Finding software for risk management
One of the things that I do is build software. These days, I'm more of an end user, and for the past few years, I've been a bit selfish...
top of page
Search
Julian Talbot
- Jan 10
- 2 min
Choosing a Risk Assessment Tool
For most of us, Microsoft Excel has been the default starting point for risk assessment tools. There is, however, an ever-increasing...
91 views0 comments
Julian Talbot
- Dec 19, 2022
- 2 min
Security Risk Management Models
Some key models that can be helpful for security risk assessment and management, depending on the context, include the following. The...
199 views0 comments
jt
- Sep 7, 2022
- 1 min
Three-Point Estimation
Three-point estimation is one way to calculate a realistic estimation using a best-case estimate, worst-case estimate, and most...
79 views0 comments
Julian Talbot
- Jul 26, 2022
- 2 min
Risk management culture
Culture is the set of encouraged and acceptable behaviors, discussions, decisions and attitudes toward taking and managing risk within a...
78 views0 comments
jt
- Jul 6, 2022
- 2 min
11 x 11 Risk Matrix
The following matrix shows an example of how three different risks are plotted on a matrix to reflect those risks' uncertainty. For...
1,191 views0 comments
jt
- Jun 28, 2022
- 1 min
Risk Calculations
P90, P50, P10 Another approach to using multiple point estimation involves using probabilities which do not add up to 100%. We might for...
62 views0 comments
Julian Talbot
- Jun 18, 2022
- 1 min
How to change culture
One school of thought says it takes five years to change an organisation's culture. Another view says you can do it over a weekend. Yet...
190 views0 comments
Julian Talbot
- May 16, 2022
- 3 min
Three Types of Risk
Risk management comes in many forms, but one approach, which I call the 3As, looks at three different risk management styles: Actuarial -...
804 views1 comment
jt
- Feb 11, 2021
- 2 min
How Do You Assess the Quality of Your Security Risk Management?
One element often missing or inadequate is ensuring and assessing the effectiveness of security risk management and security assessments....
387 views3 comments
jt
- Nov 9, 2020
- 1 min
SRA Methodology
This methodology has minor adaptations from ‘FIGURE 11.3 Expansion of AS/NZS 4360:2004 Risk Management Process for Security Risk...
768 views1 comment
jt
- Nov 2, 2020
- 1 min
The SRMBOK Framework
The following Framework graphics have been adapted from the SRMBOK organizational resilience model in SRMBOK (FIGURE 11.2). The main...
904 views0 comments
jt
- Oct 26, 2020
- 1 min
Other Security Frameworks
Security Frameworks The following is a partial list of sources for security-related frameworks. Their presence here is not an...
217 views0 comments
jt
- Oct 19, 2020
- 2 min
Security Risk Assessment Definitions
These definitions are not comprehensive. Please consider them simply as brief clarifications to indicate their use in this blog. Unless...
104 views0 comments
Julian Talbot
- Oct 12, 2020
- 1 min
A Vulnerability Analysis Framework
Vulnerability Analysis A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the...
270 views0 comments
jt
- Oct 5, 2020
- 2 min
Threat Assessment Tools
Attacker Perspective When considering how various attackers might view your organization, it may be helpful to plot them on a matrix like...
133 views0 comments
jt
- Sep 28, 2020
- 1 min
The Risk Management Continuum
When risk assessments get too complex or time-consuming, it is usually because the wrong tool is being applied to the job. As security...
229 views1 comment
jt
- Sep 21, 2020
- 1 min
Case Study: Australian Risk Management Capability Maturity Model
Another risk maturity model worth considering is the Australian Government Commonwealth Risk Management Capability Maturity Model.¹ This...
132 views0 comments
jt
- Sep 14, 2020
- 2 min
The SRMBOK Maturity Model
Security Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level...
238 views0 comments
jt
- Sep 7, 2020
- 1 min
Security Risk Assessment Reports - Two Ways
Report Headings Example 1 The following is one example of how to structure a Security Risk Assessment. TERMS AND DEFINITIONS TABLE OF...
108 views0 comments
bottom of page