Course 508: Implementing the Harmonized Threat Risk Assessment (HTRA) Methodology

Description

In this 3-day course, you will learn about the Threat Risk Assessment methodology using the ITSG-33 ISSIP and CSE’s new ASTRA tool to help you conduct your assessments. The course will further your knowledge of ITSG-33 in a practical application for any Government IT project.

Objectives

The objectives of this course are to ensure that upon successful completion, the participant will be able to:

  • Describe HTRA activities
  • Situate the HTRA within the ITSG-33 risk management lifecycle process
  • Describe the HTRA activities within the ITSG-33 ISSIP
  • Apply the HTRA activities as part of an IT project that follows the ITSG-33 ISSIP

Target audience

Project/Program Managers, IT Security Designers, Architects, Engineers and Managers

Prerequisites

Course outline and module objectives

  • Module 1: HTRA overview
    • Relate the HTRA to the requirements for the assessment of threats and risks
    • Recognise the structure of the HTRA publication
    • Describe the phases of the HTRA process
  • Module 2: HTRA activities
    • Describe the HTRA activities
    • Apply the HTRA activities for a variety of mandates
  • Module 3: Using the HTRA within ITSG-33 ISSIP
    • Situate the HTRA within the ITSG-33 risk management lifecycle process
    • Situate the HTRA activities within the ITSG-33 ISSIP
    • Describe the adaptations that are recommended to use the HRTA in the ITSG-33 ISSIP
  • Module 4: Practical examples and TRA tool
    • Describe the practical examples for the exercises
    • Use the TRA tool to complete the exercises
  • Module 5: Support project initiation phases
    • Describe the TRA activities of the ISSIP conducted during the following phases of the generic SDLC process:
      • Concept
      • Requirements analysis
    • Complete these activities in an IT project
  • Module 6: Support risk-based design
    • Describe the TRA activities of the ISSIP conducted during the following phases of the generic SDLC process:
      • High-level design
      • Detailed design
    • Complete these activities in an IT project
  • Module 7: Assess residual risks and reporting
    • Describe the TRA activities of the ISSIP conducted during the installation phase of the generic SDLC process
    • Complete these activities in an IT project
Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: