Information security risk assessment has a major role in assessing the security posture of any organisation. Risk assessment is mostly performed with focus on the external threats to the information assets rather than the insider threats. Insider attacks are caused by the insiders with privileged access rights to the information assets. Traditional security controls like encryption and policy-based access control used in organisations fail to identify the malicious insider activity. Therefore, fighting insider threats is a tough task for organisations since it is important to have a balance between the grant of required privileges to the users, and identification of malicious access by them. This paper proposes an intelligent risk aware decision support system that identifies the presence insider threats and their intensity in an organisation by quantifying the risk to assets and behaviour monitoring of users who access those assets.