Category: Risk Management

Risk Rating and Treatments

ISO31000 based risk matrix

Philosophy of Security, part 9 – Risk Management – Risk Rating and Treatments So far we have discussed how to quantify the likelihood of, and the impact arising form an event. In this part I would like to pull it all together and look at how we rate and prioritise risks and also look at …

Continue reading

Consequences and “Risk Appetite”

Philosophy of Security, part 8 – Risk Management – Consequences and “Risk Appetite” So far, looking back at security discussion series in part 7 we took a side trip to explore a different way of looking at vulnerabilities called the Attack Surface. Earlier, in part 5,  we have looked at the overall Risk Management process …

Continue reading

What is an “attack surface”?

Philosophy of Security, part 7 – Risk Management – What is  and “attack surface”? In part 6 we have discussed threats and vulnerabilities, their relationship with each other and with overall idea of risk. This post is a small side trip to explore a related concept. There is  a related concept, that is often used …

Continue reading

Risk Management – Threats and Vulnerabilities

Philosophy of Security, part 6 – Risk Management – Risks: Threats and Vulnerabilities In previous part, Part 5 of this series we discussed the general approaches to Risk Management. In this part I wish to take a closer look at the heart, and technically, the most difficult part of the process – Risk Analysis – …

Continue reading