The Security Risk Management Aide-Memoire (SRMAM) is a memory jogger based on the Security Risk Management Body of Knowledge (SRMBOK) plus additional material, new research, and the 2018 update to ISO31000 Risk Management Standard.
The book is available in paperback and Kindle from your local Amazon website. A PDF version is also available free when you set up an account to use the security risk management software at SECTARA. I and several others have helped Konrad Buczynski to establish SECTARA as the best security risk management software platform available and we're constantly improving it. Give it a try. It's free and I think you'll like it.
I would like to give my deepest thanks to the following people who have been so generous with their time, inspired me, and generously contributed to the book. They are all experts in security risk management, and many of them work as managers and consultants and volunteer in professional associations. I encourage you to reach out to them.
My thanks to Bruce Mateer, Chris Oxley, Craig J. Brain, Dave Van Lambaart, Gav Schneider, Jason Brown, Konrad Buczynski, Larry Clark, Mark Jarratt, Marty Smith, Matthew Curtis, Miles Jakeman, Nick Janicki, Paul Dunlop, Paul Longley, Stewart Hayes, Tony Ridley, and Tony Solomon.
Without your help, this would not be the book is it now. Any errors, as always, belong to me. I would also like to thank my editor Julie-Anne Meaney for improving your reading experience and Tanya Leontyeva for updating my homemade graphics to something more modern.
You can find more about the team at srmam.fyi.to/contributors.
HOW TO USE
The book is designed so you can carry the models, taxonomies, diagrams, and frameworks with you in a pocket or on your phone as a memory jogger.
The models, ideas, and graphics are also useful when you need to explain them to others.
You can download the diagrams and models on the website for presentations, training, brainstorming, and briefings.
The models are a starting point. You may notice internal inconsistencies. This is so you don't rely on any particular method or tool as sacrosanct. The minor variations illustrate possibilities. There is nothing mandatory here. Choose what works for you.
I've been working in security for many decades now and I love it. It's helped me meet some great people, travel the world, and learn more about myself. I also love that as a profession, it is all about helping and protecting others. That it pays the bills is just a bonus. I also love travel, so if you have an interesting consulting assignment in some far-flung part of the world, drop me a line.
GET IN TOUCH
You can also find me at LinkedIn
FYI is about the best thing since sliced bread - at least in terms of human-curated content and collecting favorite websites in one place. And fair disclosure, I'm involved in that too. Over the years, I've been getting involved in more and more startups based on two criteria: 1) do I like the people, and 2) do I like the business. FYI & SECTARA are two of them.