The risk assessment/management concept is widely used in security research due to its universality, but also because of the active nature and sense of precautionary management, implemented on its basis. The security risk profile can be described and studied at different levels of security, which poses the question how researchers should choose the appropriate model for identifying, evaluating and developing strategies to mitigate the risk. The article raises the question whether the use risk profiles for the purposes of policy formulation, at one level of security, and capacity building at another, can introduce errors in decision making. As a possible tool to eliminate such errors the author proposes the use of a two-stage model for the description and study of the risk profile, which includes a contextual and a specific level of the discourse.