A Threat Risk Assessment (TRA) will identify areas of risk, assess those risks, and identify activities to reduce risks to an acceptable level. The output of this process will be a report that will help identify appropriate controls for reducing / managing risk.
The Process and the ABCs
Our TRA process will start with an onsite consultaion with business owners and/or key personnel folowed by a formal report detailing our findings and recommendations. With a focus on the ABCs of your business' technology needs, we will gather information about your:
Assets include computers, servers, applications, databases, network infrastructure, and external services used to operate your business. The quality, age, warranty status, and overall condition of your IT assets has a big impact on their performance, reliabilty, and overall security. In this section, we will check clients computers, servers, file storage, routers, firewall appliances, network switches, backup devices, printers, scanners, fax machines, and phone systems for their condition, software patch status, firmware versions, and physical security.
Business processes may include how you store digtal information, how backups are performed, how you limit access to your data, and how you train your employees. How you use electronic file systems, CRM applications, and other business databases will be reviewed. We will investigate your business processes to identify IAM measures (Identity and Access Management). We will look at how you perform backups focussing on how they are secured, stored, and verified. We will also look at any training systems that are in place to ensure that employees know how their actions affect the overall security of you assets.
Cyber Security Measures are are identified by things that might affect Confidentiality, Integrity and Availability of information in the organization. Beyond antvirus software and firewalls, we will look at your incident response plan, patch automation, multi-factor authentication, and data encryption measures. In this section we are looking for security measures that you are taking to protect your business' network and information from cyber threats. This includes cyber security awareness training, data classification, privacy measures, MFA aplications, and encryption of critical data.
Following our onsite visit we will provide you with a detailed written report that identifies associated risks, evaluates the level of risk, and recommends the appropriate risk treatment to reduce, remove, or otherwise mitigate each risk. Threat Risk Assessment Report will include: