Security // threat & risk assessment and security assessment & authorization
Threat and Risk Assessments
A Threat and Risk Assessment (TRA) is a process for managing the risks by validating existing safeguards, supplementing these safeguards when necessary, and eliminating unnecessary safeguards.
So, whether you are adding new applications or systems to your environment, making modifications to your existing environment, or sharing information with new partners, a TRA will determine the risks to your business and provide strategies to mitigate those risks.
Security Assessment and authorization
The Communications Security Establishment of Canada (CSE) has created a new model for risk analysis by moving away from the traditional Certification & Accreditation (C&A) approach to a Security Assessment & Authorization (SA&A) model: a more real-time, dynamic view of risk.
Many organizations understand the security of their information systems but don't have the extra resources necessary to analyze, review, and document their systems for SA&A. Whether you require assistance in setting up an SA&A program or enhancing an established program, TRM will work with your existing staff to help you accomplish your SA&A objectives.
TRM supports all aspects of the SA&A model and brings unique methodologies to each engagement, helping organizations assess their systems' security posture and make appropriate authorization decisions. TRM supports public and private sector implementation of the SA&A model by providing these key services:
- Threat Modeling
- Security Requirements Analysis
- Security Architecture and Design Review
- Application Security Code Reviews & Penetration Testing
- Social Engineering & Enterprise Security Program Assessments