Security Assessment

Security Assessments can also be considered as Security Threat and Risk Assessments. A Security Threat and Risk Assessment (STRA) must be conducted when developing, implementing major changes to, or acquiring an information system. The STRA is a component of overall Risk Management. The STRA pertains to information, whereas the Risk Assessment covers all aspects of a project including equipment, funding, resources, etc. Additionally, security assessments across the organization should be conducted regularly.

Control Objective

Assess your organization against a standard. Build/document and execute action items from the assessment.

Resources

Security Threat and Risk Assessments

Security Threat and Risk Assessment Template

Return on Security Investment