The SECTARA Security Risk Assessment Process

There tends to be two prominent schools of thought when it comes to assessing security risk. The first considers the process a function of threat and vulnerability (T x V = R), whereas others adopt the alternative approach of risk being a factor of consequence/impact and likelihood/probability (C/I x L/P = R).

Both approaches observe AS ISO 31000:2018 Risk management – Guidelines as a base, and this is not a critique of either. Each approach has its benefits, and those who wish to demonstrate better-practice would be encouraged to develop a method that blends the best of each. This may be done for a variety of reasons, and as you might expect, using the most effective approach to identify and mitigate intolerable risks would be the primary one.

An obvious benefit in taking such an approach is a defence against liability and/or criticism when something does go wrong, or when external scrutiny is placed on such arrangements for other reasons.

In terms of SECTARA, one theme we regularly hear from subscribers is that the platform is appealing simply because it is logical and based around making the implementation of contemporary security risk practices simple. Indeed, a lot of time and effort was invested in making sure that we accommodated the best of the two mainstream approaches, and this is borne out of our growing list of reviewers on Gartner’s Capterra comparison website.

But the benefits of using SECTARA for security risk assessments/management are much greater than that; some of the key ones are described below.

Methodological Rigour

Assessors are compelled to follow a 5-step, standards-based approach that aligns directly with ISO 31000. Designed for application within the security-domain, it naturally also accommodates asset, threat and risk control/vulnerability examination and assessment processes.

The requirement for these can be found in multiple security-focused standards and guides, including: the Universal Security Management Systems Standard; ISO 27005 Information security risk management, and Handbook 167 – Security risk management. It was also designed to put into practice concepts defined within the Security Risk Management Body of Knowledge (concepts within which have recently been updated via the Security Risk Management Aide Memoire at https://srmam.com).

Productivity Gains

Having a consistent methodology breeds familiarity and confidence in assessment processes, which sees practitioners moving through assessments at an increasing pace.

Augmenting this is the use of assessment libraries, which makes the process of selecting and assessing assets, threats and vulnerabilities/risk controls even faster, and makes it much less likely that some will be overlooked.

Instead of having to rely on judgement only, assessors can apply their experience in the process of converting long-lists into short-listed assessment content. This serves to increase quality, and expanding libraries extend the benefits of this over time.

Flexibility and Control

SECTARA has 5 x role types, which enable Account Administrators maximum flexibility in managing their account. These roles can be used to limit access to certain records, organisations, business units, assessments and other users.

For consultancies, client organisations/business units and assessments can be created within each account; client users can then be assigned to specific entities to manage/view the data. That means that SECTARA can be used to create enduring partnerships with clients, and consultants may establish a retainer-based revenue stream in the process.

The same functionality can be used by corporate users to achieve maximum control over who does what within their organisation and subordinate business units.

These are only a few of the benefits, but they are compelling if you are looking to deliver security risk assessments in a progressive way – one that is genuinely simple and rewarding to use, can offer a return in the consultancy situation, and enables maximum flexibility in how you manage your account.

The 30-second videos and the assessment screenshot below illustrate how each of these benefits are derived.

Methodological Rigour Delivered

Productivity Guaranteed

Flexibility & Control Assured

Sample Assessment Screenshot

How to get started with SECTARA

If you see the same great benefits that we do in SECTARA, there are several methods to get started:

As a valued subscriber, you will be comprehensively supported via our Knowledge Base and Ticketing System, and you can still always contact us direct when you need to.