Bañuls et al. A Delphi Approach for Organizational Security WiPe Paper – Planning, Foresight and Risk Analysis Proceedings of the 16th ISCRAM Conference – València, Spain May 2019 Zeno Franco, José J. González and José H. Canós, eds.. A Delphi approach for the establishment of the fundamental principles of an Organizational Security System in Public Administration Victor A. Bañuls Universidad Pablo de Olavide vabansil@upo.es Rafael Cantueso Burguillos Junta de Andalucía rafael.cantueso@juntadeandalucia.es Fernando Tejedor Panchón MSIG Smart Management tejedor@msig.es Miguel I. Ramirez de la Huerga MSIG Smart Management miguel.ramirez@msig.es Murray Turoff New Jersey Institute of Technology Murray.turoff@gmail.com ABSTRACT The aim of this work is defining fundamental principles of an Internal Security System in the presence of intentional risks in Public Administration. The relevance of this object of study has increased even more with the emergence of new terrorist groups and the proliferation of organized crime, which have been categorized as a maximum threat to Security by the government. This context has led to new regulations and legislation on Security matters at the national and international level to protect assets, people and the activity of the Administration itself. Despite the large number of regulations and relevance of this topic, there is not any study which defines in a comprehensive manner the requirements that a security system must have in the presence of intentional risks in Public Administration. The results of this work are intended to be a reference for the Public Administration, for the prevention and reaction to damage to people, property, and operation, intentionally caused by external agents, personnel themselves or users. These principles have been applied and validated through a Delphi process in the Administration of the Regional Government of Andalusia in which more than 40 security-related managers have participated. Keywords Delphi, Public Administration, Intentional Risks, Homeland Security, Resilience. INTRODUCTION The Public Administration is characterized by a great diversity of buildings and facilities for which it is difficult to identify the competencies and responsibilities in terms of security. This is due to the fact that the management scope of security is usually distributed, meeting specialty criteria in the nature of the risks and the impact area, with a very varying degree of development and formalization (Smith and Brooks, 2013; Brooks, 2012). In this way, the scope of industrial risk prevention is generally found highly regulated (ISO 31000), as well as with 549