Advanced and Intuitive Methodologies

When arguing the case for change, one of the best ways to gain the buy in of stakeholders is to clearly articulate the method you used in describing the results. In relation to security risk assessments, an advanced and intuitive software methodology is now possible, thanks to SECTARA. As the official companion to the Security Risk Management Aide Memoire (SRM-AM), the next development along from Security Risk Management Body of Knowledge (SRMBoK) by Julian Talbot, SECTARA is one of the most highly regarded traditional and information security risk assessment tools available.

The Security Methodologies Problem

Expectations require all practitioners to continually evolve their methods as more credible approaches emerge. In security, many still rely on the standardised ISO 31000– Risk management approach for conducting security risk assessments.

While the standard represents the keystone for risk management, one of the key problems using it is that it requires stakeholders to take a leap of faith in assuming that assets, threats, vulnerabilities and controls have been considered in a meaningful way.

There are numerous security risk-related standards available, most of which account for ISO 31000 requirements, but also extend to account for these additional aspects of security.

Why the Methodologies Problem Exists

The appeal of continually improved services in any industry is not new, and this is no different in relation to how security professionals go about preparing security risk assessments. The challenge of course is to raise collective awareness to such methods, such that practices across the industry are improved.

There are also variations in the quality and competency of practitioners. This means that some remain comfortable with a more general ISO 31000 assessment process, rather than one that extends to consideration of the additional/sub-elements related to security.

A key challenge then is to make the assessment process as simple as possible while ensuring that the method is credible, and ideally advanced.

Key SECTARA Methodological Benefits

In combining ISO 31000 and the multiple mainstream security risk standards into a single platform, in a step-by-step risk assessment process, SECTARA’s security risk register software appeal is significant.

Practitioners with minimal experience in conducting security risk assessments can achieve major advancements in the maturity of their reports, which instils confidence in their ability and demands the attention of stakeholders.

How you benefit from SECTARA

Consistent adherence to industry standards, detailed examination of assets, threats, controls, risks and treatments, and logically presented findings are key benefits.

More advanced practitioners will also appreciate this degree of rigour and will save significant time by avoiding the need for ongoing methodological quality assurance. But so too will those who are still learning advanced techniques, and would very much appreciate access to traditional and information security risk assessment tools.

How to get started with SECTARA

If you see the same great benefits that we do in SECTARA, there are several methods to get started:

As a valued subscriber, you will be comprehensively supported via our Ticketing Systemand Knowledge Base, and you can still always contact us direct when you need to.

We look forward to seeing you on SECTARA!