What is the Adaptive Security Judgement Model (ASJM)?

The Adaptive Security Judgement Model (ASJM) is a decision-centered framework created by Francisco Javier Milian, CPP®, that helps security leaders build and sustain sound judgment under uncertainty, time pressure, and high consequence. It focuses on the seven elements of adaptive judgment that hold when plans stop working.

Who is ASJM designed for?

ASJM is designed for CSOs, CISOs, enterprise risk and resilience leaders, incident and crisis leadership teams, and organizations operating in environments where error carries real consequence.

How is ASJM different from other security frameworks?

ASJM treats security failure as a judgment systems problem, not a communications or compliance problem. Unlike NIST CSF 2.0 or Gartner's Adaptive Security Architecture, ASJM specifically addresses whether an organization can exercise sound judgment and adapt when conditions deviate from plan under real pressure.

What does the ASJM Application Guide include?

The ASJM Application Guide includes a diagnostic companion for each of the seven ASJM elements with reflective questions for team or individual use, guidance on pressure-testing your judgment system before a real event, and analysis of how ASJM fills gaps left by NIST CSF 2.0 and Gartner's Adaptive Security Architecture.

Adaptive Security Judgement Model (ASJM)

A Decision‑Centered Framework for Security Judgement Under Pressure

Security doesn't break down because leaders lack strategy, tools, or policies. It breaks down because judgment does the moment conditions shift and pressure rises. The Adaptive Security Judgment Model (ASJM) exists to change that.

Diagram titled "Adaptive Security Judgement Model (ASJM)" showing 7 connected components: Risk Context, Judgement Triggers, Decision System Design, Leadership Judgement, Team Behavior Under Pressure, Execution in Critical Moments, and Learning.

Formal Definition

The Adaptive Security Judgment Model (ASJM) is a framework for developing and sustaining decision quality in security organizations operating under uncertainty, time pressure, and high consequence, by prioritizing adaptive judgment over static plans.

Why Judgement Matters in Security

Judgment matters in security because real conditions rarely match predefined plans. Threats evolve, signals are incomplete, and decisions must often be made quickly with high stakes. Processes and controls provide structure, but they cannot cover every scenario. Sound judgment allows practitioners to interpret context, weigh risk, and act appropriately when guidance is unclear or outdated. Without it, organizations either hesitate or follow plans that no longer fit the situation, increasing the chance of loss.

What Makes ASJM Different

The Adaptive Security Judgment Model treats security failure as a judgment systems problem, not a technical one.

It answers questions traditional models ignore:

Who truly decides when conditions deviate from plan?
How are risk trade-offs interpreted under stress?
What information actually reaches decision-makers in crisis?
Do teams exercise sound judgment or regress to old habits when pressure spikes?

ASJM is not about "getting buy-in." It is about building judgment capability that survives disruption.

Who ASJM Is For

The Adaptive Security Judgment Model is designed for:

CSOs, CISOs, and security executives
Enterprise risk and resilience leaders
Incident and crisis leadership teams
Organizations operating where error carries real consequence

If your environment demands sound judgment in real time, ASJM belongs in your security strategy.

What the Adaptive Security Judgement Model Delivers

Organizations applying ASJM achieve:

Stronger judgment quality under pressure
Faster, more coherent crisis response
Reduced regression to ineffective habits
Better alignment between risk, strategy, and execution
Security resilience that endures beyond the incident

Most importantly, ASJM builds organizational confidence. The ability to act decisively even when outcomes are uncertain.

Security doesn't fail in planning. It fails the moment judgment does.

Most frameworks tell you what to monitor and control. None of them address whether your organization can actually exercise sound judgment and adapt when it matters most.

The ASJM Application Guide gives you a practical diagnostic for all seven elements of adaptive judgment, so you can identify exactly where your organization will break before a crisis reveals it for you.

What's inside:

A diagnostic companion for each of the 7 ASJM elements with reflective questions built for team conversation or individual self-assessment
How to pressure-test your judgment system before it fails under a real event
How ASJM fills the gaps that NIST CSF 2.0 and Gartner's Adaptive Security Architecture leave unaddressed
The specific conditions, cognitive bias, authority ambiguity, cross-functional breakdown — that collapse security judgment under pressure

Designed for CSOs, CISOs, enterprise risk leaders, and incident teams where error carries real consequence.

A framework built for the moment plans stop working.

Download ASJM Application Guide