3rd International ICST Symposium on Information Assurance and Security

Research Article

Operational risk: acceptability criteria

  • @INPROCEEDINGS{10.1109/IAS.2007.65,
        author={Daniel  Gideon Dresner and J. Robert (Bob)  G. Wood},
        title={Operational risk: acceptability criteria},
        proceedings={3rd International ICST Symposium on  Information Assurance and Security},
        keywords={IEC standards  ISO standards  Information security  Internet  National security  Open systems  Risk analysis  Risk management  Standards development  Telecommunication control},
  • Daniel Gideon Dresner
    J. Robert (Bob) G. Wood
    Year: 2007
    Operational risk: acceptability criteria
    DOI: 10.1109/IAS.2007.65
Daniel Gideon Dresner1,*, J. Robert (Bob) G. Wood2,*
  • 1: The National Computing Centre
  • 2: University of Manchester
*Contact email: daniel.dresner@ncc.co.uk, bob.wood@manchester.ac.uk


The English proverb 'one man's meat is another man's poison' may be an apt description of our approach to risk. Some will ski or bungee jump whilst others shun even the gentlest of fairground rides. Some organisations allow their staff unrestricted Internet access; for others access is constrained technically with monitoring and blocking tools, and psychologically with the threat of dismissal. In this paper we look at whether there is a way that organisations, whose appetite for risk may vary greatly, could find a way to share resources and data with assurance. Could we define a model of attitudes to risk which permits one organisation to plug into another and vice versa? We propose that where standards are employed either with the intentional or coincidental purpose of managing risk, there is a way to find common ground on which to build trust.