iSecurity has extensive expertise conducting enterprise wide and system specific Threat Risk Assessments (TRAs) and application and web penetration testing. Moreover, our comprehensive TRA methodology will ensure that your application, network, and computing infrastructure are thoroughly scrutinized in order to reduce risk and exposure.

iSecurity Consulting will follow a TRA methodology based on a simplified and customized version of the CSE-RCMP Harmonized TRA methodology.

Other methodologies and standards that will be used in this engagement include:

  • Government of Ontario MGS TRA methodology
  • ISO/IEC 27005:2008 Information technology — Security techniques — Information security risk management
  • ISO/IEC 27799:2008 Health informatics — Information security management in health using ISO/IEC 27002
  • NIST SP800-30 Risk Management Guide for Information Technology Systems

In order to conduct the TRA assessment, iSecurity Consulting uses the following framework:

Figure 1: Threat and Risk Assessment Process


The assessment will based on the methodology defined by the Government of Ontario Ministry of Government Services (MGS) Privacy Impact Assessment Guidelines which requires that a PIA be completed on any initiative that involves a substantive change to the collection, use or disclosure of personal information. This includes, for example, the creation or modification of databases, identification or authentication schemes; changes to program delivery mechanisms that may modify existing masking of information, or the use of ‘smart cards’. The Guidelines also set out a framework for PIAs.

Below is a high-level PIA Process and methodology:

Figure 2: Privacy Impact Assessment Process

Other international standards will be used such as:

  • ISO/IEC 27799:2008 Health informatics — Information security management in health using
  • COACH Guidelines for the protection of health information, 2009
  • ISO/IEC 22307:2008 Financial services — Privacy impact assessment