Consensual Security Risk Assessment: Overcoming Bias, Conflicting Interests and Parochialism
Faculty of Computing, Health and Science
School of Computer and Security Science / Centre for Security Research
In a risk assessment process, insular methods of data collection and analysis may lead to an inaccurate risk assessment as stakeholders hold individual biases, conflicting interests and parochial approaches to certain risks. The article considered these issues and tested a consensual risk assessment approach that can overcome many of these issues. A staged risk assessment process was applied within an entertainment complex in the Security, and Food and Beverage Departments. Eight supervisors from the two departments participated in the study, with each participants individually interviewed on their view of predefined risks followed by the same risks discussed within a facilitated group. The study first identified a list of the twenty most important risks according to the two departmental managers. From this initial identification of risks, four supervisors from each department ranked, from highest to lowest, all twenty risks as individuals. Following this stage, the consensus activities involved four supervisors from one department who ranked all twenty risks as a group and with the aim that all participants had to agree. Finally, the consensus activity was repeated with all eight participants present. Such a staged approach allowed the various approaches and resulting outcomes from the various risk assessment methods to be compared. Such a comparison found that there was a need to gain common understanding or clear definition of risks within the group, that an individual’s assessment of a risk was driven by their own perceptions and that less important risks held a more common view, whereas higher risk had a greater diversity of views.