This paper posits that, in the security world, ‘risk awareness’ should be separated and distinguished from ‘risk perception’. It argues that, in the post-modern world, the intelligence function alone no longer fulfils the security requirement to become risk aware. Risk awareness, an inherent feature of security, should be a combination of vulnerability assessment, information-gathering and knowledge management, which provides critical input to the risk identification and risk management process. It suggests that risk awareness should be formally and openly adopted within a corporate security function, and networked with similar processes in other corporate functions. It initiates discussion as to whether a risk awareness capability might usefully fill the gap between inadequate information and the imperative to make decisions.
KeywordsRisk awareness security information-gathering vulnerability analysis knowledge management risk perception
Unable to display preview. Download preview PDF.