top of page


The Security Risk Management Aide-Memoire (SRMAM) is a memory jogger based on the Security Risk Management Body of Knowledge (SRMBOK) plus additional material, new research, and the 2018 update to ISO31000 Risk Management Standard.

The book is available in paperback and Kindle from your local Amazon website. A PDF version is also available free when you set up an account to use the security risk management software at SECTARA. I and several others have helped Konrad Buczynski to establish SECTARA as the best security risk management software platform available and we're constantly improving it. Give it a try. It's free and I think you'll like it.


I will add new material and explanatory videos to this website but if you would like to contribute to future editions, please post feedback in an Amazon review or the discussion forum.

If you'd like to find out about updates and my latest books, you can subscribe to my occasional newsletters here.


I would like to give my deepest thanks to the following people who have been so generous with their time, inspired me, and generously contributed to the book. They are all experts in security risk management, and many of them work as managers and consultants and volunteer in professional associations. I encourage you to reach out to them.

My thanks to Bruce Mateer, Chris Oxley, Craig J. Brain, Dave Van Lambaart, Gav Schneider, Jason Brown, Konrad Buczynski, Larry Clark, Mark Jarratt, Marty Smith, Matthew Curtis, Miles Jakeman, Nick Janicki, Paul Dunlop, Paul Longley, Stewart Hayes, Tony Ridley, and Tony Solomon.

Without your help, this would not be the book is it now. Any errors, as always, belong to me. I would also like to thank my editor Julie-Anne Meaney for improving your reading experience and Tanya Leontyeva for updating my homemade graphics to something more modern.

You can find more about the team at



  1. The book is designed so you can carry the models, taxonomies, diagrams, and frameworks with you in a pocket or on your phone as a memory jogger.

  2. The models, ideas, and graphics are also useful when you need to explain them to others.

  3. You can download the diagrams and models on the website for presentations, training, brainstorming, and briefings.

  4. The models are a starting point. You may notice internal inconsistencies. This is so you don't rely on any particular method or tool as sacrosanct. The minor variations illustrate possibilities. There is nothing mandatory here.  Choose what works for you.

I encourage you to continue to adapt and tailor these concepts to suit your own situation. And if you have suggestions for a future edition, please share them on the forum or get in touch.


I've been working in security for many decades now and I love it. It's helped me meet some great people, travel the world, and learn more about myself. I also love that as a profession, it is all about helping and protecting others. That it pays the bills is just a bonus. I also love travel, so if you have an interesting consulting assignment in some far-flung part of the world, drop me a line.


Drop us a line either in the Forum or via the Contact Form

You can also find me at LinkedIn

And you can find most of my websites via this page which is hosted on the amazing FYI.TO 

FYI is about the best thing since sliced bread - at least in terms of human-curated content and collecting favorite websites in one place. And fair disclosure, I'm involved in that too. Over the years, I've been getting involved in more and more startups based on two criteria: 1) do I like the people, and 2) do I like the business. FYI & SECTARA are two of them.

Reading with Coffee
bottom of page