***** Catastrophic Impact and Loss: The Capstone of Impact Assessment. By Kevin D. Burton. CRC Press; crcpress.com; 348 pages; $59.95; also available as e-book.
Risk management is a dynamic and interesting field because security threats are always evolving. The interplay between threats and conventional risk management strategies has spurred many books. However, none covers this topic in more detail or with greater insight than this work by Kevin Burton, a skilled practitioner of business continuity and disaster recovery disciplines. The author takes a complex view of risk management by probing into the uncertainty of the sociopolitical climate in our world today as it relates to probable and possible threats. Readers could find themselves adrift in minutiae as they wade through the layers of considerations that Burton offers up in support of his broad-based view of assessing risks.
The work is chock-full of charts, graphs, and illustrations and also boasts a robust table of contents more reminiscent of a graduate-level textbook than a security practitioner’s reference book. That said, this publication is well organized and flows nicely, with each chapter highlighting key terms, reader objectives, summaries, and questions.
Expanding upon his previous work, Managing Emerging Risk: The Capstone of Preparedness, Burton delves into the current state of risk management and “postmodernism” to describe the pitfalls in failing to recognize and consider the importance of global interdependencies. Burton thoroughly examines his conviction that risk assessments are only the first step in understanding terror attacks and disasters. He presents a compelling case full of innovative insights that can benefit risk management professionals who are seeking advice in a time of economic, military, and political change.
The author explores what he sees as fundamental flaws in our current approach to assessing risks. He encourages practitioners to consider not only potential threats but also the broad impact that disastrous events make on an enterprise’s complex supply-chain structure. Burton establishes “Five Guiding Principles of Potential Impacts” by closely examining the effects that interdependencies of suppliers and distributors can have on an organization’s core values. Throughout the book, the author uses current events, such as the 2011 Japanese earthquake and the outage of the Amazon cloud computer data center, to energize the national dialogue and engage practitioners. Burton effectively dissects these events and peppers them with worst-case scenarios as he skillfully describes the convoluted risk matrix facing today’s “hypercomplex, Intertwined, role-specific” organization.
Burton concludes that practitioners with in-depth knowledge of risk and mitigation strategies must not present a watered-down message to stakeholders. They should instead offer a stout deliverable that may present the customer with uncomfortable “reminders of death,” albeit in a precise way.
The methodologies offered in this book are sound concepts based upon fundamental risk management principles; however, they are expanded to take into account the evolving global interdependences of the digital age. This book would be a good reference for security practitioners tasked with risk management and the development of emergency management strategies.
Reviewer: Douglas K. Beaver, CPP, president of International Risk Associates, has more than 30 years of law enforcement and security industry experience that has taken him to high-threat regions in the Middle East, South America, and Asia. He currently serves on the ASIS Global Terrorism, Political Instability, and International Crime Council.