How do professionals assess security risks in practice? An exploratory study

William Harris; Moufida Sadok

doi:10.1057/s41284-023-00389-y

How do professionals assess security risks in practice? An exploratory study

William Harris
, Moufida Sadok^*

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

111 Downloads (Pure)

Abstract

There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of security professionals in Ireland. The key findings show a lack of consensus on basic terminology when it comes to defining risk and risk assessment. The interviewed security professionals have developed varied approaches in practice and rather refer to their intuition and previous experiences. While the paper focuses on Ireland, the lack of consensus regarding the definition, and use of security terminology and practices, especially in the area of security risk management, is not necessarily limited to Ireland.

Original language	English
Journal	Security Journal
Early online date	10 Jul 2023
DOIs	https://doi.org/10.1057/s41284-023-00389-y
Publication status	Early online - 10 Jul 2023

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 7 Affordable and Clean Energy
SDG 9 Industry, Innovation, and Infrastructure
SDG 12 Responsible Consumption and Production

Keywords

International risk standards
ISO 31000
Operational risk
Professional practices
Security professional
Security risk assessment

Access to Document

10.1057/s41284-023-00389-y

How do professionals assess security risks in practiceFinal published version, 745 KBLicence: CC BY

Cite this

@article{30274073ded849b58215731d6e53d20d,

title = "How do professionals assess security risks in practice? An exploratory study",

abstract = "There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of security professionals in Ireland. The key findings show a lack of consensus on basic terminology when it comes to defining risk and risk assessment. The interviewed security professionals have developed varied approaches in practice and rather refer to their intuition and previous experiences. While the paper focuses on Ireland, the lack of consensus regarding the definition, and use of security terminology and practices, especially in the area of security risk management, is not necessarily limited to Ireland.",

keywords = "International risk standards, ISO 31000, Operational risk, Professional practices, Security professional, Security risk assessment",

author = "William Harris and Moufida Sadok",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s).",

year = "2023",

month = jul,

day = "10",

doi = "10.1057/s41284-023-00389-y",

language = "English",

journal = "Security Journal",

issn = "0955-1662",

publisher = "Palgrave Macmillan Ltd.",

}

TY - JOUR

T1 - How do professionals assess security risks in practice? An exploratory study

AU - Harris, William

AU - Sadok, Moufida

PY - 2023/7/10

Y1 - 2023/7/10

N2 - There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of security professionals in Ireland. The key findings show a lack of consensus on basic terminology when it comes to defining risk and risk assessment. The interviewed security professionals have developed varied approaches in practice and rather refer to their intuition and previous experiences. While the paper focuses on Ireland, the lack of consensus regarding the definition, and use of security terminology and practices, especially in the area of security risk management, is not necessarily limited to Ireland.

AB - There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of security professionals in Ireland. The key findings show a lack of consensus on basic terminology when it comes to defining risk and risk assessment. The interviewed security professionals have developed varied approaches in practice and rather refer to their intuition and previous experiences. While the paper focuses on Ireland, the lack of consensus regarding the definition, and use of security terminology and practices, especially in the area of security risk management, is not necessarily limited to Ireland.

KW - International risk standards

KW - ISO 31000

KW - Operational risk

KW - Professional practices

KW - Security professional

KW - Security risk assessment

UR - https://www.scopus.com/pages/publications/85164534367

U2 - 10.1057/s41284-023-00389-y

DO - 10.1057/s41284-023-00389-y

M3 - Article

AN - SCOPUS:85164534367

SN - 0955-1662

JO - Security Journal

JF - Security Journal

ER -

How do professionals assess security risks in practice? An exploratory study

Abstract

UN SDGs

Keywords

Access to Document

Fingerprint

Cite this