Semester: Spring 2023 (tentative) Fall 2022 Summer 2022 Spring 2022 Fall 2021 Summer 2021 Spring 2021 Fall 2020 Spring 2020 Fall 2019 Summer 2019 Spring 2019
Professional/Experiential Skills Courses First Year Courses Only

Organizational Resilience & Crisis Management (LAW-795OR-001)
Karl Hopkins

Notices

Description

The globe has become faster, smaller, and more connected in the twenty-first century. Businesses face new and unique risks as a result of globalization, the digital revolution, and the ever-increasing speed of technological innovation. Organizations face risks that are not only local—with the possible impact on a single person, office, or region—but rather every security incident increases the likelihood of a worldwide impact on a company's assets, personnel, and reputation. These dangers extend far beyond standard operational dangers. External adversaries, insiders, competitors, and geopolitical risks all pose challenges to businesses today. Individuals, criminals, state-sponsored actors, and, in some cases, hostile nation states can all be considered adversaries. Simply said, the risk profile for private enterprises is higher than ever before, as they face concerns and enemies that were previously only faced by nation states. Most are unprepared to deal with them. To survive, they must adapt to their surroundings.

Failure to devote appropriate attention and resources to these developing dangers is one of the most serious hazards confronting companies today. This is frequently due to a failure to recognize the dangerous environment or a lack of available resources. Furthermore, even entities with the necessary resources frequently lack a complete grasp of how to integrate them to produce a final intelligence product that is trustworthy, adaptive, and actionable in real time. Today, many businesses cannot make complex risk treatment decisions as they fail to convert risk data into actionable threat intelligence.

Furthermore, the increasing complexity of privacy regulations, data classification/sovereignty requirements, technological advancements, a shifting threat environment, and global instability necessitate enormous resources to keep up. All of this comes at a high price.

Aside from the preceding, the nexus between technology, regulation, security, organizational operations, and people are getting increasingly entwined. In the twenty-first century, it is impossible to draw a clear line between risk categories as legal, cyber, physical, reputational, financial, and so on. Each risk category contains elements of the others and is inextricably intertwined. Furthermore, organizations' approaches to these risks are developing. They now necessitate interdisciplinary teams of integrated stakeholders acting in real time, not only to mitigate and remediate risk but also to foresee risk because they do not have the luxury of time to react. What was formerly considered a risk event or a disaster is now a continuous operating reality. The speed and complexity of risk events are expanding at a greater rate than ever before, particularly in cyberspace.

To effectively manage this multifaceted risk environment, today's global enterprises must modify their security mindset. They must get away from the attitude of static weapons, guards, gates, and firewalls. They must create a fully integrated, operationally efficient global security organization that can operate in real time and is based on an active intelligence model. It must be able to collect and analyze data. It must be inventive and capable of anticipating threats in order to avoid them rather than simply reacting to them once they have occurred. However, in the event of a crisis, the organization must be prepared to respond decisively in order to preserve its people and assets. And all of this must be done on a budget that will never be fully adequate. Instead of loss prevention or crisis management, organizations must consider resiliency.

Textbooks and Other Materials

The textbook information on this page was provided by the instructor. Students should use this information when considering purchases from the AU Campus Store or other vendors. Students may check to determine if books are currently available for purchase online.

There are some chapters extracted from practical textbooks which will be provided. Students will receive a global threat analysis on a regular basis that is produced for clients of the instructor’s law firm. This information is for use in this class only and is not to be distributed externally. Additionally, there will be selected readings in support of the concepts discussed during each class. These are described in more detailed below.

First Class Readings

Required Readings

Leflar, J. J. (2012). Organizational Resilience Managing the Risks of Disruptive Events –A Practitioner’s Guide. Boca Raton, FL: CRC. (Chapter 1)

Jankensgård, H., & Kapstad, P. (2021). Empowered Enterprise Risk Management Theory and Practice. Chichester, West Sussex, UK: Wiley. (Chapters 1 & 2)

Antonucci, D. (2017). The Cyber Risk Handbook Creating and Measuring Effective Cybersecurity Capabilities. Hoboken, NJ: John Wiley & Sons. (Chapters 1 to 3)

Yang, C. (2021, March 23). How To Cultivate Organizational Resilience Before The Next Crisis. https://www.forbes.com/sites/forbestechcouncil/2021/03/22/how-to-cultivate-organizational-resilience-before-the-next-crisis/?sh=6418e53045f2

Deloitte. (2021). Building The Resilient Organization 2021 Deloitte Global Resilience Report. https://www2.deloitte.com/content/dam/insights/articles/US114083_Global-resilience-and-disruption/2021-Resilience-Report.pdf

Morales, S. N., & Martínez, L. R. (2019, February 7). Predictors of organizational resilience by factorial analysis. https://journals.sagepub.com/doi/10.1177/1847979019837046

Suarez, F. F., & Montes, J. S. (2021, June 02). Building Organizational Resilience. "https://hbr.org/2020/11/building-organizational-resilience

Xiao, L., & Cao, H. (2017, January). Organizational Resilience: The Theoretical Model and Research Implication. https://www.researchgate.net/publication/319486271_Organizational_Resilience_The_Theoretical_Model_and_Research_Implication

Yang, C. (2021, March 23). How To Cultivate Organizational Resilience Before The Next Crisis. https://www.forbes.com/sites/forbestechcouncil/2021/03/22/how-to-cultivate-organizational-resilience-before-the-next-crisis/?sh=6418e53045f2

Background Readings

Fréminville, M. D. (2020). Cybersecurity and Decision Makers Data Security and Digital Trust. Hoboken, NJ: Wiley. (Chapters 1 & 2)

Engemann, K. J., & Henderson, D. M. (2012). Business Continuity and Risk Management: Essentials of Organizational Resilience. Brookfield, CT: Rothstein Associates. (Sections 1 & 3)

Paganini, P. 2017. The most common social engineering attacks. http://resources.infosecinstitute.com/common-social-engineering-attacks/#gref

Perelman, B. 2016. Cyberthreats targeting the factory floor. http://www.industryweek.com/information-technology/cyberthreats-targeting-factory-floor

Fife, L. 2017. How much does 1 hour of downtime cost the average business? https://www.randgroup.com/insights/cost-of-business-downtime/

Hern, A. 2017. Hacking risk leads to recall of 500,000 pacemakers due to patient death fears. https://www.theguardian.com/technology/2017/aug/31/hacking-risk-recall-pacemakers-patient-death-fears-fda-firmware-update

Murphy, T. & Bailey, B. 2015. Hackers mine for gold in medical records. https://www.bostonglobe.com/business/2015/02/06/why-hackers-are-targeting-medical-sector/xxjFN6G3cFJZ8Fh3mF3XhN/story.html

https://www.trendmicro.com/vinfo/es/security/news/cyber-attacks

https://privacyrights.org/topics/security

https://iapp.org/

Syllabus

Use your MyAU username and password to access the syllabus in the following format(s):

• Adobe Acrobat (PDF)