Threat & Risk Assessments

A Threat and Risk Assessment (TRA) is a formalized process used to determine the risks to Information Technology (IT) assets and provide recommendations to lower the risks to acceptable levels.  Specifically, a TRA includes the following:

• a Statement of Sensitivity (SOS) to identify and categorize relevant assets according to their confidentiality, integrity and availability values based upon the injuries that may reasonably be expected in the event of a compromise;
• an identification of deliberate threats, accidents and natural hazards that might affect these assets adversely with an analysis of the likelihood of occurrence and gravity of impact;
• an assessment of current vulnerabilities, based on an evaluation of existing or proposed security measures and their adequacy;
• an analysis of residual risks for each asset which is vulnerable to specific threats; and,
• where assessed residual risks exceed the (low or medium) level, a list of recommendations proposing additional safeguards to achieve a (low or medium) target risk level with an assessment of their effectiveness and cost.

Cistel follows the Government of Canada’s Harmonized Threat and Risk Assessment (HTRA) Methodology in conducting this type of work.

For more information, please click here.