What’s in a Good Security Risk Assessment?

Posted by Konrad Buczynski
On 04/07/2019

If you’ve ever undertaken a security risk assessment (SRA) yourself, you may have wondered whether it was as comprehensive as it could be and if could it withstand serious scrutiny. Part of the notion of completing a diligent risk assessment is to first understand where the rest of the industry is at, so that we […]

Risk Management Frameworks

Posted by Konrad Buczynski
On 27/06/2019

This is a generic (i.e. not security risk-specific) article and is included for its close links to security risk governance. Section 4 of ISO31000 opens with the simple statement that “The success of risk management will depend on the effectiveness of the management framework providing the foundations and arrangements that will embed it throughout the organization […]

10 things to like about the “Universal Security Management System Standard” out of the Netherlands

Posted by Konrad Buczynski
On 11/07/2018

We love security standards – they give us a baseline and enable us to consciously diverge from defined industry practice where it suits us. This morning we became aware of a security standard that looks like it will make for very interesting reading. It seems that the Netherlands are leading the way in enterprise security […]