- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
An Overview of Threat and Risk Assessment
- Abstract
- The purpose of this document is to provide an overview of the process involved in performing a threat and risk assessment. There are many methodologies that exist today on how to perform a risk and threat assessment. There are some that are "open-source" and those that are proprietary; however, they all try to answer the following questions. 1) What needs to be protected? 2) Who/What are the threats and vulnerabilities? 3) What are the implications if they were damaged or lost? 4) What is the value to the organization? 5) What can be done to minimize exposure to the loss or damage?