An analysis of the HRO approach to risk management from an information security perspective

  • This piece was written over a year ago. It may no longer accurately reflect my views now, or may be factually outdated.

This essay was written for the Information System Risk Management module (SCC.444) of my MSc. It achieved a grade of Distinction.

Abstract

In this essay, the relevance of the theory of High-Reliability Organisations (HRO) to the provision and risk assessment of information security services is assessed. The two main variants of HRO theory are discussed, and an HRO’s potential approach to information security is detailed. This is followed by an analysis of the flaws in, and proposed alternatives to, HRO theory. Finally, the pros and cons of each of these competing theories in their application to information security are considered. Ultimately, a synthesis of them all is proposed as the most useful, as each brings something useful to the table, and the urgency of further research is reinforced.

Read