Logo des Repositoriums
 
Konferenzbeitrag

Risk variance: Towards a definition of varying outcomes of IT security risk assessment

Vorschaubild

Volltext URI

Dokumententyp

Text/Conference Paper

Zusatzinformation

Datum

2022

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Verlag

Gesellschaft für Informatik e.V.

Zusammenfassung

Assessing IT-security risks in order to achieve adequate and efficient protection measures has become the core idea of various industry practices and regulatory frameworks in the last five years. Some research however suggests that the practice of assessing IT security risks may be subject to varying outcomes depending on personal, situational and contextual factors. In this contribution we first provide a definition of risk variance as the variation of risk assessment outcomes due to individual traits, the processual environment, the domain of the assessor, and possibly the target of the assessed risk. We then present the outcome of an interview series with 9 decision makers from different companies that aimed at discussing whether risk variance is an issue in their risk assessment procedures. Finally, we elaborate on the generalizability of the concept of risk variance, despite the low sample size in light of varying risk assessment procedures discussed in the interviews. We find that risk variance could be a general problem of current risk assessment procedures.

Beschreibung

Kurowski, Sebastian; Schunck, Christian H. (2022): Risk variance: Towards a definition of varying outcomes of IT security risk assessment. Open Identity Summit 2022. DOI: 10.18420/OID2022_08. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-719-7. pp. 99-110. Regular Research Papers. Copenhagen, Denmark. 07.-08. July 2022

Zitierform

Tags