A Threat and Risk Assessment (TRA) is the process of managing risk by confirming the appropriateness of current standards, supplementing these standards where necessary, and eliminating unnecessary expenditures and administrative barriers.
Risk management is an iterative process, which ensures that reasonable and cost effective steps are taken to protect business operations and related systems.
Managing a security risk means defining what that risk is, assessing the relative magnitude of risk, identifying the casual factors, and determining what to do about the risk. Options for managing risk include reduction, transfer, avoidance and acceptance. An informed decision on the best option(s) to manage a risk can only be made if a TRA is completed.
A TRA involves a minimum of five steps as follows:
- Planning Stage – The first step is the requirement for stakeholders to work in cooperation with the assessment team to clearly identify the aim and scope of the TRA. At this time the team is provided with all reference materials and information necessary for the completion of the task.
- Preparation Stage – The second step consists of the team identifying what needs to be protected, by completing an inventory of assets and assessing their worth. The team at this time will also complete a statement of sensitivity that identifies the confidentiality, integrity and availability requirements of these assets.
- Threat Assessment Stage – The third step consists of the team identifying potential and real threats to the involved infrastructure or process. Pertinent threat information is obtained from multiple sources. The key identified components at this stage are threat identification and threat likelihood.
- Risk Assessment Stage – The fourth step involves the production of the assessment of risk, based on the adequacy of existing or proposed safeguards to protect the assets against the threats identified in steps two and three. During this stage the identification and evaluation of vulnerabilities and the risk analysis take place.
- Recommendation Stage – The fifth step involves the formation of detailed recommendations based on the conclusions of the risk analysis. This stage will also detail the addition, modification or removal of safeguards for the purpose of reducing risk to an acceptable level. These recommendations will also identify residual risks remaining after implementation of the proposals.
Price-Langevin and Associates Inc. is uniquely qualified to provide detailed Threat and Risk Analysis Services to business operations.