Skip to content

Protective Security Risk Management

Last Updated 19 March 2019

Effective security risk management requires an organisation to have defined governance and oversight of protective security management systems. As risk owners, senior leaders need to be conversant with the key principles of protective security in order to guide their strategic decision-making.

Stakeholder engagement and security risk assessment support effective decision making. This model highlights some key steps that should be taken when considering the wider process of protective security risk management, rather than a specific format for risk assessment itself.


Identify Assets & Systems

1. Identify Assets & Systems

Categorise & Classify

2. Categorise & Classify

Identify Threats

3. Identify Threats

Assess Risk

4. Assess Risk

Build Risk Register

5. Build Risk Register

Protective Security Strategy

6. Protective Security Strategy

Development & Implementation

7. Development & Implementation


8. Review