Use this blueprint to lay down the foundations for security risk management, including:
- Establishing governance.
- Defining the security risk management process.
- Documenting roles and responsibilities.
- Threat modeling and assessment.
- Recommending risk treatments.
- Integrating security risk into IT and enterprise risk management activities.
