There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of security professionals in Ireland. The key findings show a lack of consensus on basic terminology when it comes to defining risk and risk assessment. The interviewed security professionals have developed varied approaches in practice and rather refer to their intuition and previous experiences. While the paper focuses on Ireland, the lack of consensus regarding the definition, and use of security terminology and practices, especially in the area of security risk management, is not necessarily limited to Ireland.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....