Security risk assessment: Group approach to a consensual outcome
School of Computer and Information Science, Edith Cowan University
Place of Publication
Perth, Western Australia
Faculty of Computing, Health and Science
School of Computer and Information Science / Child Health Promotion Research Centre
AS/NZS4360:2004 suggests that the risk assessment process should not be conducted or information gathered in isolation. This insular method of data collection may lead to inaccurate risk assessment, as stakeholders with vested interests may emphasise their own risks or game the risk assessment process. The study demonstrated how a consensual risk assessment approach may result in a more acceptable risk assessment outcome when compared to individual assessments. The participants were senior managers at a West Australian motel located on the West Coast Highway, Scarborough. The motel consists of four three storey blocks of units, resulting in a total of 75 units. The three main areas of the business are Reception and Management, Housekeeping and Maintenance. The participants were interviewed individually and then as a group. Two activities took place in the study, an individual identification and analysis of risks affecting the facility, followed by a consensual group analysis of the same risks. The individual risk assessment results were collated and compared to the results of the consensus group. This demonstrated that individuals over or under emphasise some risks, dependant on personal affect. The study illustrated that a consensual style of risk information collection and assessment was more acceptable to the group then assessments conducted in isolation.