The SRMBOK Maturity Model
Security Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level...
top of page
WELCOME
The Security Risk Management Aide-Memoire (SRMAM) is a short book based on the Security Risk Management Body of Knowledge (SRMBOK) with additional material, new research, and changes to reflect the 2018 ISO31000 Risk Management Standard update. You can read most of the chapters in the blog articles below, plus new material that will form the basis for a second edition in the coming years.
Search
jt
- Sep 7, 2020
- 1 min
Security Risk Assessment Reports - Two Ways
Report Headings Example 1 The following is one example of how to structure a Security Risk Assessment. TERMS AND DEFINITIONS TABLE OF...
125 views0 comments
jt
- Aug 31, 2020
- 1 min
How to Structure a Security Risk Assessment Request
Project Brief Headings Example The following is one example of how to structure a consultant's brief or request for quotation to conduct...
119 views0 comments
jt
- Aug 24, 2020
- 1 min
How to Structure a Security Plan
Security Plan Headings Example The following is one example of how to structure a Security Plan. You can download a template from...
230 views0 comments
jt
- Aug 17, 2020
- 1 min
The Real Cost of Risk Treatments
The Nature of Risk Treatments Here are several levels of expenditure to consider when implementing treatments: Sunk costs – funds that...
60 views0 comments
jt
- Aug 10, 2020
- 1 min
Writing Treatment Plans
Treatment Plans - A Brief Template The following headings may be suitable for many treatment registers. Serial (Treatment ID) Treatment...
305 views0 comments
jt
- Aug 3, 2020
- 1 min
Which Risk Treatment to Choose? An 8-step Process
Eight Step Process For Selecting Risk Treatments The following process can help identify treatments for complex risks. It can be used for...
149 views0 comments
jt
- Jul 27, 2020
- 1 min
The ISO-31000 Approach to Risk Treatment
Selecting Risk Treatments ISO31000 suggests applying one or more of the following approaches to treating risks: Avoiding the risk by...
359 views0 comments
Julian Talbot
- Jul 22, 2020
- 2 min
Vulnerability and control
And no, this isn't about being a control freak, or feeling vulnerable. Well not exactly. As you've probably already guessed (given that...
56 views0 comments
jt
- Jul 20, 2020
- 1 min
How to Document Complex Treatments?
📷 The following elements provide an example of a high level overview of complex risk treatments. Each risk treatment in theTreatment...
68 views0 comments
jt
- Jul 13, 2020
- 1 min
How to Communicate Risk Visually
Communication and consultation is an iterative, two (or more) way process, which applies at all stages of risk management....
78 views0 comments
jt
- Jul 6, 2020
- 1 min
How to Structure a Security Briefing
Security Briefings The five paragraph order technique, also known as SMEAC, is a technique used by many military agencies to deliver a...
2,893 views0 comments
jt
- Jun 29, 2020
- 1 min
What is Expected Monetary Value?
While it is difficult to precisely quantify all loss events, even after they occur (e.g. the event’s impact on your brand), many risks...
130 views0 comments
jt
- Jun 22, 2020
- 1 min
Where to Start with Risk Analysis? Inputs
Inputs to aid risk analysis can include the elements listed below. Note: The grouping (input, process, output, feedback) is purely...
48 views0 comments
jt
- Jun 15, 2020
- 1 min
How Should You Structure Likelihood and Consequence Tables?
There is no single correct way to express likelihood or consequence tables. Each organization needs to consider their context and develop...
347 views0 comments
jt
- Jun 8, 2020
- 3 min
Probability and Modelling Risk Expectancy
Probability of an Event One of the challenges with Security Risk Assessment is the analysis of rare but catastrophic events. Events for...
77 views0 comments
jt
- Jun 1, 2020
- 1 min
What is the Stroud Matrix?
The objective of this tool is to aid discussion and provide an initial categorization of risks into four groups: BUSINESS AS USUAL (BAU):...
217 views0 comments
Julian Talbot
- May 25, 2020
- 3 min
What are Risk Matrices, and Should I Use Them?
Risk matrices are commonly used in many risk management practices. There are a number of issues with risk matrices and overall, I would...
1,314 views0 comments
jt
- May 18, 2020
- 2 min
How Do You Estimate Risk?
Risk is an abstract concept and humans are notoriously bad at predicting it.¹ A 1%chance of an event occurring does not mean that it...
54 views0 comments
jt
- May 11, 2020
- 2 min
How Can We Effectively Use Our Risk Management Findings and Recommendations?
When conducting a security risk assessment, it is important to document some of the key findings as evidence to support the risk register...
30 views0 comments
bottom of page