Consulting the Oracle at Delphi - Combining Risk I and Risk in cyber security

Richard McEvoy, Stewart Kowalski
2021 International Workshop on Socio-Technical Perspective in IS Development  
Risk may be analyzed implicitly or explicitly. From industrial experience, the former is less commonly used than the latter on a day-to-day basis, even though the former makes up the primary content of most commercially available risk analysis and management methodologies. Paradoxically, the latter is also more commonly baked into the process and technology used by organizations and its culture of risk management. Hence this represents a sociotechnical issue which requires the resolution of
more » ... conflict of methods and ambiguity in the interpretation and application of risk analysis. We propose an approach for resolving these issues, based on experience "in the wild", and creating a Delphic convergence between the results of both approaches. Ultimately, we would aim to create a methodology for this purpose and propose some criteria for its creation.
dblp:conf/stpis/McEvoyK21 fatcat:gdp27p3wvzb2dh33nz22gq25de