Handbook
Track updates
iconCreated with Sketch.

HB 167:2006

[Pending Revision]

Security risk management

Outlines a broad framework and the core elements that should be included in a security risk management process, and is consistent with the risk management principles of AS/NZS 4360: 2004. This Handbook can be used by any size or type of organisation - from large multinationals to small businesses, government agencies and the not-for profit sector.
Published: 21/12/2006
Pages: 159
Table of contents
Cited references
Content history
Table of contents
Header
About this publication
Preface
1 Introduction
1.1 Security Risk Management—A new paradigm
1.2 Security Risk Management approach
1.2.1 The structure of security risk management
1.3 Security risk management and its relationship with risk management
1.4 Security risk management
2 Communicate and consult
2.1 Introduction
2.1.1 Effective communication
2.2 Engagement
2.2.1 Participation
2.2.2 Engagement and participation of senior management
2.2.3 Engagement and participation of staff
2.2.4 Engagement and participation of other stakeholders
2.3 Perception
2.4 Information transfer
2.5 Decision making
2.6 Developing the communications strategy
3 Establish the context
3.1 Introduction
3.2 The external context
3.3 The internal context
3.4 The security risk management context
3.4.1 Finalising the goals and objectives for security risk management
3.5 Determine the process/program structure
3.6 Developing the evaluation criteria
3.7 Developing the business case
4 Identify risk
4.1 Introduction
4.2 Data and information sources
4.2.1 Retrieving data and information
4.2.2 Potential sources of risk
4.3 Conducting the criticality assessment
4.4 Threat assessment
4.4.1 Identifying the threat
4.4.2 Understanding the threat
4.4.3 Measuring the threat
4.4.4 Likelihood of a security threat
4.5 Conducting the vulnerability analysis
4.5.1 Introduction
4.5.2 Assessing the effectiveness of the controls
4.5.3 Approaches to assessment
4.6 Mapping threat, vulnerability and criticality
5 Analyse risk
5.1 Introduction
5.2 Measuring risk
5.2.1 Consequence
5.2.2 Likelihood
5.2.3 Risk rating
6 Evaluate risk
6.1 Introduction
6.2 Tolerance of risk
7 Treat risk
7.1 Introduction
7.2 Developing a treatment plan
7.2.1 Establish treatment objectives
7.2.2 Identify and develop treatment options
7.2.3 Evaluate treatment objectives
7.2.4 Detailed design
7.2.5 Design review
7.2.6 Communicating and implementing
7.3 Conformance vs. Performance
8 Monitor and review
8.1 Introduction
8.2 The elements of ‘monitor and review’
8.3 Monitoring and review practices
8.4 Triggering monitor and review processes
8.5 Post-event analysis and reporting
A
B
C
D
E
F
F1 Business case template
F2 SRM Project management template37
F3 Developing the context template (with some examples)
F4 Information collection worksheet
F5 Criticality and vulnerability assessment worksheet
F6 Threat sources identification and assessment40
F7 Threat assessment worksheet
F8 Security risk assessment worksheet
F9 Strategic security risk management activities plan
F10 Security risk management controls assessment checklist46 (Example 1)
F11 Security survey worksheet (Example 2)
F12 Example treatment plan template
G
H
I
I1 Visibility rating
I2 Vulnerability: Iconic status
I3 Vulnerability: Threat access
I4 Vulnerability: Collateral exposures
I5 Vulnerability: Interdependency demand54
I6 Critical incident management
J
K
L
M
N
O
Cited references in this standard
Content history

One-time Purchase

Access via web browser on any device
One-time purchase
Single publication
Offline access via PDF^

$230.65 AUD

Inclusive of GST
Format *
iconCreated with Sketch.
Web Reader
Licenses *
iconCreated with Sketch.
1 user
Total$230.65 AUD
Add to Cart
IMPORTANT