top of page

WELCOME
The Security Risk Management Aide-Memoire (SRMAM) is a short book based on the Security Risk Management Body of Knowledge (SRMBOK) with additional material, new research, and changes to reflect the 2018 ISO31000 Risk Management Standard update. You can read most of the chapters in the blog articles below, plus new material that will form the basis for a second edition in the coming years.
Search


How to change culture
One school of thought says it takes five years to change an organisation's culture. Another view says you can do it over a weekend. Yet...

Julian Talbot
Jun 18, 20221 min read
329 views
0 comments


How Do You Assess the Quality of Your Security Risk Management?
One element often missing or inadequate is ensuring and assessing the effectiveness of security risk management and security assessments....
jt
Feb 11, 20212 min read
564 views
3 comments


SRA Methodology
This methodology has minor adaptations from ‘FIGURE 11.3 Expansion of AS/NZS 4360:2004 Risk Management Process for Security Risk...
jt
Nov 9, 20201 min read
1,154 views
1 comment


The SRMBOK Framework
The following Framework graphics have been adapted from the SRMBOK organizational resilience model in SRMBOK (FIGURE 11.2). The main...
jt
Nov 2, 20201 min read
1,348 views
0 comments


Other Security Frameworks
Security Frameworks The following is a partial list of sources for security-related frameworks. Their presence here is not an...
jt
Oct 26, 20201 min read
342 views
0 comments


Security Risk Assessment Definitions
These definitions are not comprehensive. Please consider them simply as brief clarifications to indicate their use in this blog. Unless...
jt
Oct 19, 20202 min read
184 views
0 comments


A Vulnerability Analysis Framework
Vulnerability Analysis A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the...

Julian Talbot
Oct 12, 20201 min read
565 views
0 comments


Threat Assessment Tools
Attacker Perspective When considering how various attackers might view your organization, it may be helpful to plot them on a matrix like...
jt
Oct 5, 20202 min read
210 views
0 comments


The Risk Management Continuum
When risk assessments get too complex or time-consuming, it is usually because the wrong tool is being applied to the job. As security...
jt
Sep 28, 20201 min read
540 views
1 comment
Case Study: Australian Risk Management Capability Maturity Model
Another risk maturity model worth considering is the Australian Government Commonwealth Risk Management Capability Maturity Model.¹ This...
jt
Sep 21, 20201 min read
216 views
0 comments
The SRMBOK Maturity Model
Security Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level...
jt
Sep 14, 20202 min read
339 views
0 comments
Security Risk Assessment Reports - Two Ways
Report Headings Example 1 The following is one example of how to structure a Security Risk Assessment. TERMS AND DEFINITIONS TABLE OF...
jt
Sep 7, 20201 min read
146 views
0 comments
How to Structure a Security Risk Assessment Request
Project Brief Headings Example The following is one example of how to structure a consultant's brief or request for quotation to conduct...
jt
Aug 31, 20201 min read
137 views
0 comments
How to Structure a Security Plan
Security Plan Headings Example The following is one example of how to structure a Security Plan. You can download a template from...
jt
Aug 24, 20201 min read
296 views
0 comments


The Real Cost of Risk Treatments
The Nature of Risk Treatments Here are several levels of expenditure to consider when implementing treatments: Sunk costs – funds that...
jt
Aug 17, 20201 min read
76 views
0 comments
Writing Treatment Plans
Treatment Plans - A Brief Template The following headings may be suitable for many treatment registers. Serial (Treatment ID) Treatment...
jt
Aug 10, 20201 min read
361 views
0 comments
Which Risk Treatment to Choose? An 8-step Process
Eight Step Process For Selecting Risk Treatments The following process can help identify treatments for complex risks. It can be used for...
jt
Aug 3, 20201 min read
200 views
0 comments


The ISO-31000 Approach to Risk Treatment
Selecting Risk Treatments ISO31000 suggests applying one or more of the following approaches to treating risks: Avoiding the risk by...
jt
Jul 27, 20201 min read
575 views
0 comments
How to Document Complex Treatments?
📷 The following elements provide an example of a high level overview of complex risk treatments. Each risk treatment in theTreatment...
jt
Jul 20, 20201 min read
75 views
0 comments


How to Communicate Risk Visually
Communication and consultation is an iterative, two (or more) way process, which applies at all stages of risk management....
jt
Jul 13, 20201 min read
136 views
0 comments
bottom of page