A DST-based Approach for Construction Project Risk Analysis

Despite its huge potential in risk analysis, the Dempster–Shafer Theory of Evidence (DST) has not received enough attention in construction management. This paper presents a DST-based approach for structuring personal experience and professional judgment when assessing construction project risk. DST was innovatively used to tackle the problem of lacking sufficient information through enabling analysts to provide incomplete assessments. Risk cost is used as a common scale for measuring risk impact on the various project objectives, and the Evidential Reasoning algorithm is suggested as a novel alternative for aggregating individual assessments. A spreadsheet-based decision support system (DSS) was devised to facilitate the proposed approach. Four case studies were conducted to examine the approach's viability. Senior managers in four British construction companies tried the DSS and gave very promising feedback. The paper concludes that the proposed methodology may contribute to bridging the gap between theory and practice of construction risk assessment.

What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?

Spending on security in an SME usually has to compete with demands for hardware, infrastructure, and strategic applications. In this paper, the authors seek to explore the reasons why smaller SMEs in particular have consistently failed to see securing information as strategic year-on-year spending, and just regard as part of an overall tight IT budget. The authors scrutinise the typical SMEs reasoning for choosing to see non-spending on security as an acceptable strategic risk. They look particularly at possible reasons why SMEs tend not to take much notice of "scare stories" in the media based on research showing they are increasingly at risk, whilst larger businesses are taking greater precautions and become more difficult to penetrate. The results and their analysis provide useful pointers towards broader business environment changes that would cause SMEs to be more risk-averse and ethical in their approach to securing their own and their clients’ information.