Threat and Risk Assessments


The cyber threat landscape is constantly changing and evolving. Risks to your organization can come from cyber criminals, hacktivists, state-sponsored actors, and malicious insiders.

Your systems, applications, and networks are constantly being probed by such groups looking for potential weaknesses or gaps in your security posture. What plan do you have to identify and manage these risks before an attacker exploits them? Consider conducting a Threat and Risk Assessment (TRA).



A Threat and Risk Assessment (TRA) is designed to be a foundational aspect of an organization’s risk management program. A TRA consists of the following steps:

  • Identifying and assigning values to critical assets
  • Identifying threats relevant to the identified assets
  • Assessing the likelihood and impact of any identified vulnerabilities
  • Evaluating the overall risk to the identified assets
  • Recommending safeguards to reduce the overall risk

A TRA aims to help you better identify, assess, and manage your information security risks at an enterprise level.



  • Evaluates current policies, procedures, and processes for potential gaps
  • Identifies opportunities for improvement
  • Educates organizational leaders on emerging threats and trends
  • Supports strategic planning activities
  • Enhances risk response capabilities and operational resilience
  • Promotes and communicates risk ownership


Richter’s TRA approach leverages a customized version of the Harmonized Threat and Risk Assessment (HTRA) methodology developed by the Royal Canadian Mounted Police (RCMP) and Communications Security Establishment (CSE).

We work with both business and technical stakeholders to understand your environment, the business impact of any incidents that may impact your environment’s confidentiality, integrity or availability, and the presence (or lack thereof) of any controls/safeguards you have in place.

From there, we provide tailored recommendations to your organization’s size, scope, and maturity to manage any identified risks effectively.