Peter H. Berghmans, Gerd Van Den Eede, & Bartel A. Van De Walle. (2008). A systems perspective on security risk identification: Methodology and illustrations from city councils. In B. V. de W. F. Fiedrich (Ed.), Proceedings of ISCRAM 2008 – 5th International Conference on Information Systems for Crisis Response and Management (pp. 266–275). Washington, DC: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: In this paper we take a system theoretic perspective to the process of security risk identification in the context of city councils. Based on this approach, we construct a framework that helps to identify risks. We analyze why this methodological framework is suitable for the risk identification process. Research in fifty Flemish city councils reveals the usefulness of our approach of combining a perceived vs. objective perspective with a technical vs. organizational one. We believe such a framework offers a workable tool for dealing with IS security risks in a systems thinking way.