How to change culture
One school of thought says it takes five years to change an organisation's culture. Another view says you can do it over a weekend. Yet...
top of page
WELCOME
The Security Risk Management Aide-Memoire (SRMAM) is a short book based on the Security Risk Management Body of Knowledge (SRMBOK) with additional material, new research, and changes to reflect the 2018 ISO31000 Risk Management Standard update. You can read most of the chapters in the blog articles below, plus new material that will form the basis for a second edition in the coming years.
Search
jt
- Feb 11, 2021
- 2 min
How Do You Assess the Quality of Your Security Risk Management?
One element often missing or inadequate is ensuring and assessing the effectiveness of security risk management and security assessments....
471 views3 comments
jt
- Nov 9, 2020
- 1 min
SRA Methodology
This methodology has minor adaptations from ‘FIGURE 11.3 Expansion of AS/NZS 4360:2004 Risk Management Process for Security Risk...
903 views1 comment
jt
- Nov 2, 2020
- 1 min
The SRMBOK Framework
The following Framework graphics have been adapted from the SRMBOK organizational resilience model in SRMBOK (FIGURE 11.2). The main...
1,057 views0 comments
jt
- Oct 26, 2020
- 1 min
Other Security Frameworks
Security Frameworks The following is a partial list of sources for security-related frameworks. Their presence here is not an...
243 views0 comments
jt
- Oct 19, 2020
- 2 min
Security Risk Assessment Definitions
These definitions are not comprehensive. Please consider them simply as brief clarifications to indicate their use in this blog. Unless...
131 views0 comments
Julian Talbot
- Oct 12, 2020
- 1 min
A Vulnerability Analysis Framework
Vulnerability Analysis A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the...
394 views0 comments
jt
- Oct 5, 2020
- 2 min
Threat Assessment Tools
Attacker Perspective When considering how various attackers might view your organization, it may be helpful to plot them on a matrix like...
172 views0 comments
jt
- Sep 28, 2020
- 1 min
The Risk Management Continuum
When risk assessments get too complex or time-consuming, it is usually because the wrong tool is being applied to the job. As security...
338 views1 comment
jt
- Sep 21, 2020
- 1 min
Case Study: Australian Risk Management Capability Maturity Model
Another risk maturity model worth considering is the Australian Government Commonwealth Risk Management Capability Maturity Model.¹ This...
164 views0 comments
jt
- Sep 14, 2020
- 2 min
The SRMBOK Maturity Model
Security Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level...
279 views0 comments
jt
- Sep 7, 2020
- 1 min
Security Risk Assessment Reports - Two Ways
Report Headings Example 1 The following is one example of how to structure a Security Risk Assessment. TERMS AND DEFINITIONS TABLE OF...
125 views0 comments
jt
- Aug 31, 2020
- 1 min
How to Structure a Security Risk Assessment Request
Project Brief Headings Example The following is one example of how to structure a consultant's brief or request for quotation to conduct...
119 views0 comments
jt
- Aug 24, 2020
- 1 min
How to Structure a Security Plan
Security Plan Headings Example The following is one example of how to structure a Security Plan. You can download a template from...
230 views0 comments
jt
- Aug 17, 2020
- 1 min
The Real Cost of Risk Treatments
The Nature of Risk Treatments Here are several levels of expenditure to consider when implementing treatments: Sunk costs – funds that...
60 views0 comments
jt
- Aug 10, 2020
- 1 min
Writing Treatment Plans
Treatment Plans - A Brief Template The following headings may be suitable for many treatment registers. Serial (Treatment ID) Treatment...
305 views0 comments
jt
- Aug 3, 2020
- 1 min
Which Risk Treatment to Choose? An 8-step Process
Eight Step Process For Selecting Risk Treatments The following process can help identify treatments for complex risks. It can be used for...
149 views0 comments
jt
- Jul 27, 2020
- 1 min
The ISO-31000 Approach to Risk Treatment
Selecting Risk Treatments ISO31000 suggests applying one or more of the following approaches to treating risks: Avoiding the risk by...
359 views0 comments
jt
- Jul 20, 2020
- 1 min
How to Document Complex Treatments?
📷 The following elements provide an example of a high level overview of complex risk treatments. Each risk treatment in theTreatment...
68 views0 comments
jt
- Jul 13, 2020
- 1 min
How to Communicate Risk Visually
Communication and consultation is an iterative, two (or more) way process, which applies at all stages of risk management....
78 views0 comments
bottom of page