Three-Point Estimation
Three point estimation is one way to calculate a realistic estimation using a best case estimate, worst case estimate and most likely...
Search
Julian Talbot
- Jul 26
- 2 min
Risk management culture
Culture is the set of encouraged and acceptable behaviors, discussions, decisions and attitudes toward taking and managing risk within a...
55 views0 comments
jt
- Jul 6
- 2 min
11 x 11 Risk Matrix
The following matrix shows an example of how three different risks are plotted on a matrix to reflect those risks' uncertainty. For...
67 views0 comments
jt
- Jun 28
- 1 min
Risk Calculations
P90, P50, P10 Another approach to using multiple point estimation involves using probabilities which do not add up to 100%. We might for...
48 views0 comments
Julian Talbot
- Jun 18
- 1 min
How to change culture
One school of thought says it takes five years to change an organisation's culture. Another view says you can do it over a weekend. Yet...
153 views0 comments
Julian Talbot
- May 16
- 3 min
Three Types of Risk
Risk management comes in many forms, but one approach, which I call the 3As, looks at three different risk management styles: Actuarial -...
650 views1 comment
jt
- Feb 11, 2021
- 2 min
How Do You Assess the Quality of Your Security Risk Management?
One element that is often missing or inadequate is how to ensure, and to assess the effectiveness of security risk management and...
340 views3 comments
jt
- Nov 9, 2020
- 1 min
SRA Methodology
This methodology has minor adaptations from ‘FIGURE 11.3 Expansion of AS/NZS 4360:2004 Risk Management Process for Security Risk...
702 views1 comment
jt
- Nov 2, 2020
- 1 min
The SRMBOK Framework
The following Framework graphics have been adapted from the SRMBOK organizational resilience model in SRMBOK (FIGURE 11.2). The main...
804 views0 comments
jt
- Oct 26, 2020
- 1 min
Other Security Frameworks
Security Frameworks The following is a partial list of sources for security-related frameworks. Their presence here is not an...
165 views0 comments
jt
- Oct 19, 2020
- 2 min
Security Risk Assessment Definitions
These definitions are not comprehensive. Please consider them simply as brief clarifications to indicate their use in this blog. Unless...
95 views0 comments
Julian Talbot
- Oct 12, 2020
- 1 min
A Vulnerability Analysis Framework
Vulnerability Analysis A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the...
213 views0 comments
jt
- Oct 5, 2020
- 2 min
Threat Assessment Tools
Attacker Perspective When considering how various attackers might view your organization, it may be helpful to plot them on a matrix like...
115 views0 comments
jt
- Sep 28, 2020
- 1 min
The Risk Management Continuum
When risk assessments get too complex or time-consuming, it is usually because the wrong tool is being applied to the job. As security...
87 views0 comments
jt
- Sep 21, 2020
- 1 min
Case Study: Australian Risk Management Capability Maturity Model
Another risk maturity model worth considering is the Australian Government Commonwealth Risk Management Capability Maturity Model.¹ This...
122 views0 comments
jt
- Sep 14, 2020
- 2 min
The SRMBOK Maturity Model
Security Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level...
221 views0 comments
jt
- Sep 7, 2020
- 1 min
Security Risk Assessment Reports - Two Ways
Report Headings Example 1 The following is one example of how to structure a Security Risk Assessment. TERMS AND DEFINITIONS TABLE OF...
98 views0 comments
jt
- Aug 31, 2020
- 1 min
How to Structure a Security Risk Assessment Request
Project Brief Headings Example The following is one example of how to structure a consultant's brief or request for quotation to conduct...
96 views0 comments
jt
- Aug 24, 2020
- 1 min
How to Structure a Security Plan
Security Plan Headings Example The following is one example of how to structure a Security Plan. You can download a template from...
172 views0 comments
jt
- Aug 17, 2020
- 1 min
The Real Cost of Risk Treatments
The Nature of Risk Treatments Here are several levels of expenditure to consider when implementing treatments: Sunk costs – funds that...
50 views0 comments