is much harder to manage these days. People are more likely to keep the secrets of something they are stakeholders in than a pumped up since of pride. I think its because information is so freely available its improbable to promote a one sided view of any conflict or historical perspective.. but perhaps we are getting to sociological and political.
Stakeholders are more interested in hard facts than feel good perspectives of one beliefs. I think that is why companies like Apple and Google are better at operational risk management than the US government. But I am sure its also because the US government has an exponentially larger and more critical mission where lives, livelihoods and lifestyle are at stake. So maybe that is a poor comparison.
Operation Risk vs Profit
Since operational risk does not MAKE profit it is often overlook and ignored by private organizations. Larger organizations with LOTS of critical data understand the importance of operational risk especially once they see that critical data walk out the door. When a private organization sees their competition using their exact information due to leaks in confidentiality they realize they must do a little data loss prevention (DLP) which is directly related to Operational risk management.
There are system that are designed to automatically detect data loss such as McAfee Total Protection for Data Loss Prevention.
[…] approach to information security. It included risk management, information protection, operational risk, business risk, assurance technology and much […]