Threat / Risk Assessment

Assessments should be mandated for all systems, address critical systems first, working through less critical systems, assess new systems during development.

Benefits: Threat Risk Assessments detect security gaps, providing the opportunity to respond via mitigation strategies that prevent future incidents.