Security Encyclopedia

Threat Assessment

A Threat Assessment is a process for evaluating and verifying perceived threats, including assessing their likelihood. In cybersecurity, a threat assessment is usually performed by security risk management and it precedes plans for mitigating threats against the enterprise.

The process of threat assessment begins with the initial assessment of a threat. It is then followed by a review of its seriousness, and creation of plans to address the underlying vulnerability (perhaps by sinkholing or redirecting it). Finally, a followup assessment and plans for mitigation. In the last phase, if threats are both credible and likely, security and risk teams use R-S-I-F indicators in their viability determination: Recency-Severity-Intensity-Frequency.

Threat assessments are normally done for predatory threats, ones that are offensive or targeted ones. This differs from a vulnerability assessment, which deals with affective threats, or ones that measure a target’s own defensive ability to respond to threats against it.


"My company has an all-hands project to conduct a threat assessment to determine whether we're being targeted — with what, by whom, with what severity, and with what frequency. Once we get clarity on this likelihood we'll develop a plan for remediation and response."