top of page
WELCOME
The Security Risk Management Aide-Memoire (SRMAM) is a short book based on the Security Risk Management Body of Knowledge (SRMBOK) with additional material, new research, and changes to reflect the 2018 ISO31000 Risk Management Standard update. You can read most of the chapters in the blog articles below, plus new material that will form the basis for a second edition in the coming years.
Search
Julian Talbot
Mar 7, 20232 min read
Business Impact Levels
Business impact levels (BILs) measure the potential impact a disruption or loss of a particular business function or asset would have on...
968 views
0 comments
Julian Talbot
Feb 7, 20232 min read
When to use a Risk Matrix
Risk matrices can be used effectively based on thorough hazard/threat assessments and asset analyses. These inputs can provide...
487 views
0 comments
Julian Talbot
Jan 25, 20235 min read
Finding software for risk management
One of the things that I do is build software. These days, I'm more of an end user, and for the past few years, I've been a bit selfish...
312 views
0 comments
Julian Talbot
Jan 10, 20232 min read
Choosing a Risk Assessment Tool
For most of us, Microsoft Excel has been the default starting point for risk assessment tools. There is, however, an ever-increasing...
342 views
0 comments
Julian Talbot
Dec 19, 20222 min read
Security Risk Management Models
Some key models that can be helpful for security risk assessment and management, depending on the context, include the following. The...
1,517 views
0 comments
jt
Sep 7, 20221 min read
Three-Point Estimation
Three-point estimation is one way to calculate a realistic estimation using a best-case estimate, worst-case estimate, and most...
182 views
0 comments
Julian Talbot
Jul 26, 20222 min read
Risk management culture
Culture is the set of encouraged and acceptable behaviors, discussions, decisions and attitudes toward taking and managing risk within a...
119 views
0 comments
jt
Jul 6, 20222 min read
11 x 11 Risk Matrix
The following matrix shows an example of how three different risks are plotted on a matrix to reflect those risks' uncertainty. For...
1,402 views
0 comments
jt
Jun 28, 20221 min read
Risk Calculations
P90, P50, P10 Another approach to using multiple point estimation involves using probabilities which do not add up to 100%. We might for...
118 views
0 comments
Julian Talbot
Jun 18, 20221 min read
How to change culture
One school of thought says it takes five years to change an organisation's culture. Another view says you can do it over a weekend. Yet...
320 views
0 comments
Julian Talbot
May 16, 20223 min read
Three Types of Risk
Risk management comes in many forms, but one approach, which I call the 3As, looks at three different risk management styles: Actuarial -...
2,209 views
1 comment
jt
Feb 11, 20212 min read
How Do You Assess the Quality of Your Security Risk Management?
One element often missing or inadequate is ensuring and assessing the effectiveness of security risk management and security assessments....
559 views
3 comments
jt
Nov 9, 20201 min read
SRA Methodology
This methodology has minor adaptations from ‘FIGURE 11.3 Expansion of AS/NZS 4360:2004 Risk Management Process for Security Risk...
1,137 views
1 comment
jt
Nov 2, 20201 min read
The SRMBOK Framework
The following Framework graphics have been adapted from the SRMBOK organizational resilience model in SRMBOK (FIGURE 11.2). The main...
1,335 views
0 comments
jt
Oct 26, 20201 min read
Other Security Frameworks
Security Frameworks The following is a partial list of sources for security-related frameworks. Their presence here is not an...
340 views
0 comments
jt
Oct 19, 20202 min read
Security Risk Assessment Definitions
These definitions are not comprehensive. Please consider them simply as brief clarifications to indicate their use in this blog. Unless...
181 views
0 comments
Julian Talbot
Oct 12, 20201 min read
A Vulnerability Analysis Framework
Vulnerability Analysis A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the...
556 views
0 comments
jt
Oct 5, 20202 min read
Threat Assessment Tools
Attacker Perspective When considering how various attackers might view your organization, it may be helpful to plot them on a matrix like...
207 views
0 comments
jt
Sep 28, 20201 min read
The Risk Management Continuum
When risk assessments get too complex or time-consuming, it is usually because the wrong tool is being applied to the job. As security...
538 views
1 comment
jt
Sep 21, 20201 min read
Case Study: Australian Risk Management Capability Maturity Model
Another risk maturity model worth considering is the Australian Government Commonwealth Risk Management Capability Maturity Model.¹ This...
214 views
0 comments
bottom of page