WELCOME
The Security Risk Management Aide-Memoire (SRMAM) is a short book based on the Security Risk Management Body of Knowledge (SRMBOK) with additional material, new research, and changes to reflect the 2018 ISO31000 Risk Management Standard update. You can read most of the chapters in the blog articles below, plus new material that will form the basis for a second edition in the coming years.
How to Structure a Security Briefing
What is Expected Monetary Value?
Where to Start with Risk Analysis? Inputs
How Should You Structure Likelihood and Consequence Tables?
Probability and Modelling Risk Expectancy
What is the Stroud Matrix?
What are Risk Matrices, and Should I Use Them?
How Do You Estimate Risk?
How Can We Effectively Use Our Risk Management Findings and Recommendations?
What is the Analysis of Competing Hypotheses?
Are Existing Security Management Systems Good Enough?
What is the Admiralty Scale?
What Is Enterprise and Security Risk Management?
What Is the ISO31000 Process?
How Do Intent and Capability Relate to Assessing Threat?
What are Threat Acts and Threat Tolerance?
What Are Threat Actors?
How to Compile a Security Risk Assessment?
How Should We Treat Risks? The Hierarchy of Controls
What are Risk Criteria, Scope and Risk Tolerance?