Defining the scope of the threat and risk assessment will be critical for the risk analysis. It will ensure that the project is adequately examined for all necessary risks. This phase will take you through the following activities:
- Identifying relevant data types within scope.
- Identifying corresponding system elements and mapping the two together.
- Defining the organizational risk tolerance level.
Use this phase as part of the full blueprint, Develop and Conduct Threat and Risk Assessments.