IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

CSE logo
Information Technology Security
blank space

Threat and Risk Assessment Working Guide

This document entitled Threat and Risk Assessment Working Guide provides guidance to an individual (or a departmental team) carrying out a Threat and Risk Assessment (TRA) for an existing or proposed IT system. This document will help determine which critical assets are most at risk within that system, and leads to recommendations for safeguards that will reduce any risks to acceptable levels. By following the guidance given therein, a TRA can be carried out such that it results in a concise report that:

  • defines the IT system under assessment;
  • states the aim of the assessment, along with the desired security level to be attained;
  • identifies potentially vulnerable parts of the system;
  • states the potential impacts of successful threat events on: the IT system; the business functions that the IT system supports; and the applications used to carry out the business functions, in terms of confidentiality, integrity and availability; and
  • provides recommendations that would lower the risks to acceptable levels.

    ITSG-04 (PDF format)

Source Communications Security Establishment