It is not possible to mitigate a threat or risk unless it has been identified. We undertake Threat and Risk Assessments so that we can identify and categorize our client’s threats and risks. This process allows us to map the results onto a Risk Impact-Likelihood Matrix, which provides a basis for determining necessary mitigation measures.
Threat Identification – Initially, we consider the security threats which may have strategic, operational and commercial consequences.
Risk Identification – We use a “’Menu of Risks” as a prompt to help identify the threats.
Risk Impact-Likelihood Matrix – We map each risk onto a Risk Impact-Likelihood Matrix to prioritize the identified risks. The matrix is used as an aid to continuously monitor security threats.