ADDRESS

14 Erb St. W.

Waterloo, ON   N2L 1S7

FOLLOW US

© 2019 by Data Perceptions Inc.

Threat Risk Assessment

The standardized Threat Risk Assessments (TRA) process will identify areas of risk, assess those risks, and identify activities to reduce risks to an acceptable level. The output of this process will help identify appropriate controls for reducing / managing risk.

Data Perceptions’ TRA process will lead your organization’s key information security stakeholders in workshops to identify assets and their assigned owners which might affect Confidentiality, Integrity and Availability of information in the organization.

 

Assets can include applications, databases, infrastructure, and external services/outsourced processes. Associated risks will be identified, analyzed, and evaluated and the appropriate risk treatment will be applied to reduce, remove, or otherwise mitigate each risk.

 

A treatment plan will be developed which will outline the risk criteria, analysis, treatments, and who is accountable for the mitigation steps.

Data Perceptions’ Risk Register & Threat Risk Assessment Report will include:

  • Identification of potential threats and vulnerabilities and reasonably anticipated threats.

  • Classification of the likelihood and potential impact of threat occurrence.

  • Recommendations for remediation action plans that ranks threats and deficiencies in order of importance.

  • Gap Analysis Report.

A risk assessment framework is used to assist the organization in integrating risk management into significant activities and functions. The effectiveness of the risk assessment will depend on its integration into the governance of the organization, including decision-making. This requires support from stakeholders, particularly top management.

To the Right is an illustration of the components of a TRA framework.

1. Identify Your Information Assets

  • Assets that are valuable to the business such as infrastructure, applications, databases and people via interview process. 

 

2. Identify the Asset Owners (Responsible)

  • Who within the business is owner of the assets? (we would interview Finance, HR, Dev, IT) 

3. Identify Risks to Confidentiality, Integrity, and Availability (CIA) of the Assets

 

4. Identify the Risk Owners (Accountable)

  •  Would be someone who can do something about the risk. (Upper Management)

 

5.    Analyze the Risks 

  • Impact if the Risk Were to Materialize.

  • Risk Score Chart

6. Identify the Level of Risks

  • Identify vulnerabilities (Internal, in your control) and threats (External).

7. Prioritize the Risk Treatment

  • Risk Mitigation, Risk Acceptance, Risk Avoidance, Risk Transfer.

Data Perceptions Logo

IT Security Assessment

Information Security and Operations Scorecard

 
 
 
 

Recent Security Related Articles

Cyber Security: 

Locking the Door is Not Enough

Cyber Hacker_sq sm

Organizations need to go beyond prevention techniques and invest in detection & response capabilities.

 

Most enterprises have long been focused on preventing the bad guys from getting in to their networks and systems.

 

Historically, the especially security conscious enterprises -- ones that understood their organizations were ....more

  • White Facebook Icon
  • White LinkedIn Icon
  • White Twitter Icon