Threat & Risk Assessment
A Security Threat and Risk Assessment is the overall activity of assessing and reporting security risks for an information system to help make well-informed risk-based decisions. An STRA also documents risk ratings and planned treatments.
The job description of a Threat and Risk Assessment can include the following:
Responsibilities:
- Identify and analyze technical threats to, and vulnerabilities of, networks.
- Identify, contain, and conduct initial mitigations and report system compromises.
- Review, analyze, and/or apply internet security protocols; cryptographic algorithms; directory standards; networking protocols; network hardening; technical IT security controls; IT security tools and techniques; intrusion detection/protection systems; firewalls; router; multiplexers and switches; and wireless devices.
- Analyze security data and provide alerts, advisories, and reports.
- Install, configure, integrate, adjust, operate, monitor performance, and detect faults on security devices and systems.
- Conduct impact analysis for new software implementations, major configuration changes and patch management.
- Troubleshoot security products and incidents.
- Identify the security products and their configuration to meet security-related project objectives.
- Implement and test configuration specifications.
Selection Criteria:
- Often a degree in computer science or computer engineering degree OR College diploma in the IT field with specialization in IT/cyber security, network security, or similar OR equivalent training and experience.
- Industry-level certifications in a related field such as security operations, network security, threat detection and mitigation, and security appliance operations.
- Cybersecurity operations training and experience.
- Experience working in Cyber Threat Intelligence or Cybersecurity Operations functions.
- Experience in developing mitigation and remediation procedures.
- Must have strong analytic, listening, communication, and decision-making skills.