What is the Analysis of Competing Hypotheses?
Analysis of competing hypotheses¹ (ACH) is a process whereby you identify a set of hypotheses, systematically evaluate data that is...
top of page
WELCOME
The Security Risk Management Aide-Memoire (SRMAM) is a short book based on the Security Risk Management Body of Knowledge (SRMBOK) with additional material, new research, and changes to reflect the 2018 ISO31000 Risk Management Standard update. You can read most of the chapters in the blog articles below, plus new material that will form the basis for a second edition in the coming years.
Search
jt
- Apr 27, 2020
- 2 min
Are Existing Security Management Systems Good Enough?
Adequacy of Existing Controls The ‘adequacy’ score is intended to provide an insight into the operational effectiveness of existing...
1,304 views0 comments
jt
- Apr 20, 2020
- 2 min
What is the Admiralty Scale?
The Admiralty System or NATO System is a method for evaluating collected items of intelligence. It consists of a two-character notation,...
8,268 views0 comments
jt
- Apr 13, 2020
- 2 min
What Is Enterprise and Security Risk Management?
Enterprise security risk management (ESRM) includes the methods and processes to manage security risks and realize opportunities related...
63 views0 comments
jt
- Mar 30, 2020
- 1 min
What Is the ISO31000 Process?
ISO31000 Process The key stages of the security risk management process (as per ISO31000:2018) are: Scope, Context, and Criteria Risk...
220 views0 comments
jt
- Mar 16, 2020
- 2 min
How Do Intent and Capability Relate to Assessing Threat?
Intent & Capability Threat can be evaluated as a combination of Intent & Capability. Intent and Capability both comprise other elements...
3,216 views0 comments
Julian Talbot
- Mar 9, 2020
- 1 min
What are Threat Acts and Threat Tolerance?
Threat tolerance can be a very subjective thing but there are some ways to make it more consistent.
80 views0 comments
Julian Talbot
- Mar 2, 2020
- 1 min
What Are Threat Actors?
A threat actor is a participant in an action or process. But what is the difference between a hazard and a threat?
87 views0 comments
jt
- Feb 24, 2020
- 1 min
How to Compile a Security Risk Assessment?
SRA and ISO31000 There are many ways to conduct a Security Risk Assessment (SRA). The graphics below are adapted from ISO31000:2018 Risk...
159 views0 comments
Julian Talbot
- Feb 17, 2020
- 1 min
How Should We Treat Risks? The Hierarchy of Controls
The hierarchy of controls is based on the concept that not all risk treatments are equally effective. For example a handrail at the top...
215 views0 comments
Julian Talbot
- Feb 10, 2020
- 1 min
What are Risk Criteria, Scope and Risk Tolerance?
How to set risk criteria, scope and tolerances without all the jargon.
4,077 views0 comments
Julian Talbot
- Feb 3, 2020
- 1 min
How Can We Use Context to Inform Risk Management?
What to include when setting the context for a risk assessment.
58 views0 comments
jt
- Jan 27, 2020
- 2 min
How to Write a Risk Statement
Elements of a Risk Statement It may be helpful to build lists of assets that could be affected. These are potential Sources, Events,...
464 views0 comments
jt
- Jan 20, 2020
- 1 min
Swiss Cheese Risk Visualization
Swiss-Cheese is a concept that for an event to occur, a number of ‘holes’ have to align in the barriers that are in place.¹ ¹ Reason,...
205 views0 comments
Julian Talbot
- Jan 13, 2020
- 1 min
Strategies for Identifying Risks
Techniques for identifying risks include: Incident Report Analysis Documentation Reviews Brainstorming Delphi Technique Red Teaming...
83 views0 comments
Julian Talbot
- Jan 6, 2020
- 1 min
Categorizing Assets for Risk Management
Resources and assets can be categorized and defined to suit the organization’s requirements. Asset Groups Employees & Contractors...
49 views0 comments
Julian Talbot
- Dec 30, 2019
- 1 min
What Is the Root Cause of the Risk?
Root cause analysis is core to managing risk.
1,033 views0 comments
Julian Talbot
- Dec 23, 2019
- 1 min
P2R2 - Prevent, Prepare, Respond and Recover
P2R2 stands for Prevent, Prepare, Respond, and Recover.
31 views1 comment
Julian Talbot
- Dec 16, 2019
- 1 min
How Do We Analyze and Describe Risk?
Many pages of the book and this website are dedicated to risk analysis but, at an introductory level, for the moment, lets just say that...
41 views0 comments
Julian Talbot
- Nov 22, 2019
- 4 min
Security Risk Assessment in a nutshell
A framework to integrate the various models for security risk assessment into a single diagram. From ISO31000 to CARVER they are all here.
703 views0 comments
bottom of page