Threat Risk Assessments

Threat Risk Assessments (TRAs) are a well known function in the security world, but often confused in the real world. Largely, I see TRAs associated to IT functions and information management (IM), and not a part of the whole security ecosystem of a business or organization.

This is unfortunate and is largely representative of the sad state of security planning as the TRA should overarch the IT/IM segment of a business and force it to conform to the security plan of the larger organization, rather than be treated as a separate issue.

The TRA is an analysis of the threats faced by an organization or business. This looks at all threats and threat vectors, including online, physical, financial, legal, etc. It then makes a determination of the likelihood of occurring given the current state of the world and the current security capabilities of the client organization. Lastly, it makes an assessment of the degree of harm to the organization should an attack occur.

Essentially, a TRA will allow you to understand what you should be most concerned about which will allow you to use security resources to their best potential, which has the added benefit of saving you money. How? Well, when you go direct to a security company, they will inevitably want to sell you the cadillac of security services. Nothing wrong with that and it is expected, but without actually knowing about your security threats and your own footing, you may buy the Cadillac when you only need the Hyundai and a little knowledge of how to mitigate your threats.

Many individuals offer TRA services, and you should always look to obtain the TRA from someone who is not aligned with the security systems provider. This will ensure you are getting the best information on what you need to protect before you look at the shiny gadgets to buy at a premium.

Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca