Hur åtgärdar offentliga aktörer deras cybersäkerhet efter att ha blivit utsatta för cyberattacker? / How do public actors address their cyber security after cyber attacks against them?

Mohammed Abdu, Mohammed, Alsaif, Anas

January 2023

Digitization has been a growing phenomenon in today's society where organizations, individuals and society at large are affected by it. In pace with the emerging use of digitization,a realization of the relevance of cyber security in the public sector has increased, but not to a sufficient extent. Cyber security is about processes used to protect personal information and important data in organizations. Cyber security also includes knowledge of cyberattacks, where actors attack an organization's data most often for financial reasons. Cyber attacks have affected the public sector in several countries. The study focuses on known cyber attacks around the world that are related to public actors in healthcare, transport and electricity supply,among others. The study's analysis compares implemented measures after the incidents based on a cyber risk assessment framework. The survey shows that increased investments, new and clear work routines, training for employees and continuous testing of computer systems are important measures for the prevention of cyber attacks. The mentioned main actions that are common between the studied actors are supported by the theoretical frame of reference. This is because frameworks linked to cyber attacks also point out that investments, clear work routines and monitoring of systems contribute to protection against cyber attacks. / Digitalisering har varit ett växande fenomen i dagens samhälle där organisationer, individer och samhället i stort påverkas av det. Med takt av den framväxande användningen av digitalisering, har en realisering av cybersäkerhetens relevans inom den offentliga sektorn ökat, men inte i tillräcklig stor omfattning. Cybersäkerhet handlar om processer som används för att skydda personlig information och viktiga data i organisationer. Cybersäkerhet omfattar också kunskap om cyberattacker, där aktörer angriper en organisations data oftast för ekonomiska skäl. Cyberattacker har påverkat den offentliga sektorn i flera länder. Studien fokuserar på kända cyberangrepp runt om i världen som är relaterade till offentliga aktörer inom bland annat sjukvård, transport och elförsörjning. Studiens analys jämför genomförda åtgärder efter incidenterna utifrån ett ramverk om cyberriskbedömning. Undersökningen visar att ökade investeringar, nya och tydliga arbetsrutiner, utbildning till medarbetare ochkontinuerliga testningar av datasystem är viktiga åtgärder för förebyggande av cyberattacker.De nämnda huvudsakliga åtgärderna som är gemensamma mellan de studerade aktörerna stödjas av den teoretiska referensramen. Detta eftersom ramverk kopplade till cyberattacker påpekar också att investeringar, tydliga arbetsrutiner och övervakning av system, bidrar till skydd mot cyberattacker.

Cyber attacks

Cyber security

Cyber risk management framework

Public sector

Nyckelord: Cyberattacker

Cybersäkerhet

Cyber risk management framework

Offentlig sektor.

Computer Systems

Datorsystem

Communication Systems

Kommunikationssystem

Strategies to Identify and Reduce Workplace Bullying to Increase Productivity

King, Dr. Marvalene

01 January 2019

Workplace bullying caused business owners to lose about 80 million employees' workdays each year. Workplace bullying can cost an organization up to $300 billion for increased medical claims, lost productivity, and employee turnovers, and up to $23 billion in additional expenses, such as costs for employee absenteeism and legal costs. The purpose of this single case study was to explore successful strategies to address workplace bullying used by 7 human resource (HR) managers and executives in 1, small-to-medium-sized organization in Central Florida. The HR managers and executives had 5 or more years of HR experience. The risk management framework and theory of planned behavior were the conceptual frameworks that guided exploration of the phenomenon. Data were collected from semistructured interviews with HR managers and executives and from company artifacts, such as HR and risk management policies. Member checking and transcript review strengthened trustworthiness of data analysis and interpretations. Data were analyzed using thematic analysis. Five themes emerged from the data analysis: enhanced training, encourage reporting, develop HR business partner model, implement policies and guidelines, and enforce zero-tolerance policy. The findings of this study may contribute to positive social change by building awareness of workplace bullying for employees, organizations, and society, and by providing strategies to reduce the number of bullied victims and enrich social harmony within organizations and communities.

Bullying

Incivility

Mobbing

Risk Management Framework

Theory of Planned Behavior

Workplace Bullying

Business

Towards Fault Reactiveness in Wireless Sensor Networks with Mobile Carrier Robots

Falcon Martinez, Rafael Jesus

04 April 2012

Wireless sensor networks (WSN) increasingly permeate modern societies nowadays. But in spite of their plethora of successful applications, WSN are often unable to surmount many operational challenges that unexpectedly arise during their lifetime. Fortunately, robotic agents can now assist a WSN in various ways. This thesis illustrates how mobile robots which are able to carry a limited number of sensors can help the network react to sensor faults, either during or after its deployment in the monitoring region. Two scenarios are envisioned. In the first one, carrier robots surround a point of interest with multiple sensor layers (focused coverage formation). We put forward the first known algorithm of its kind in literature. It is energy-efficient, fault-reactive and aware of the bounded robot cargo capacity. The second one is that of replacing damaged sensing units with spare, functional ones (coverage repair), which gives rise to the formulation of two novel combinatorial optimization problems. Three nature-inspired metaheuristic approaches that run at a centralized location are proposed. They are able to find good-quality solutions in a short time. Two frameworks for the identification of the damaged nodes are considered. The first one leans upon diagnosable systems, i.e. existing distributed detection models in which individual units perform tests upon each other. Two swarm intelligence algorithms are designed to quickly and reliably spot faulty sensors in this context. The second one is an evolving risk management framework for WSNs that is entirely formulated in this thesis.

wireless sensor networks

mobile robots

computational intelligence

distributed computing

risk management framework

Towards Fault Reactiveness in Wireless Sensor Networks with Mobile Carrier Robots

Falcon Martinez, Rafael Jesus

04 April 2012

Wireless sensor networks (WSN) increasingly permeate modern societies nowadays. But in spite of their plethora of successful applications, WSN are often unable to surmount many operational challenges that unexpectedly arise during their lifetime. Fortunately, robotic agents can now assist a WSN in various ways. This thesis illustrates how mobile robots which are able to carry a limited number of sensors can help the network react to sensor faults, either during or after its deployment in the monitoring region. Two scenarios are envisioned. In the first one, carrier robots surround a point of interest with multiple sensor layers (focused coverage formation). We put forward the first known algorithm of its kind in literature. It is energy-efficient, fault-reactive and aware of the bounded robot cargo capacity. The second one is that of replacing damaged sensing units with spare, functional ones (coverage repair), which gives rise to the formulation of two novel combinatorial optimization problems. Three nature-inspired metaheuristic approaches that run at a centralized location are proposed. They are able to find good-quality solutions in a short time. Two frameworks for the identification of the damaged nodes are considered. The first one leans upon diagnosable systems, i.e. existing distributed detection models in which individual units perform tests upon each other. Two swarm intelligence algorithms are designed to quickly and reliably spot faulty sensors in this context. The second one is an evolving risk management framework for WSNs that is entirely formulated in this thesis.

wireless sensor networks

mobile robots

computational intelligence

distributed computing

risk management framework

Managing Merger Risk During the Post-Selection Phase

Heller, Robert W

12 August 2013

Mergers and acquisitions (M&A) are an important part of many companies’ strategic plans, yet they often fail to meet expectations. Part of this failure may be due to a lack of understanding of the risks present during the important period after the initial agreement to merge has been struck and the failure to apply a practical framework for managing these risks. The literature outlines many of the risks managers face and explains risk resolution techniques that can be used to mitigate these risks. Risk management techniques or frameworks have been developed for use in projects involving mergers and acquisitions (M&A), construction, strategic alliances, software requirements development, distributed software projects, and post-merger implementation of information systems. However, to our knowledge, no integrated framework has been developed to manage risks during the post-selection phase of mergers and acquisitions. In this dissertation we identify risks present and the risk resolutions available at this stage of the M&A process via a review of the literature and interviews with experienced managers of mergers and acquisitions. We then develop a practical framework for managing post-selection phase risks in M&A. We analyzed published case studies to evaluate the framework and confirm issues raised in the literature review. Hence, this research contributes to the M&A and risk management literature by identifying and classifying the risks in the post-selection phase of the M&A process, identifying and developing a classification of risk resolution actions linked to those risks, and providing a practical framework that can be used to more comprehensively identify risks and potential risk management strategies.

Mergers

acquisition

risk management

risk management framework

merger risk

improving merger performance

Towards Fault Reactiveness in Wireless Sensor Networks with Mobile Carrier Robots

Falcon Martinez, Rafael Jesus

04 April 2012

Wireless sensor networks (WSN) increasingly permeate modern societies nowadays. But in spite of their plethora of successful applications, WSN are often unable to surmount many operational challenges that unexpectedly arise during their lifetime. Fortunately, robotic agents can now assist a WSN in various ways. This thesis illustrates how mobile robots which are able to carry a limited number of sensors can help the network react to sensor faults, either during or after its deployment in the monitoring region. Two scenarios are envisioned. In the first one, carrier robots surround a point of interest with multiple sensor layers (focused coverage formation). We put forward the first known algorithm of its kind in literature. It is energy-efficient, fault-reactive and aware of the bounded robot cargo capacity. The second one is that of replacing damaged sensing units with spare, functional ones (coverage repair), which gives rise to the formulation of two novel combinatorial optimization problems. Three nature-inspired metaheuristic approaches that run at a centralized location are proposed. They are able to find good-quality solutions in a short time. Two frameworks for the identification of the damaged nodes are considered. The first one leans upon diagnosable systems, i.e. existing distributed detection models in which individual units perform tests upon each other. Two swarm intelligence algorithms are designed to quickly and reliably spot faulty sensors in this context. The second one is an evolving risk management framework for WSNs that is entirely formulated in this thesis.

wireless sensor networks

mobile robots

computational intelligence

distributed computing

risk management framework

A systematic approach to enterprise risk management

Benjamin, Nicolas James

03 1900

Thesis (MEng)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: In the current economic climate where credit crises, fluctuating commodity prices, poor governance, rising unemployment and declining consumer spending exist, risk management is of utmost importance. Proclaiming the existence of a risk management strategy is not enough to ensure that an enterprise achieves its objectives. The implementation of a holistic enterprise-wide risk management framework is required in order to execute strategies and achieve objectives effectively and efficiently Two types of risk management have emerged in industry, namely quantitative and qualitative risk management. On the one hand, qualitative analysis of risk can be done quickly and with minimal effort. However, these methods rely on the opinion of an individual or group of individuals to analyse the risks. The process may be highly subjective and does not fully consider the characteristics of the enterprise. This renders qualitative risk analysis as an ineffective singular strategy although it has been shown to be effective when the risks are well understood. Quantitative analysis, on the other hand, is particularly effective when the risks are not well understood. These methods have been shown to provide substantially more information regarding risks compared to qualitative analysis. However, many quantitative risk management methods presented in literature are studied in isolation and not within the context of a holistic risk management process. Furthermore, quantitative methods tend to be complex in nature and require a reasonable understanding of mathematical and statistical concepts in order to be used effectively. In view of this, there is a need for an enterprise risk management framework that emphasises the use of qualitative methods when the risks are well understood and quantitative methods when in-depth analyses of the risks are required. In this study, a systematic enterprise-wide risk management framework that incorporates both quantitative and qualitative methods was developed. The framework integrates these methods in a logical and holistic manner. The quantitative methods were found be to be largely practical while the qualitative methods presented are simple and easy to understand. / AFRIKAANSE OPSOMMING: In die huidige ekonomiese klimaat waar krediet krisisse, wisselende kommoditeitspryse, swak bestuur, stygende werkloosheid en dalende verbruikersbesteding bestaan, is risikobestuur van die uiterste belang. Die verkondiging van die bestaan van 'n risiko bestuurstrategie is nie genoeg om te verseker dat 'n onderneming sy doelwitte bereik nie. Die implementering van 'n holistiese ondernemings- breë risikobestuursraamwerk is nodig om strategieë en doelwitte doeltreffend en effektief te bereik. Twee tipe risikobestuur het na vore gekom in die bedryf, naamlik kwantitatiewe en kwalitatiewe risikobestuur. Aan die een kant , kan kwalitatiewe ontleding van risiko vinnig en met minimale inspanning gedoen word. Hierdie metode is gewoontlik die mening van 'n individu of 'n groep individue wat die risiko ontleed. Die proses kan hoogs subjektief wees en nie ten volle die eienskappe van die onderneming in ag neem nie. Kwalitatiewe risiko-analise kan dan gesien word as 'n ondoeltreffende enkelvoud strategie maar dit is wel doeltreffend wanneer daar verstaan word wat die onderneming se risiko is. Kwantitatiewe analise, aan die ander kant, is veral effektief wanneer die risiko's nie goed verstaanbaar is nie. Hierdie metode het getoon dat daar aansienlik meer inligting oor die risiko's, in vergelyking met kwalitatiewe ontleding, verskaf word. Daar is egter baie kwantitatiewe risikobestuur metodes wat in literatuur verskaf word, wat in isolasie bestudeer word en nie binne die konteks van 'n holistiese risikobestuur proses nie. Verder is, kwantitatiewe metodes geneig om kompleks van aard te wees en vereis 'n redelike begrip van wiskundige en statistiese konsepte sodat kwantitatiewe analise effektief kan wees. In lig hiervan, is daar 'n sterk behoefte vir 'n onderneming om 'n risikobestuursraamwerk in plek te het. Die risikobestuursraamwerk sal beide die gebruik van kwalitatiewe metodes, wanneer die risiko goed verstaan word, en kwantitatiewe metodes, wanneer daar in diepte-ontledings van die risiko is, beklemtoon. In hierdie studie was 'n sistematiese onderneming-breë risikobestuursraamwerk ontwikkel wat beide kwantitatiewe en kwalitatiewe metodes insluit. Die raamwerk integreer hierdie metodes in 'n logiese en holistiese wyse. Die kwantitatiewe metodes is gevind om grootliks prakties te wees, terwyl die kwalitatiewe metodes wat aangebied word, eenvoudig en maklik is om te verstaan.

Enterprise risk management framework

Quantitative risk management

Qualitative risk management

UCTD

Towards Fault Reactiveness in Wireless Sensor Networks with Mobile Carrier Robots

Falcon Martinez, Rafael Jesus

January 2012

Wireless sensor networks (WSN) increasingly permeate modern societies nowadays. But in spite of their plethora of successful applications, WSN are often unable to surmount many operational challenges that unexpectedly arise during their lifetime. Fortunately, robotic agents can now assist a WSN in various ways. This thesis illustrates how mobile robots which are able to carry a limited number of sensors can help the network react to sensor faults, either during or after its deployment in the monitoring region. Two scenarios are envisioned. In the first one, carrier robots surround a point of interest with multiple sensor layers (focused coverage formation). We put forward the first known algorithm of its kind in literature. It is energy-efficient, fault-reactive and aware of the bounded robot cargo capacity. The second one is that of replacing damaged sensing units with spare, functional ones (coverage repair), which gives rise to the formulation of two novel combinatorial optimization problems. Three nature-inspired metaheuristic approaches that run at a centralized location are proposed. They are able to find good-quality solutions in a short time. Two frameworks for the identification of the damaged nodes are considered. The first one leans upon diagnosable systems, i.e. existing distributed detection models in which individual units perform tests upon each other. Two swarm intelligence algorithms are designed to quickly and reliably spot faulty sensors in this context. The second one is an evolving risk management framework for WSNs that is entirely formulated in this thesis.

wireless sensor networks

mobile robots

computational intelligence

distributed computing

risk management framework

A modelling process of short-term interest rate risk management for the South African commercial banking sector

Sun, Jiaqi

03 1900

Thesis (MComm (Business Management))--University of Stellenbosch, 2011. / ENGLISH ABSTRACT: This study focuses on banking book interest rate risk management, more specifically shortterm interest rate risk management problems. This type of risk is induced by the inflation targeting policy of the South African Reserve Bank. As a result, inflation leads to an uncertain interest rate cycle and a period of uncertain interest rate levels as it relates to lending and borrowing products in the South African commercial banking sector. The lending rates of most South African commercial banks are tied to the prime overdraft rate. The borrowing rates are linked to the money market rates such as the Johannesburg Interbank Agreed Rate (JIBAR) which is indirectly affected by the prime overdraft rate. Hence, lending and borrowing rates are related to the repo-rate. Furthermore, a fixed relationship exists between the prime overdraft rate and the repo-rate. The monetary policy committee meets every two months during the year to make inflation and repo-rate adjustments, as stipulated in the inflation targeting policy. A subject portfolio containing fixed-rate loans, advances and floating-rate deposits is exposed to the change of the repo-rate. This short-term banking book interest rate risk is defined based on the fact that the repo-rate adjustment occurs every two months, the banking book risk management is short term focused, and hedging instruments against interest rate risk are short term dated contracts. Such a short term risk may have a negative impact on the bank’s profitability. The study starts with a review of the bank risk management processes, and then discusses the enterprise risk management framework that guides the formation of the risk management processes and systems. In order to benchmark against international risk management practices, a comparative analysis is carried out to evaluate the risk management tendencies of bank risk management in South Africa and globally. The empirical findings reveal that most banks (i.e. eighty per cent of all local banks) manage the short-term interest rate risk by following the same process as the interest rate risk in general. The key elements (risk identification, measurement, mitigation and monitoring and reporting) of the banking book interest rate risk management are not linked together as a systematic process. This is not in line with the Basel II Accord to manage market risks through a process approach. The study also proposes a generic short-term interest rate risk management framework and in doing so, addresses some of the weaknesses of current risk management practices. Based on this framework, the South African banks may develop their own processes to manage such short-term banking book interest rate risk exposure. Some of the problems of bank risk management that come to light from the empirical findings, are summarised in the last chapter and may be considered for future research. / AFRIKAANSE OPSOMMING: Hierdie studie fokus op die probleme van die bankboek rentekoersrisikobestuur, meer spesifiek die korttermyn rentekoers risikobbestuursprobleme. Hierdie tipe risiko word deur die inflasieteikenraamwerk beleid van die Suid-Afrikaanse Reserwebank veroorsaak. Dit veroorsaak ‘n tydperk van onsekere rentekoersvlakke veral sover dit uitleen- en leenprodukte in die Suid-Afrikaanse kommersiële banksektor aangaan. Die uitleenkoerse van die meeste Suid-Afrikaanse kommersiële banke is aan die prima bankoortrekkingskoers gekoppel. Die leningstariewe is aan die geldmarkkoerse soos die Johannesburgse Interbank Ooreengekome Koers (JIBOK) gekoppel wat indirek geraak word deur die prima bankoortrekkingskoers. Uitleen- en leenkoerse is redelik afhanklik van die repo-koers waar laasgenoemde ‘n redelike vaste verwantskap met die prima bankoortrekkingskoers het. Die monetêre beleidkomitee vergader elke twee maande van die jaar om inflasie en repokoers aanpassings te maak, ooreenkomstig die inflasieteiken beleid. 'n Bepaalde portefeulje met vasterente lenings, voorskotte en vlottende koers deposito’s is blootgestel aan die verandering in die repokoers. Hierdie korttermyn rentekoersrisiko van die bankboek word gedefinieer op grond van die feit dat die repo-koers aanpassing elke twee maande gebeur. Die bankboek risikobestuur het ‘n korttermyn fokus, en verskansingsinstrumente teen rentekoersrisiko is korttermyn kontrakte. So 'n korttermyn risiko kan 'n negatiewe impak op die bank se winsgewendheid hê. In hierdie studie word bankrisikobestuur prosesse beskou. Die risikobestuursraamwerk wat die basis vorm van die risikobestuursprosesse en stelsels word aangespreek. Om 'n idee te vorm van die huidige internasionale risikobestuurspraktyke of tendense by banke, word die state van internasionale en oorsese banke kortliks beskou. Die empiriese bevindinge uit die opname dui daarop dat die meeste banke (d.w.s tagtig persent van alle plaaslike banke) die korttermyn rentekoersrisiko nie afsonderlik van rentekoersrisikobestuur in die algemeen bestuur nie. Die sleutelelemente van die risikobestuursproses (risiko identifisering, mitigasie, implementering, monitering en verslagdoening) kom wel voor maar die bankboek rentekoersrisikobestuur is nie gekoppel as 'n sistemastiese proses nie. Dit blyk dat hierdie situasie na alle waarskynlikheid nie in lyn is met die Basel II akkoord om markrisiko's deur 'n prosesbenadering, te bestuur nie. Die studie stel ook ‘n generiese raamwerk voor vir die bestuur van korttermyn rentekoersrisiko wat dan ook van die swakhede van die huidige risikobestuurspraktyke aanspreek. Op grond van hierdie raamwerk, kan die Suid-Afrikaanse banke dit oorweeg om hul eie prosesse te ontwikkel vir die bestuur van bankboek rentekoersrisiko blootstelling. Sommige navorsingsprobleme van bank risikobestuur wat uit die empiriese bevindinge aan die lig gekom het, word in die laaste hoofstuk opgesom en kan vir verdere navorsing in die toekoms oorweeg word.

Risk management

Bank management

Interest rate risk

Balance sheets

Derivatives hedging

Enterprise Risk Management Framework

Dissertations -- Business management

Theses -- Business management

Business Management

A risk management framework for a complex adaptive transport system / Un cadre de gestion du risque pour un système adaptatif complexe de transport

Nisula, Jari

01 March 2018

La science a connu des avancées significatives en matière de gestion du risque au cours de la dernière décennie. Toutefois, les pratiques actuelles de gestion du risque dans le domaine industriel n'ont pas tiré tout le profit de ces développements. Le sujet de recherche de cette thèse peut être formulé ainsi : comment bâtir un cadre de gestion du risque afin de gérer les risques dans le transport, en adoptant les perspectives modernes du risque et les dernières connaissances de sécurité, tout en considérant le système de transport comme un système adaptatif complexe ? Ceci, à travers la perspective d'une agence nationale de la sécurité des transports, dont la responsabilité est la supervision de la sécurité de plusieurs modes de transport, incluant l'aérien, le maritime, le ferroviaire et le routier. La connaissance scientifique actuelle est passée en revue pour les sujets de risques et d'appréciation du risque, de sécurité et de gestion de la sécurité ainsi que les systèmes adaptatifs complexes. L'approche moderne du risque implique reconnaitre l'importance de l'incertitude et la solidité des connaissances dans l'analyse du risque ainsi que le rôle des imprévus. Le système de transport est identifié comme un système adaptatif complexe. De tels systèmes se caractérisent par un large volume d'interactions, de nombreuses boucles de rétroaction, des phénomènes non-linéaires, l'émergence, l'imprévisibilité et la contre-intuitivité. Sont étudiées les façons recommandées d'interagir avec les systèmes complexes afin de tenter de parvenir à un changement positif. Les concepts relatifs à la gestion de la sécurité sont également présentés et notamment le concept de résilience qui peut être interprété soit comme une élégante extensibilité des équipes ou des organisations, soit comme une adaptabilité continue. Les cadres existants de management du risque sont revus à la fois dans l'industrie et dans la littérature scientifique ainsi que la norme internationale ISO 31000. Basé sur l'état de l'art, un ensemble de critères pour un processus moderne de management du risque est développé. Le cadre proposé de gestion du risque dans le transport comprend des perspectives modernes du risque et considère le système de transport comme un système adaptatif complexe. Il permet de présenter les risques des différents modes de transport dans une visualisation globale de risque et de l'utiliser en tant que support pour prise de décision afin d'optimiser l'impact sur la sécurité avec les ressources qui sont toujours limitées. L'impact est encore renforcé par les moyens d'intervention tels que les stratégies adaptives et l'expérimentation, qui sont bien adaptés aux systèmes complexes. Elle est validée selon les critères élaborés et par comparaison avec les cadres existants. Le cadre proposé de gestion du risque ainsi que la thèse sont tous deux structurés d'après la norme ISO 31000. Enfin une étude de cas présente la mise en œuvre actuelle de cette nouvelle approche à l'Agence Nationale Finlandaise de la Sécurité des Transports. / Over the last ten-fifteen years, science has made significant advances in fields relevant for risk management. However, current risk management practices in industry have not yet benefitted from these developments. The research question addressed in this dissertation is: What kind of risk management framework should be used for managing transport risks when the modern risk perspectives and the latest understanding of safety are embraced, and the transport system is considered a complex adaptive system? The focus of this research is on transport risks, taking the perspective of a national transport safety agency, tasked with overseeing safety across several modes of transport, including aviation, maritime, railway and road safety. The scientific literature on risk and risk assessment, safety and safety management, as well as complex adaptive systems are reviewed. The research illustrates that a modern risk perspective recognizes the importance of uncertainty and strength of knowledge in risk analysis, as well as the role of surprises. The transport system is identified as a complex adaptive system, characterized by a high number of interactions, emergence, multiple feedback loops, nonlinear phenomena, unpredictability and counter-intuitiveness. The recommended ways to interact with such complex systems and to try to achieve positive change are explained. Concepts related to safety management are also investigated, especially the concept of resilience, which is interpreted as graceful extensibility of teams or organizations, or as sustained adaptability. Evidence of existing risk management frameworks in both the industry and scientific literature is outlined and reference is made to the international ISO 31000 standard for risk management. Based on the literature review, a set of criteria for a modern risk management process is developed. A risk management framework for managing transport risks which embraces modern risk perspectives and accounts for the transport system as a complex adaptive system is proposed. It enables risks in all transport modes to be presented in a single risk picture and supports decision-making to maximize the safety impact achievable with limited resources. The impact is further enhanced by intervention strategies such as adaptive policies and experimentation, which are well-suited to complex systems. The framework is validated against the criteria developed, and by comparison to existing methods. A case study presents the on-going implementation of the developed risk management framework at the Finnish Transport Safety Agency. Both the proposed risk management framework and the dissertation are structured according to the ISO 31000 framework.

Gestion du risque

Management du risque

Système adaptatif complexe

Transport

Sureté de fonctionnement

ISO 31000

Risk management

Risk management framework

Complex adaptative system

Transport safety