Australian Security and Intelligence Conference
Document Type
Conference Proceeding
Publisher
secau Security Research Centre, Edith Cowan University, Perth, Western Australia
Abstract
The Asia Pacific (APAC) region encompasses a heterogeneous group of nation-states. Like the APAC region, the security industry operates within a diverse and multi-disciplined knowledge base, with risk management being a fundamental knowledge domain within security. Nevertheless, there has been limited understanding of what security professionals use when applying security risk management. The study was designed to gain a better understanding of risk management practice in place throughout APAC. Questions were generated to gauge an understanding of current practice and levels of implementation of standards and frameworks. Participants were drawn from many industries, using non-probabilistic sampling methods in a “snowball” response to an online survey. Results were collected and analysed to provide interpretations and findings, and where appropriate, weighted factor analysis were conducted. Findings indicated that the majority of APAC nation-states do not have a defined risk management standard, but security practitioners use their own internal framework. Following this approach, security practitioners use ISO 31000 and AS/NZS 4360 standards in parity, even considering their differing age. ISO 28000 Supply Chain Security Management was a popular standard, driven from Singapore. Nevertheless, the use of these standards should still raise concern due to a lack of a directed security risks management frameworks that incorporates threat, vulnerability and criticality. Further study needs to better understand what risk management techniques and frameworks security practitioners are using.
DOI
10.4225/75/57a00f0dac5c1
Comments
4th Australian Security and Intelligence Conference, Edith Cowan University, Perth Western Australia, 5th -7th December, 2011