Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise. Display omitted •We identify from literature 3 deficiencies in information security risk assessment.•We develop a security situational awareness (SA) model from Endsley's SA theory.•We refine our model though an in depth case study of the US intelligence enterprise.•We show how SA can be developed using an intelligence-driven approach.