Our workshops and general advisory on threat analysis and risk assessments are popular among our clients who want independent experts' perspective on security risks and threats.
The first things we usually ask clients before an engagement, are: "what are your most valued assets?"; "what's the worst that could happen?"; and, "who are your threat agents?". Sometimes these can be hard questions to answer, especially when threat assessments and risk analysis are scarce in the organization.
Most of us have a feel for who would want to harm the organization and what events could be catastrophic for the business, but having it documented, communicated and hopefully mitigated is a crucial factor in the organization's resilience against attackers, software bugs and accidents.
It's good practice to be prepared for the worst. With help from our consultants you can get the tools, methodology and mindset to address your threats and risks.
Assess your current information security risks by performing a risk analysis workshop together with our security specialists.
After having set the scope for the workshop, the first step is to list valuable assets and discuss which threat agents are interested in them. Then plausible scenarios are developed, describing adverse events that could cause harm to the organization. Typically, they are linked to the assets and threat agents.
Our approach is seated in a qualitative risk analysis, typically using Crawford slip, Collective Delphi and Nominal Group Technique (NGT).
The workshop can be targeted at an entire organization or a small subsystem
The scope size determines how detailed the analysis will be – the workshop is a start and the purpose is to gain an insight into what areas need most future work.
If you are interested in a more in-depth risk analysis, we can offer that too. We provide risk analysis support on system level using Data Flow Diagrams (DFD) and Microsoft STRIDE methodology. An alternative approach is using the Threat Assessment and Remediation Analysis (TARA), commonly used in automotive.
Contact us for more information on our threat and risk services.