AdobeStock_177663387.jpeg
  • Thomas Jreige

Threat and Risk Assessment What?

Updated: Jul 10

We offer an essential service at Cyber Cerberus known as a Threat and Risk Assessment (TRA). Unless you have been exposed to this type of assessment, it can be daunting and more to the point; what the hell is that?


 


 

When asked what we do at Cyber Cerberus, we respond, “Helping business owners sleep at night by supporting and managing digital risk around people, process and technology.” Sounds intriguing, but we then get asked how we do that.


One of the critical services we offer is a Threat and Risk Assessment, where we assess the current risk posture of your digital environment against the risk appetite (or maximum tolerable risk) you have as a business owner. What is this risk posture you speak of? The risk posture is the overall status of how well you protect your organisation. Your risk appetite is how much risk you are willing to accept before your business is severely impacted.


Many businesses audit. Auditing is the job of a “Good guy”, using a list of requirements to test the digital environment, whether it is COMPLIANT or not to a particular standard — essentially a checklist. But is that enough for the IT environment? The “bad guys” don’t tend to play by these same rules or use audit sheets. We have worked with several organisations where IT Security auditing has been performed, and the organisation was still compromised not long after the audit was completed.


There are four (4) key questions we help businesses answer through a threat and risk assessment:

  1. What do you have to lose concerning information and data in the organisation?

  2. Who will want to take this information and data from you?

  3. How are they going to achieve that?

  4. What will it cost you if it happens, and what is the liability?

We conduct Threat and Risk Assessments to emulate the “bad guys” and identify all the key areas where this “bad guy” would want to compromise your organisation. It involves four (4) key tasks as part of the assessment:

  • Developing scope and context — Context is always “KING.”

  • Speak with people in the organisation about understanding the critical question, “What keeps you up at night?”

  • Conduct the assessment.

  • Provide you with a remediation plan and roadmap to increase the risk posture for your organisation.

It is highly recommended that these assessments be performed independently of your IT service provider or department. An organisation that is trained and dedicated to constant education and developing intelligence on how the bad guys are constantly evolving in the digital world.


The critical point is that the bad guys don’t live or work by the rules. Their goal is to perform the task they have at hand, compromise your business and take something of value. This may be worth something to you (e.g. the livelihood of your business) or even someone else (e.g. a company seeking a competitive advantage). They are relentless and are well resourced!


Suppose you cannot answer the four (4) questions above? In that case, Cyber Cerberus offers a 1-hour complimentary consultation to discuss your business, the current risk/s and concerns, and identify opportunities to improve the risk posture for your organisation.


Please feel free to contact us at hello@cybercerberus.com and remember to visit our website at www.cybercerberus.com. Send us an email including your first name, last name and email address if you would like to be included on our mailing list.

We look forward to hearing from you soon.