jtMar 301 minWhat Is the ISO31000 Process?ISO31000 Process The key stages of the security risk management process (as per ISO31000:2018) are: Scope, Context, and Criteria Risk Assessment, which compr...
jtMar 162 minHow Do Intent and Capability Relate to Assessing Threat?Intent & Capability Threat can be evaluated as a combination of Intent & Capability. Intent and Capability both comprise other elements as illustrated below....
Julian TalbotMar 91 minWhat are Threat Acts and Threat Tolerance?Threat tolerance can be a very subjective thing but there are some ways to make it more consistent.
Julian TalbotMar 21 minWhat Are Threat Actors?A threat actor is a participant in an action or process. But what is the difference between a hazard and a threat?
jtFeb 241 minHow to Compile a Security Risk Assessment?SRA and ISO31000 There are many ways to conduct a Security Risk Assessment (SRA). The graphics below are adapted from ISO31000:2018 Risk Management Standard ...
Julian TalbotFeb 171 minHow Should We Treat Risks? The Hierarchy of ControlsThe hierarchy of controls is based on the concept that not all risk treatments are equally effective. For example a handrail at the top of a cliff (engineeri...
Julian TalbotFeb 101 minWhat are Risk Criteria, Scope and Risk Tolerance?How to set risk criteria, scope and tolerances without all the jargon.
Julian TalbotFeb 31 minHow Can We Use Context to Inform Risk Management?What to include when setting the context for a risk assessment.
jtJan 272 minHow to Write a Risk StatementElements of a Risk Statement It may be helpful to build lists of assets that could be affected. These are potential Sources, Events, Resources that are at ri...
jtJan 201 minSwiss Cheese Risk VisualizationSwiss-Cheese is a concept that for an event to occur, a number of ‘holes’ have to align in the barriers that are in place.¹ ¹ Reason, James.Human Error. 1 ed...
Julian TalbotJan 131 minStrategies for Identifying RisksTechniques for identifying risks include: Incident Report Analysis Documentation Reviews Brainstorming Delphi Technique Red Teaming Intelligence Reports Thre...
Julian TalbotJan 61 minCategorizing Assets for Risk ManagementResources and assets can be categorized and defined to suit the organization’s requirements. Asset Groups Employees & Contractors Visitors Brand & Reputation...
Julian TalbotDec 30, 20191 minWhat Is the Root Cause of the Risk?Root cause analysis is core to managing risk.
Julian TalbotDec 16, 20191 minHow Do We Analyze and Describe Risk?Many pages of the book and this website are dedicated to risk analysis but, at an introductory level, for the moment, lets just say that risk is usually desc...
Julian TalbotNov 22, 20194 minSecurity Risk Assessment in a nutshellA framework to integrate the various models for security risk assessment into a single diagram. From ISO31000 to CARVER they are all here.
Julian TalbotOct 24, 20196 minThe CASE for risk managementA way to solve one of the biggest problems with risk analysis - consistently and comprehensively identifying the risks.
