Threat Assessment Tool

Revision as of 08:36, 14 April 2021 by Greggory.elton (talk | contribs) (Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Overview

File:Threat Context Tool Alignment to ITSG-33.PNG
Threat Context Tool Alignment to ITSG-33

The threat context tool is an instrument meant to be used by security advisors. It should be used to help the security advisor develop a threat view of the department for the purposes of designing secure systems. The results are used to help authorizers decide on threats to counter.

Note: The term "security advisor" is used to describe an individual or team possessing the broad knowledge and experience required to make and elaborate risk management recommendations to a departmental authorizer.

As shown on the left, this tool supports departmental risk management. It is used to help develop the threat context section of security control profiles.

The departmental threat context tool is an Excel spreadsheet with embedded functions and macros used to help record and organize threat actor information. It uses ITSG-33 Annex 2, Table 5 as a means of describing threat actors. This table places threat actors into a category from Td1 to Td7. Lead agencies (CSE, CSIS, RCMP, PS, etc.) pay choose to provide threat actor data using categories rather than identifying actors by name. This may assist in keeping the threat context unclassified.

For the purposes of this tool, there are two definitions that need to be understood:

  • Threat - any person, group, force, natural or accidental phenomena, etc. that can act on an information system and cause compromises of confidentiality, integrity, or availability.
  • Compromise - the unauthorized access to, disclosure, destruction, removal, modification, use, or interruption of IT assets, causing a loss of confidentiality, integrity, and/or availability. This loss may lead to the failure of a business activity which may result in injuries to national or non-national interests.


For more information, please read the Threat Assessment Tool document and Excel Spreadsheet.


Conducting a Departmental Threat Assessment

Conducting a Departmental Threat Assessment consists of five steps which you can read about in more detail by expanding each section below:


Step 1: Preparation and Preconditions
Step 2: Characterize the Threat Environment
Step 3: Develop Recommendations
Step 4: Conduct Decisions Briefing
Step 5: Prepare Decisions Report


Conclusion

File:Threat Assessment Process - Five Major Steps.PNG
Threat Assessment Process - Five Major Steps

A departmental threat assessment has five major steps:

  1. Prepare: Locate and survey sources of threat information
  2. Characterize:
    1. Identify threat actors, their capability with respect to departmental exposures
    2. Identify departmental exposures
  3. Recommend: Identify threat actors of concern
  4. Brief: Provide recommendations to the Authorizer for risk management
  5. Report: Record authorizer decisions

A departmental threat assessment provides threat context. Security controls are selected based on threat context. The departmental threat assessment is a threat context at the highest level.

A departmental threat assessment is not a Threat and Risk Assessment. A departmental threat assessment is a tool for making risk decisions - it does not contain risk assessments.

Risk decisions are made by the Authorizer (to counter or not counter threat actors) based on:

  • Security Advisor recommendations
  • Potential injuries
File:Threat Assessment Process - Threat Context.PNG
Threat Assessment Process - Threat Context


For more information, please read the Threat Assessment Tool document and Excel Spreadsheet.


Threat Assessment Tool