Threat, Vulnerability, and Risk Assessments
As it applies to IT, risk is "the possibility for loss of availability, integrity, or confidentiality due to exploitation of system vulnerabilities". A risk assessment is the analysis of the likelihood of loss due to a particular threat against a specific asset in relation to any safeguards to mitigate vulnerabilities. Therefore, risk assessments must be part of an ongoing process re-evaluating old vulnerabilities and identifying new ones. Policy and risk management decisions can be implemented only after actual threats and vulnerabilities are understood. Because of the complexity and effort involved in analyzing these multi-dimensional factors, a separate threat assessment is required. Traditionally, threat assessments attempt to determine what threats exist, their likelihood, and the consequences or potential loss.
CygnaCom has many years of experience conducting these assessments.