iSecurity has extensive expertise conducting enterprise wide and system specific Threat Risk Assessments (TRAs) and application and web penetration testing. Moreover, our comprehensive TRA methodology will ensure that your application, network, and computing infrastructure are thoroughly scrutinized in order to reduce risk and exposure.
iSecurity Consulting will follow a TRA methodology based on a simplified and customized version of the CSE-RCMP Harmonized TRA methodology.
Other methodologies and standards that will be used in this engagement include:
- Government of Ontario MGS TRA methodology
- ISO/IEC 27005:2008 Information technology — Security techniques — Information security risk management
- ISO/IEC 27799:2008 Health informatics — Information security management in health using ISO/IEC 27002
- NIST SP800-30 Risk Management Guide for Information Technology Systems
In order to conduct the TRA assessment, iSecurity Consulting uses the following framework:
Figure 1: Threat and Risk Assessment Process