Be the first to like this
This paper takes a system theoretic perspective to the process of security risk identification in the context of city councils. Based on this approach, we construct a framework that helps to identify risks. We analyze why this methodological framework is suitable for the risk identification process. Research in fifty Flemish city councils reveals the usefulness of our approach of combining a perceived vs. objective perspective with a technical vs. organizational one. We believe such a framework offers a workable tool for dealing with IS security risks in a systems thinking way.