Threat Risk Assessment (TRA)
Intertek EWA-Canada has long believed that security information needs to be presented in a “business context”, one that is comprehensible by senior management and by operations staff. It is often times a recurring problem that information security people do not understand the business being assessed. It is this problem that the Intertek EWA-Canada approach to requirements analysis, concept definition, protection strategy and security planning attempts to address and it is precisely this problem that our proposed resource team intends to eliminate. It is our assessment that the key criteria that ensures the success of this Service is an understanding of client operations and architecture, the implementation of a comprehensive and traceable process for information asset risk analysis, a detailed understanding of potential threats and architecture vulnerabilities, and a comprehensive understanding of incident reporting and assessment infrastructure and guidelines.
Our approach includes the identification of information assets (both paper and electronic) and the assessment of their sensitivity in accordance with "injury tests" conducted with respect to four criteria: confidentiality; integrity; availability; and replacement cost.
As a proprietary, value-added consideration, Intertek EWA-Canada maintains an extensive library of exploitation and VA tools. Intertek EWA-Canada uses several well-known and capable commercial vulnerability assessment products and a large number of less well-known exploitation tools. Our library includes hundreds of these tools, many of which are in use in the sophisticated part of the hacking community. Intertek EWA-Canada has significant experience in testing security products with these tools.