With the scope already defined, a risk assessment can effectively occur to examine the frequency and impact of various threats to the organization. It will also mean a closer look at how mitigating controls are preventing any existing risks. This phase will take you through the following activities:
- Defining frequency and impact for the company.
- Identifying risks using STRIDE.
- Determining risk actions currently being taken.
- Mapping existing security countermeasures to the risks.
- Reviewing final results of the risk assessment.
Use this phase as part of the full blueprint, Develop and Conduct Threat and Risk Assessments.