The outcome or objective of a threat and risk assessment is to provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability. To best determine the answers to these questions a company or organization can perform a threat and risk assessment. This can be accomplished using either internal or external resources by the help of AKA Government. It is important that the risk assessment be a collaborative process, without the involvement of the various organizational levels the assessment can lead to a costly and ineffective security measure.

The choice between using internal or external resources will depend on the situation at the time. The urgency of the assessment will also help in determining whether to outsource or use internal resources. The external resource should not have a vested interest in the organization and “be free from personal and external constraints which may impair his or her independence.

When your assessment is complete, you’ll be able to understand:

1. Scope
2. Data Collection
3. Analysis of Policies and Procedures
4. Threat Analysis
5. Vulnerability Analysis
6. Correlation and assessment of Risk Acceptability