Anne Heyerdahl: "From prescriptive rules to responsible organisations – making sense of risk in protective security management"

Protective security management aims at protecting against malicious acts. It has, in a relatively short period, undergone substantial changes. One such change is the introduction of risk management. This article by Anne Heyerdahl investigates a debate about a standard for security risk assessment (SRA) in Norway. Published in European Security. 

Front page of European Security. Blue colours and a small illustration of a person in the right corner.


This article by Anne Heyerdahl focuses on sense-making by security professionals, drawing on a unique interview material. The analysis utilises Michael Power’s theory on risk governance, as well as insights from security studies. A central finding is that the SRA approach was introduced to create more analytical security management. The importance of analysing one’s values (assets) makes it key to scrutinise the organisation’s characteristics, goals and vulnerabilities, regarded as moving security management in the direction of corporate governance.

The article investigates how understanding of risk assessment and security interplay, and identifies a tension between risk (assessment) and the goal of protection, which makes security management risk averse. A requirement of creating sound security is viewed as a potential for burdensome organisational responsibility and blame. The analysis identifies elements of what is often described as resilience (attention towards vulnerabilities), but without the political reading (neo-liberal abdication of the state), thus contributing to the literature on resilience.

Read full article

Emneord: Security Studies, Risk Management, Organisation theory
Publisert 16. mai 2022 10:17 - Sist endret 16. mai 2022 10:18