Sources of security risk information
What do professionals rely on for their risk assessment?
Johan de Wit (TU Delft - Safety and Security Science)
Wolter Pieters (Radboud Universiteit Nijmegen)
Pieter van Gelder (TU Delft - Safety and Security Science)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Security risks, such as sabotage and cyberattacks, are an increasing threat to business and government processes. They originate from malicious human action, of which often exact historical information is lacking. Thus, the judgment and assessment of security professionals is the primary input for security risk management, a subjective probabilistic approach. In this study, we explore the information sources professionals, in both the physical and cybersecurity domain, use for this purpose, improving understanding of their daily praxis. Sources of security risk information are collected, their quality and trustworthiness is assessed, and their use is analyzed. Quality is assessed by experienced security practitioners applying the NATO system for intelligence evaluation, with source intention as additional criterion. Actual use is analyzed among security professionals. The results consist of a comparative ranking of both assessed quality and daily use of sources. Experts are ranked first for perceived quality and are also most relied upon in daily praxis, and individual/personal experience comes second. The additional criterion of source intention explained the lower level of use of information from science. This study provides the basis for enhancing security risk management by a more conscious selection of sources.
help_outline