A day in the life of an Oracle Applications Consultant

Threat and Risk Assessment Working Guide

This post contains information on where to find a sample Threat and Risk Assessment document layout.

In a previous post I introduced readers to the Oracle Applications Implementors Journal at ITtoolbox. I talked about the first post on this blog which related to performing a Threat and Risk Assessment for Oracle Applications (TRA). I subsequently spoke to author of this post and asked if there was anywhere on the Internet where I could find a document layout/template that would assist in the preparation of such an assessment. I was provided with a link to a Threat and Risk Assessment Working Guide where you can download a fairly comprehensive 132 page document. According to the site: -

"This document entitled Threat and Risk Assessment Working Guide
provides guidance to an individual (or a departmental team) carrying out a
Threat and Risk Assessment (TRA) for an existing or proposed IT system. This
document will help determine which critical assets are most at risk within that
system, and leads to recommendations for safeguards that will reduce any risks
to acceptable levels.

By following the guidance given therein, a TRA can be carried out such
that it results in a concise report that:

  • defines the IT system under assessment;

  • states the aim of the assessment, along with the desired security level to be attained;

  • identifies potentially vulnerable parts of the system;

  • states the potential impacts of successful threat events on: the IT system; the business functions that the IT system supports; and the applications used carry out the business functions, in terms of confidentiality, integrity and availability; and

  • provides recommendations that would lower the risks to acceptable levels".
  • I am sure the TRA working guide will be useful to any organisation who wants to perform some type of security evaluation on their systems. You will also find other useful IT Security documentation at the Government of Canada’s knowledge centre

    Posted by Richard Byrom on 06/23 at 09:12 PM

    Add Comment Information Here

    Please note that comments will only be accepted from valid members of this site who provide feedback that is beneficial to readers of the blog. ALL comments (even those from members) will be subject to moderation.


    Notify me of follow-up comments?

    Submit the word you see below: