top of page
  • jt

SRA Methodology

This methodology has minor adaptations from ‘FIGURE 11.3 Expansion of AS/NZS 4360:2004 Risk Management Process for Security Risk Management’ in SRMBOK (2009) to reflect the updates to ISO31000:2018.

Individual elements are described in more detail in the SRM-AM under Threat Assessment, Vulnerability Analysis, Criticality Assessment and Risk Treatments.

This model is not necessarily the best or only model. Nor does it need to be followed in a step by step process. It is designed purely to illustrate the relationships of various elements of security risk assessment to each other and provide a level of integration with models such as CARVER, ISO31000 Process, and Hierarchy of Controls in a single diagram.

1,031 views1 comment

Recent Posts

See All

1 hozzászólás

<A HREF="">Shankar</A>

bottom of page