Case Study: Developing an Application Risk Portfolio Case Study: Developing an Application Risk Portfolio

The risk prioritization of applications for a major financial institution.

Blog Post: Classifying Applications Blog Post: Classifying Applications

Classifying your applications can help in providing input into your asset management process.

Training: Threat Model Express Training: Threat Model Express

This course equips students with the knowledge and techniques required to facilitate a threat model express session, which has lower process overhead than a traditional Threat Model, and is more suitable for agile software development.


Most organizations understand the value of assessing their applications. However, with hundreds of multi-tiered applications under their ownership, they are often overwhelmed with the task of prioritizing these assessments. Where to begin?

Our application risk profiling service enables us to work with your organization's application collection, by leveraging data and asset classification, compliance drivers, and the current threat landscape to derive a prioritized list of high-risk applications. We arm your organization with a repeatable process to profile future applications, which ultimately helps you to focus your security efforts on the most critical applications.

Custom Solution

Security Compass recommends classifying your application landscape according to risk by leveraging our risk profiling service. This set of profiles will help you make informed decisions on where and how to focus your vulnerability assessments and security budget.

Meet Our Experts

  • Nima Dezhkam

    Nima Dezhkam

    Security Consultant

    Before allocating your security assessment budget you need to know which applications to prioritize. Risk profiling enables you to spend wisely.

    Nima brings extensive experience in policy and standard reviews, gap analysis and application and infrastructure security architecture to his clients. Outside his day to day work, Nima co-authored the 2010 Rotman-TELUS Security Study and most recently, was the co-speaker at the 2012 Cancer Care Ontario Seminar where he spoke about Secure Development Practices.


Security Compass consultants triages your application portfolio to derive a set of risk profiles and implement a repeatable risk profiling process for future applications.

Key Business Benefit

  • Gain a more concrete understanding of the risk each application poses to your organization.
  • Inherit a repeatable process that can be applied to profile future applications.
  • Make informed decisions on how to best prioritize application security assessments.


Our consultants leverage their years of hands-on experience in the security industry to derive a customized, repeatable risk profiling system that can be applied to any of your organization's applications.

Learn more