This particular post is somehow a continuation of a discussion of the ‘flat Earth’ approach to risk management, commented by Bryan who provided me with a link to an interesting talk by Daniel E. Geer, Jr. Just to let you know in case you are interested in such details.
The point is that the ‘normal’ approach to risk management is only scratching the surface of complex inter-dependencies characteristic to modern systems. We know that everything eventually may depend on everything else, but models that we use cannot cope with it.
What do we do? Intuitively we try to counteract this deficiency by increasing heterogeneity of what is below the surface, believing that statistics will grant us the ‘out of jail’ card. The reasoning seems to be sound: if we have several types of equipment provided by several manufacturers, operating under independently developed policies, then interdependencies between them are probably non-existent, so that we can happily live without exploring them.
It is in a kind of funny, to see how the deficient model of risk derives us into adopting rules that we may not be comfortable with. However, our comfort is less and less justified, mostly because
(a) we do not really know what is below the surface
(b) we are force-fed dependencies that we do not know and possibly do not want
(c) the economy drives us into a greater concentration of dependencies (i.e. less heterogeneity)
I can understand why risk management is afraid of opening the Pandora’s box of inter-dependencies. They are afraid that such an analysis will never end, thus rendering results useless. Indeed, as the modern world is heavily interconnected, everything eventually depends on everything else. So, once we scratch the surface, we can dig deeper and deeper, and end up with the risk analysis that covers the whole world. While true, it will be a rather useless exercise.
Trust Governance takes a different view: as it deals with risk and trust at the same time, it can demonstrate how risk eventually folds into trust, so it can actually limit the extent of risk analysis to the number of levels that are manageable. It is not just the surface, but it is also not the limitless depth. It is just a set of five rules that can be repeated as many times as we like, but that can also terminate the analysis of risk at the depth that we are comfortable with.