Business Impact Levels
Business impact levels (BILs) measure the potential impact a disruption or loss of a particular business function or asset would have on...
top of page
WELCOME
The Security Risk Management Aide-Memoire (SRMAM) is a short book based on the Security Risk Management Body of Knowledge (SRMBOK) with additional material, new research, and changes to reflect the 2018 ISO31000 Risk Management Standard update. You can read most of the chapters in the blog articles below, plus new material that will form the basis for a second edition in the coming years.
Search
Julian Talbot
- Feb 7
- 2 min
When to use a Risk Matrix
Risk matrices can be used effectively based on thorough hazard/threat assessments and asset analyses. These inputs can provide...
332 views0 comments
Julian Talbot
- Jan 25
- 5 min
Finding software for risk management
One of the things that I do is build software. These days, I'm more of an end user, and for the past few years, I've been a bit selfish...
263 views0 comments
Julian Talbot
- Jan 10
- 2 min
Choosing a Risk Assessment Tool
For most of us, Microsoft Excel has been the default starting point for risk assessment tools. There is, however, an ever-increasing...
214 views0 comments
Julian Talbot
- Dec 19, 2022
- 2 min
Security Risk Management Models
Some key models that can be helpful for security risk assessment and management, depending on the context, include the following. The...
582 views0 comments
jt
- Sep 7, 2022
- 1 min
Three-Point Estimation
Three-point estimation is one way to calculate a realistic estimation using a best-case estimate, worst-case estimate, and most...
115 views0 comments
Julian Talbot
- Jul 26, 2022
- 2 min
Risk management culture
Culture is the set of encouraged and acceptable behaviors, discussions, decisions and attitudes toward taking and managing risk within a...
98 views0 comments
jt
- Jul 6, 2022
- 2 min
11 x 11 Risk Matrix
The following matrix shows an example of how three different risks are plotted on a matrix to reflect those risks' uncertainty. For...
1,300 views0 comments
jt
- Jun 28, 2022
- 1 min
Risk Calculations
P90, P50, P10 Another approach to using multiple point estimation involves using probabilities which do not add up to 100%. We might for...
89 views0 comments
Julian Talbot
- Jun 18, 2022
- 1 min
How to change culture
One school of thought says it takes five years to change an organisation's culture. Another view says you can do it over a weekend. Yet...
239 views0 comments
Julian Talbot
- May 16, 2022
- 3 min
Three Types of Risk
Risk management comes in many forms, but one approach, which I call the 3As, looks at three different risk management styles: Actuarial -...
1,747 views1 comment
jt
- Feb 11, 2021
- 2 min
How Do You Assess the Quality of Your Security Risk Management?
One element often missing or inadequate is ensuring and assessing the effectiveness of security risk management and security assessments....
486 views3 comments
jt
- Nov 9, 2020
- 1 min
SRA Methodology
This methodology has minor adaptations from ‘FIGURE 11.3 Expansion of AS/NZS 4360:2004 Risk Management Process for Security Risk...
936 views1 comment
jt
- Nov 2, 2020
- 1 min
The SRMBOK Framework
The following Framework graphics have been adapted from the SRMBOK organizational resilience model in SRMBOK (FIGURE 11.2). The main...
1,068 views0 comments
jt
- Oct 26, 2020
- 1 min
Other Security Frameworks
Security Frameworks The following is a partial list of sources for security-related frameworks. Their presence here is not an...
245 views0 comments
jt
- Oct 19, 2020
- 2 min
Security Risk Assessment Definitions
These definitions are not comprehensive. Please consider them simply as brief clarifications to indicate their use in this blog. Unless...
143 views0 comments
Julian Talbot
- Oct 12, 2020
- 1 min
A Vulnerability Analysis Framework
Vulnerability Analysis A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the...
402 views0 comments
jt
- Oct 5, 2020
- 2 min
Threat Assessment Tools
Attacker Perspective When considering how various attackers might view your organization, it may be helpful to plot them on a matrix like...
177 views0 comments
jt
- Sep 28, 2020
- 1 min
The Risk Management Continuum
When risk assessments get too complex or time-consuming, it is usually because the wrong tool is being applied to the job. As security...
392 views1 comment
jt
- Sep 21, 2020
- 1 min
Case Study: Australian Risk Management Capability Maturity Model
Another risk maturity model worth considering is the Australian Government Commonwealth Risk Management Capability Maturity Model.¹ This...
168 views0 comments
bottom of page