What drives us

Nothing in life is risk free but risks can be managed. It’s our job to make everyone and everything safer. HawkSight software uses a sophisticated algorithm that assesses risks based on relevant threat data. This delivers a dynamic risk profile, identifies vulnerabilities, and provides options for mitigation.

We call it security risk insight and we’re global leaders at it.

We believe that this will enable people to live freer lives and enterprises to flourish as risk diminishes. The ability to live and operate safely in an increasingly complex world is our goal.

Book a call
zig-zag-img
left-laptop-image-

The quest for clarity in Security Risk Assessment

The quest for clarity in Security Risk Assessment

In a recent academic article in Security Journal, William Harris and Moufida Sadok delve into the topic, "How do professionals assess security risks in practice?". The results, though anticipated by proponents of a risk-based approach to security, are alarming. It raises the question: Given the extensive academic literature supporting a risk-based approach to security, why don't security professionals consistently adopt it?

Their report highlights that the Security Risk Assessment is a multifaceted field, encompassing various standards and frameworks. However, its practical implementation in organisations could be more consistent. The landscape of this domain is marred by ambiguities in basic terminology, leading to potential inconsistencies in practice. Many security professionals lean heavily on intuition and prior experiences rather than universally accepted standards.

Such inconsistencies in defining risk can have real-world consequences. Without a rigorous risk assessment, organisations may face reputational damage, legal complications, and financial losses. Risk assessment aids in setting priorities to address threats effectively. While HB 167:2006 is a popular framework, only some definitions or approaches dominate the field.

Crucially, the perception of risks varies based on social, cultural, and political lenses. While expertise and judgement remain invaluable, a standardised approach, grounded in universally accepted terminology, is imperative. ISO 31000, for instance, could serve as a foundation for such standardisation.

Three major themes emerge from this discourse:

  1. Vague terminology around security risk assessments.
  2. A lack of structured approaches in risk assessments.
  3. A surprising neglect of globally recognised standards like ISO 31000 and COSO 2017 among professionals.

The essence is clear: while individual expertise should not be discounted, the field demands more clarity. Standardised terminology, as suggested by ISO 31000, could bridge communication gaps and uplift the quality of security risk assessment practices.

To read the full article, visit https://link.springer.com/article/10.1057/s41284-023-00389-y.
blogs you may also like