Difference between revisions of "Threat Assessment Tool"

From wiki
Jump to navigation Jump to search
(Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549...")
Line 21: Line 21:
! style="background: #d7d7d7; color: black" width="25%" scope="col" | [[Threat Assessment Tool]]
! style="background: #d7d7d7; color: black" width="25%" scope="col" | [[Threat Assessment Tool]]
</div></div>{{Delete|reason=Expired Content}}
== Overview ==
[[File:Threat Context Tool Alignment to ITSG-33.PNG|left|thumb|408x408px|Threat Context Tool Alignment to ITSG-33]]
The threat context tool is an instrument meant to be used by security advisors. It should be used to help the security advisor develop a threat view of the department for the purposes of designing secure systems. The results are used to help authorizers decide on threats to counter.
''Note: The term "security advisor" is used to describe an individual or team possessing the broad knowledge and experience required to make and elaborate risk management recommendations to a departmental authorizer.''
As shown on the left, this tool supports departmental risk management. It is used to help develop the threat context section of security control profiles.
The departmental threat context tool is an Excel spreadsheet with embedded functions and macros used to help record and organize threat actor information. It uses ITSG-33 Annex 2, Table 5 as a means of describing threat actors. This table places threat actors into a category from Td1 to Td7. Lead agencies (CSE, CSIS, RCMP, PS, etc.) pay choose to provide threat actor data using categories rather than identifying actors by name. This may assist in keeping the threat context unclassified.
For the purposes of this tool, there are two definitions that need to be understood:
* '''Threat''' - any person, group, force, natural or accidental phenomena, etc. that can act on an information system and cause compromises of confidentiality, integrity, or availability.
* '''Compromise''' - the unauthorized access to, disclosure, destruction, removal, modification, use, or interruption of IT assets, causing a loss of confidentiality, integrity, and/or availability. This loss may lead to the failure of a business activity which may result in injuries to national or non-national interests.
For more information, please read the [[Media:Tool-Threat Assessment.zip|Threat Assessment Tool document and Excel Spreadsheet]].
== Conducting a Departmental Threat Assessment ==
Conducting a Departmental Threat Assessment consists of five steps which you can read about in more detail by expanding each section below:
<div class="toccolours mw-collapsible mw-collapsed" style="width:100%">
'''Step 1: Preparation and Preconditions''' <div class="mw-collapsible-content">
---- {{:Step 1: Preparation and Preconditions}} </div></div><div class="toccolours mw-collapsible mw-collapsed" style="width:100%">
'''Step 2: Characterize the Threat Environment''' <div class="mw-collapsible-content">
----{{:Step 2: Characterize the Threat Environment}}</div></div><div class="toccolours mw-collapsible mw-collapsed" style="width:100%">
'''Step 3: Develop Recommendations''' <div class="mw-collapsible-content">
---- {{:Step 3: Develop Recommendations}} </div></div><div class="toccolours mw-collapsible mw-collapsed" style="width:100%">
'''Step 4: Conduct Decisions Briefing''' <div class="mw-collapsible-content">
---- {{:Step 4: Conduct Decisions Briefing}} </div></div><div class="toccolours mw-collapsible mw-collapsed" style="width:100%">
'''Step 5: Prepare Decisions Report''' <div class="mw-collapsible-content">
---- {{:Step 5: Prepare Decisions Report}} </div></div>
== Conclusion ==
[[File:Threat Assessment Process - Five Major Steps.PNG|thumb|431x431px|Threat Assessment Process - Five Major Steps]]
A departmental threat assessment has '''''five''''' major steps:
# '''Prepare:''' Locate and survey sources of threat information
# '''Characterize:'''
## Identify threat actors, their capability with respect to departmental exposures
## Identify departmental exposures
#'''Recommend:''' Identify threat actors of concern
#'''Brief:''' Provide recommendations to the Authorizer for risk management
#'''Report:''' Record authorizer decisions
A departmental threat assessment provides '''''threat context.''''' Security controls are selected based on threat context. The departmental threat assessment is a '''''threat context''''' at the highest level.
A departmental threat assessment is not a Threat and Risk Assessment. A departmental threat assessment is a tool for making risk decisions - it does not contain risk assessments.
Risk decisions are made by the Authorizer (to counter or not counter threat actors) based on:
* Security Advisor recommendations
* Potential injuries
[[File:Threat Assessment Process - Threat Context.PNG|centre|thumb|Threat Assessment Process - Threat Context]]
For more information, please read the [[Media:Tool-Threat Assessment.zip|Threat Assessment Tool document and Excel Spreadsheet]].
== Threat Assessment Tool ==
* [[Media:Tool-Threat Assessment.zip|Threat Assessment Tool document and Excel Spreadsheet]]
* [[Media:TRA Tool for GC Enterprise Applications.xlsx|TRA Tool for GC Enterprise Applications]]

Latest revision as of 12:40, 20 April 2021