top of page
jt

The Risk Management Continuum

Updated: Sep 7, 2022

When risk assessments get too complex or time-consuming, it is usually because the wrong tool is being applied to the job. As security risk professionals, we need a range of tools to suit the size of the task at hand.


Here are a few examples of what that might look like when increasing the level of complexity.

  • TAKE 2 - Simply take 2 minutes to think before undertaking a potentially risky behavior, such as walking down a dark alleyway or pressing ’Send’ on that email

  • STEP BACK 5 x 5 - Physically or mentally, step back 5 meters and take 5 minutes to discuss what could go wrong with, for example, this server patch upload or business trip.

  • JOB HAZARD ANALYSIS (JHA) - a structured one-page analysis tool that breaks down the activity into a series of steps and considers the risks and potential mitigations involved in each task or activity.

  • PROJECT RISK PLAN - involves more complex risk modeling, such as Monte Carlo simulations and formal risk registers.

  • DETAILED RISK ASSESSMENT - refers to a formal documented process of developing a risk register and risk treatment plan (e.g., as per ISO31000)

  • COMPLEX RISK ASSESSMENTS - are resource-intensive and only warranted for significant high-risk activities and enterprise risk assessments.



Risk Management Continuum according to Julian Talbot
The Risk Management Continuum

513 views1 comment

Recent Posts

See All

1 commento


Ari Yacianci
Ari Yacianci
20 dic 2022

Great article with simple explanations. Thank you!

Mi piace
bottom of page