Detailed Logical Evaluation
More detailed logical evaluation of a clients residual risk exposure compared to their identified risk threshold.
A Threat and Risk Assessment analyzes a software system for vulnerabilities, examines potential threats associated with those vulnerabilities, and evaluates the resulting security risks. A vulnerability is any “flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised and result in a security breach or a violation of the system's security policy” . The level of threat is determined from the potential for any natural, human or environmental source to trigger or exploit any identified vulnerability. The risk assessment looks at both the probability of that threat occurring, and the impact on both system and organization should it occur. An appropriate strategy can then be formulated for each risk depending on severity.
Client Outcomes/Benefits
Provide a methodical assessment of asset sensitivity vs threat, probability and residual risk exposure.