Your browser version is outdated. We recommend that you update your browser to the latest version.

Threat and Risk Assessments

We perform detailed and comprehensive Threat and Risk Assessments (TRA) through the application of industry recognized and proven methodologies! We can customize existing TRA methodologies to suite your requirements. 


A Threat and Risk Assessment can be comprised of the following activities: 
Initial Planning: a Threat and Risk Assessment project may take much longer and cost considerably more than necessary to complete without proper planning and preparation. Important inputs may be overlooked, leading to incorrect assumptions and faulty analysis. Essential safeguards may be omitted, leaving employees or assets and related services at risk, while others may be selected inappropriately, thereby imposing needless costs and restrictions on business operations.

TRA Work Plan is used to identify the resources required, assign responsibilities equitably and establish a realistic schedule for TRA activities. The work plan documents all of the aforementioned initial planning activities. Management commitment is established through resource/funding allocation and approval of the actual work plan.

Statement of Sensitivity (SoS) is primarily an asset identification and valuation exercise. The SoS assesses value based on the following minimum criteria: 

  • Confidentiality: ensuring that information is accessible only to those authorized to have access;
  • Integrity: safeguarding the accuracy and completeness of information and processing methods; and
  • Availability: ensuring that authorized users have access to information and associated assets when required.

Threat Assessment identifies potential threats to assets identified in the SoS. A threat is defined as any potential event or act, deliberate, accidental or natural hazard that could cause injury to employees or assets, and thereby affect adversely service delivery.

Vulnerability Assessment identifies potentially exploitable flaws or weakness in a system or application security posture. A vulnerability is defined as an inadequacy related to security that could permit a threat to cause harm to assets.

Risk Analysis determines potential risks to assets based on the analysis of the TA and VA. After consideration of existing and planned safeguards, there is always some level of remaining or “residual” risk. Residual Risk is defined as the risk that remains after safeguards have been selected, approved and implemented.

Risk Treatment Plan provides specific guidance on risk mitigation strategies that can be employed to reduce unacceptable levels of risk.