Research Article
Operational risk: acceptability criteria
@INPROCEEDINGS{10.1109/IAS.2007.65, author={Daniel Gideon Dresner and J. Robert (Bob) G. Wood}, title={Operational risk: acceptability criteria}, proceedings={3rd International ICST Symposium on Information Assurance and Security}, publisher={IEEE}, proceedings_a={IAS}, year={2007}, month={9}, keywords={IEC standards ISO standards Information security Internet National security Open systems Risk analysis Risk management Standards development Telecommunication control}, doi={10.1109/IAS.2007.65} }- Daniel Gideon Dresner
J. Robert (Bob) G. Wood
Year: 2007
Operational risk: acceptability criteria
IAS
IEEE
DOI: 10.1109/IAS.2007.65
Abstract
The English proverb 'one man's meat is another man's poison' may be an apt description of our approach to risk. Some will ski or bungee jump whilst others shun even the gentlest of fairground rides. Some organisations allow their staff unrestricted Internet access; for others access is constrained technically with monitoring and blocking tools, and psychologically with the threat of dismissal. In this paper we look at whether there is a way that organisations, whose appetite for risk may vary greatly, could find a way to share resources and data with assurance. Could we define a model of attitudes to risk which permits one organisation to plug into another and vice versa? We propose that where standards are employed either with the intentional or coincidental purpose of managing risk, there is a way to find common ground on which to build trust.