Abstract
This paper posits that, in the security world, ‘risk awareness’ should be separated and distinguished from ‘risk perception’. It argues that, in the post-modern world, the intelligence function alone no longer fulfils the security requirement to become risk aware. Risk awareness, an inherent feature of security, should be a combination of vulnerability assessment, information-gathering and knowledge management, which provides critical input to the risk identification and risk management process. It suggests that risk awareness should be formally and openly adopted within a corporate security function, and networked with similar processes in other corporate functions. It initiates discussion as to whether a risk awareness capability might usefully fill the gap between inadequate information and the imperative to make decisions.
Similar content being viewed by others
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Gibson, S. The Case for ‘Risk Awareness’. Secur J 16, 55–64 (2003). https://doi.org/10.1057/palgrave.sj.8340140
Published:
Issue Date:
DOI: https://doi.org/10.1057/palgrave.sj.8340140