Introducing Security Threat Risk Assessments
Safeguarding sensitive information, ensuring the privacy of data, and staying ahead of potential security threats and risks have never been more critical. The Security Threat Risk Assessment (STRA) service, a collaborative effort among Cybersecurity, Safety & Risk Services and Advanced Research Computing, is in its formative phase. We recognize the dynamic nature of the threat environment and are committed to refining our services to continually meet new and evolving security challenges.
As an objective, PrISM SRS is dedicated to enhancing the existing Privacy Impact Assessment (PIA) and the maturing Security Threat Risk Assessment (STRA) process, with the aim to unifying them into a single, integrated service – the Privacy and Information Security Risk Assessment service (PISRA). At present, the PIA intake process overlooks risk assessments for projects devoid of Personal Information (PI), presenting a critical coverage gap. The PISRA service will address this shortfall by evaluating and assessing risks across all information systems, regardless of their PI content.
Your feedback and experience will play a crucial role in shaping the evolution of this service.
What is an STRA?
A Security Threat Risk Assessment (STRA) is a comprehensive evaluation framework that methodically examines cybersecurity practices, identifies risks, analyzes them in depth, reports findings, and suggests mitigation strategies for an information system. This methodology involves a detailed review of your systems, operational procedures, and data management techniques to pinpoint potential threats and vulnerabilities. The results of an STRA integrate evaluations of the likelihood and impact of security risks. Based on these results, it recommends appropriate security measures to address these risks. The findings from an STRA are crucial for making informed risk-based decisions, enhancing awareness of threats, and ensuring accountability for each identified risk.
Are There Costs for an STRA?
The STRA service offered by PrISM SRS is structured as a cost-recovery initiative, and as such, it includes an associated fee. This fee is used to maintain and enhance the service’s quality and ensure its sustainability.
For STRAs for research projects, please refer to Research Cybersecurity and Privacy resources by ARC’s Sensitive Research Team.
How can I Initiate an STRA?
For inquiries about the STRA service, further information, or to initiate an assessment, please submit an STRA Inquiry using the UBC Self-Service Portal. We look forward to collaborating with you on this critical initiative.
For STRAs for research projects, please refer to Research Cybersecurity and Privacy resources by ARC’s Sensitive Research Team or contact them at arc.support@ubc.ca.