• jt

How to Compile a Security Risk Assessment?


SRA and ISO31000

There are many ways to conduct a Security Risk Assessment (SRA). The graphics below are adapted from ISO31000:2018 Risk Management Standard to give some additional guidance and a slightly different approach.





This graphic illustrates one example of how to consider threat and criticality in the context of a security risk assessment. It is similar to the process used in SECTARA where you will also find several articles on security risk management and assessment.


108 views

Recent Posts

See All

The SRMBOK Maturity Model

Security Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level 2 BASIC Level 3 REPEATABLE Level 4 OPTIMIZING The model also ad

©2019 by Julian Talbot