The SRMBOK Framework
The following Framework graphics have been adapted from the SRMBOK organizational resilience model in SRMBOK (FIGURE 11.2). The main change is to simplify the diagram and establish Objectives rather than Capability as the key outcome.
Security-in-depth provides layers of protection to protect resources, in order to sustain capability. The purpose of capability however is to support achievement of objectives.
The following graphic illustrates one way of structuring a security risk management system (SRMS).