• jt

SRA Methodology

This methodology has minor adaptations from ‘FIGURE 11.3 Expansion of AS/NZS 4360:2004 Risk Management Process for Security Risk Management’ in SRMBOK (2009) to reflect the updates to ISO31000:2018.


Individual elements are described in more detail in the SRM-AM under Threat Assessment, Vulnerability Analysis, Criticality Assessment and Risk Treatments.


This model is not necessarily the best or only model. Nor does it need to be followed in a step by step process. It is designed purely to illustrate the relationships of various elements of security risk assessment to each other and provide a level of integration with models such as CARVER, ISO31000 Process, and Hierarchy of Controls in a single diagram.







Recent Posts

See All

Other Security Frameworks

Security Frameworks The following is a partial list of sources for security-related frameworks. Their presence here is not an endorsement, just a resource if you are looking for more references. I hav

©2019 by Julian Talbot