Abstract
There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of security professionals in Ireland. The key findings show a lack of consensus on basic terminology when it comes to defining risk and risk assessment. The interviewed security professionals have developed varied approaches in practice and rather refer to their intuition and previous experiences. While the paper focuses on Ireland, the lack of consensus regarding the definition, and use of security terminology and practices, especially in the area of security risk management, is not necessarily limited to Ireland.
Original language | English |
---|---|
Journal | Security Journal |
Early online date | 10 Jul 2023 |
DOIs | |
Publication status | Early online - 10 Jul 2023 |
Keywords
- International risk standards
- ISO 31000
- Operational risk
- Professional practices
- Security professional
- Security risk assessment