This essay was written for the Information System Risk Management module (SCC.444) of my MSc. It achieved a grade of Distinction.
In this essay, the relevance of the theory of High-Reliability Organisations (HRO) to the provision and risk assessment of information security services is assessed. The two main variants of HRO theory are discussed, and an HRO’s potential approach to information security is detailed. This is followed by an analysis of the flaws in, and proposed alternatives to, HRO theory. Finally, the pros and cons of each of these competing theories in their application to information security are considered. Ultimately, a synthesis of them all is proposed as the most useful, as each brings something useful to the table, and the urgency of further research is reinforced.