• jt

How to Compile a Security Risk Assessment?

SRA and ISO31000

There are many ways to conduct a Security Risk Assessment (SRA). The graphics below are adapted from ISO31000:2018 Risk Management Standard to give some additional guidance and a slightly different approach.

This graphic illustrates one example of how to consider threat and criticality in the context of a security risk assessment. It is similar to the process used in SECTARA where you will also find several articles on security risk management and assessment.

©2019 by Julian Talbot