It has been 5 years since we last updated our risk management guidance, since then a lot has changed in the worlds of global politics, technology, and cyber security.
Our aim is to provide practical advice that is relevant for modern technology systems and services. As always, our guidance is backed by our practical experience of working on the most challenging risk management problems, feedback from users, and expert research from our sociotechnical and risk group.
Some things in the guidance remain unchanged. For example, in order to effectively manage cyber security risk, it is important to use component driven and system driven perspectives on risk, and to make use of a variety of risk management information sources.