| Risk Assessment An asset is said to be at risk when a threat agent (hacker, disgruntled employee, system user, natural event, structural failure, etc.) has the ability to exploit an asset's vulnerability. It is widely recognized that attempting to completely remove a threat agent or vulnerability is impossible for many risk scenarios. Therefore, some form of risk assessment must be undertaken to characterize the risk environment. Risk assessments vary based on the system's lifecycle. Early stage system development requires analytical threat and vulnerability risk assessment. Implementation and integration of sub-systems require security testing and risk scenario hypotheses. Initial and on-going operational stage requires actual threat-vulnerability pairings. SPI – Security Solutions provides risk assessments at all stages of a system development and implementation. |