Abstract
The security risk management discipline has historically been less developed than safety management systems, but the rapid digitalization of industries creates an urgent need for more proactive approaches. Current methods often rely on outdated lists and paper-based processes, leading to overlooked vulnerabilities and delayed responses to emerging threats. This paper presents a possible enhancement of the existing cyber and physical Security Risk Assessment Methodology (SecRAM). The enhanced SecRAM is currently validated through dedicated exercises and expert input. The approach considers cascading effects for attack and impact propagation, and is embedded within a system framework that recognizes interconnections and dependencies between services, systems, procedures, roles, and functions. With its web-based tool and user-friendly interface, the enhanced SecRAM proves its general applicability and shows potential for broader adoption across sectors, particularly aviation. Future work will focus on integrating automation and AI to improve efficiency and accuracy in risk assessments.