Wednesday, June 23, 2004

Threat and Risk Assessment Working Guide

This post contains information on where to find a sample Threat and Risk Assessment document layout.

In a previous post I introduced readers to the Oracle Applications Implementors Journal at ITtoolbox. I talked about the first post on this blog which related to performing a Threat and Risk Assessment for Oracle Applications (TRA). I subsequently spoke to author of this post and asked if there was anywhere on the Internet where I could find a document layout/template that would assist in the preparation of such an assessment. I was provided with a link to a Threat and Risk Assessment Working Guide where you can download a fairly comprehensive 132 page document. According to the site: -

"This document entitled Threat and Risk Assessment Working Guide
provides guidance to an individual (or a departmental team) carrying out a
Threat and Risk Assessment (TRA) for an existing or proposed IT system. This
document will help determine which critical assets are most at risk within that
system, and leads to recommendations for safeguards that will reduce any risks
to acceptable levels.

By following the guidance given therein, a TRA can be carried out such
that it results in a concise report that:

I am sure the TRA working guide will be useful to any organisation who wants to perform some type of security evaluation on their systems. You will also find other useful IT Security documentation at the Government of Canada’s knowledge centre