Viewpoint on ENISA Task Promoting Risk Assessment and Risk Management Methods

An exclusive focus on risk assessment and risk management methods is too narrow, because traditional security approaches are not sufficient to deal with the protection of complex information systems operating in unbounded networks and fall short in addressing many of the crucial socio-political issues in the system environment. Instead of clinging too tightly to outdated methodologies, ENISA should therefore consider evaluating and promoting a much broader set of tools, methods, and approaches to analyze more than just technical aspects of critical information systems. Such an approach would do better justice to the diverse nature of today's threat environment and the specific characteristics of the systems we aim to protect.