Threat and Risk Assessments

The cyber threat landscape is constantly changing and evolving. Risks to your organization can come from a variety of places – cyber criminals, hacktivists, state sponsored actors, and malicious insiders.

Your systems, applications, and networks are constantly being probed by such groups looking for potential weaknesses or gaps in your security posture. What plan do you have in place to identify and manage these risks before an attacker exploits them?


What Is a Threat and Risk Assessment?

A Threat and Risk Assessment (TRA) is designed to act as a foundational aspect of an organization’s risk management program. A TRA consists of the following steps:

  • Identifying and assigning values to critical assets
  • Identifying threats relevant to the identified assets
  • Assessing the likelihood and impact of any identified vulnerabilities
  • Assessing the overall risk to the identified assets
  • Recommending safeguards to reduce the overall risk

The objective of a TRA is to help you better identify, assess, and manage your information security risks at an enterprise level.


  • Evaluates current policies, procedures, and processes for potential gaps
  • Identifies opportunities for improvement
  • Educates organizational leaders on emerging threats and trends
  • Supports strategic planning activities
  • Enhances risk response capabilities and operational resilience
  • Promotes and communicates risk ownership

Richter’s Approach

Richter’s TRA approach leverages a customized version of the Harmonized Threat and Risk Assessment (HTRA) methodology developed by the Royal Canadian Mounted Policy (RCMP) and Communications Security Establishment (CSE).

We work with both business and technical stakeholders to understand your environment, the business impact of any incidents that may impact the confidentiality, integrity or availability of your environment, and the presence (or lack thereof) of any controls/safeguards you have in place.

From there, we provide tailored recommendations to the size, scope, and maturity of your organization to effectively manage any identified risks.