Security risk assessment: Group approach to a consensual outcome

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University

Place of Publication

Perth, Western Australia


Faculty of Computing, Health and Science


School of Computer and Information Science / Child Health Promotion Research Centre




Beard, B., & Brooks, D. J. (2006). Security risk assessment: Group approach to a consensual. In proceedings of 7th Australian Information Warfare and Security Conference, Edith Cowan University, Perth Western Australia outcome. Available here


AS/NZS4360:2004 suggests that the risk assessment process should not be conducted or information gathered in isolation. This insular method of data collection may lead to inaccurate risk assessment, as stakeholders with vested interests may emphasise their own risks or game the risk assessment process. The study demonstrated how a consensual risk assessment approach may result in a more acceptable risk assessment outcome when compared to individual assessments. The participants were senior managers at a West Australian motel located on the West Coast Highway, Scarborough. The motel consists of four three storey blocks of units, resulting in a total of 75 units. The three main areas of the business are Reception and Management, Housekeeping and Maintenance. The participants were interviewed individually and then as a group. Two activities took place in the study, an individual identification and analysis of risks affecting the facility, followed by a consensual group analysis of the same risks. The individual risk assessment results were collated and compared to the results of the consensus group. This demonstrated that individuals over or under emphasise some risks, dependant on personal affect. The study illustrated that a consensual style of risk information collection and assessment was more acceptable to the group then assessments conducted in isolation.



Access Rights




Link to publisher version (DOI)