How do professionals assess security risks in practice? An exploratory study

William Harris, Moufida Sadok*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

26 Downloads (Pure)


There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of security professionals in Ireland. The key findings show a lack of consensus on basic terminology when it comes to defining risk and risk assessment. The interviewed security professionals have developed varied approaches in practice and rather refer to their intuition and previous experiences. While the paper focuses on Ireland, the lack of consensus regarding the definition, and use of security terminology and practices, especially in the area of security risk management, is not necessarily limited to Ireland.

Original languageEnglish
JournalSecurity Journal
Early online date10 Jul 2023
Publication statusEarly online - 10 Jul 2023


  • International risk standards
  • ISO 31000
  • Operational risk
  • Professional practices
  • Security professional
  • Security risk assessment

Cite this