Security Risk Assessment

John White

Published by






Reviewed by

Mehmet Hurer B.Sc (Hons) MBCS CITP CEng


7 out of 10

I’ve read and reviewed a number of books on this subject but they’ve always focused in the main on security risks relating to IT, so it was refreshing to see this book covered very little on IT and took a broader view of security risk assessment.

In this book the author explains the need for security risk assessment, what it is, who could do it, how to perform it and how to present the results.

The author builds a framework for the assessment, including the need for pre-assessment activities, project management, scoping of the assessment and who should gather information and how for the assessment.

The areas mentioned for risk assessment are fairly comprehensive and should cover most organisations. This includes an assessment of the physical and operational environments, assessment of security training, financial risk assessment, assessment of violence in the workplace, financial risk assessment, assessment of technology and access control, legal considerations and assessment of contracted services.

However, one notable omission is a discussion of the risks associated with the environment, such as fire and floods.

Each section is presented in layman’s terms, with clear examples and some templates to help with the assessment, such as a template for assessing the physical environment. Coverage of the topics is to a sufficient level of detail to provide you with sufficient knowledge and questions to ask when performing an assessment. 

In the final chapter the author describes how to write and present the security risk assessment report.

For IT professionals involved in security risk assessment this book would sit perfectly on a shelf with a book covering IT security risk management, as they would complement each other. 

Further information: Butterworth-Heinemann

January 2015