There are nearly as many security risk assessment approaches as there are organizations that perform them. It is not the intent of this book to define the best or only approach for performing security risk assessments. In fact, it seems clear that different approaches to performing a security risk assessment are required for different situations.
Various security risk assessment approaches are discussed here for two reasons. First, it is important to understand the different approaches that have been developed and are currently in use to perform a security risk assessment. Those performing these assessments should always be looking for ways to improve the process through the adoption of new techniques or the modification of current ones. To allow for the process of continuous improvement, those defining and performing security risk assessments must have an understanding of the other approaches currently being used.
Second, various security risk assessment approaches are discussed here to demonstrate the applicability of the advice in this book, regardless of the security risk assessment taken. Most activities described in this book, such as understanding business objectives, gathering data, and conducting interviews, are required in all security risk assessment approaches. However, most other security risk assessment approaches lack a detailed description of the activity and offer little advice on actually performing the task. The reader can use the descriptions and advice in this book to gain a better understanding and more efficient approach to completing his own security risk assessment using nearly any security risk assessment approach.
You will also find specific activities described in detail in this book that are not discussed elsewhere and may not be a part of the current security ...
From The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition by Douglas Landoll. New York: Auerbach Publications, 2011.