There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of security professionals in Ireland. The key findings show a lack of consensus on basic terminology when it comes to defining risk and risk assessment. The interviewed security professionals have developed varied approaches in practice and rather refer to their intuition and previous experiences. While the paper focuses on Ireland, the lack of consensus regarding the definition, and use of security terminology and practices, especially in the area of security risk management, is not necessarily limited to Ireland.

有许多安全风险评估的标准和框架；然而，它们对实际组织实践的应用和适应似乎相当有限。本文报告了对爱尔兰安全专业人员风险评估实践进行调查的一些结果。主要调查结果表明，在定义风险和风险评估时，人们对基本术语缺乏共识。受访的安全专业人士在实践中开发了多种方法，更多的是参考他们的直觉和以前的经验。虽然本文重点关注爱尔兰，但在安全术语和实践的定义、使用方面缺乏共识，特别是在安全风险管理领域，并不一定仅限于爱尔兰。