Julian Talbot5 days ago3 minThree Types of RiskRisk management comes in many forms, but one approach, which I call the 3As, looks at three different risk management styles: Actuarial -...
jtFeb 11, 20212 minHow Do You Assess the Quality of Your Security Risk Management?One element that is often missing or inadequate is how to ensure, and to assess the effectiveness of security risk management and...
jtNov 9, 20201 minSRA MethodologyThis methodology has minor adaptations from ‘FIGURE 11.3 Expansion of AS/NZS 4360:2004 Risk Management Process for Security Risk...
jtNov 2, 20201 minThe SRMBOK FrameworkThe following Framework graphics have been adapted from the SRMBOK organizational resilience model in SRMBOK (FIGURE 11.2). The main...
jtOct 26, 20201 minOther Security FrameworksSecurity Frameworks The following is a partial list of sources for security-related frameworks. Their presence here is not an...
jtOct 19, 20202 minSecurity Risk Assessment DefinitionsThese definitions are not comprehensive. Please consider them simply as brief clarifications to indicate their use in this blog. Unless...
Julian TalbotOct 12, 20201 minA Vulnerability Analysis FrameworkVulnerability Analysis A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the...
jtOct 5, 20202 minThreat Assessment ToolsAttacker Perspective When considering how various attackers might view your organization, it may be helpful to plot them on a matrix like...
jtSep 28, 20201 minThe Right Tool For Each JobWhen security risk assessments start to get too complex or time consuming, it is usually because the wrong tool is being applied to the...
jtSep 21, 20201 minCase Study: Australian Risk Management Capability Maturity ModelAnother risk maturity model worth considering is the Australian Government Commonwealth Risk Management Capability Maturity Model.¹ This...
jtSep 14, 20202 minThe SRMBOK Maturity ModelSecurity Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level...
jtSep 7, 20201 minSecurity Risk Assessment Reports - Two WaysReport Headings Example 1 The following is one example of how to structure a Security Risk Assessment. TERMS AND DEFINITIONS TABLE OF...
jtAug 31, 20201 minHow to Structure a Security Risk Assessment RequestProject Brief Headings Example The following is one example of how to structure a consultant's brief or request for quotation to conduct...
jtAug 24, 20201 minHow to Structure a Security PlanSecurity Plan Headings Example The following is one example of how to structure a Security Plan. You can download a template from...
jtAug 17, 20201 minThe Real Cost of Risk TreatmentsThe Nature of Risk Treatments Here are several levels of expenditure to consider when implementing treatments: Sunk costs – funds that...
jtAug 10, 20201 minWriting Treatment PlansTreatment Plans - A Brief Template The following headings may be suitable for many treatment registers. Serial (Treatment ID) Treatment...
jtAug 3, 20201 minWhich Risk Treatment to Choose? An 8-step ProcessEight Step Process For Selecting Risk Treatments The following process can help identify treatments for complex risks. It can be used for...
jtJul 27, 20201 minThe ISO-31000 Approach to Risk TreatmentSelecting Risk Treatments ISO31000 suggests applying one or more of the following approaches to treating risks: Avoiding the risk by...
Julian TalbotJul 22, 20202 minVulnerability and controlAnd no, this isn't about being a control freak, or feeling vulnerable. Well not exactly. As you've probably already guessed (given that...
jtJul 20, 20201 minHow to Document Complex Treatments?📷 The following elements provide an example of a high level overview of complex risk treatments. Each risk treatment in theTreatment...