Security Compass's Threat and Risk Assessment methodology covers the full spectrum of risk management in the organization, from policies and standards to networks, infrastructure, and applications. Security Compass is ready to perform TRA based on industry's best known standards and methodologies:

  • Information Security Management using ISO 17799 and ISO27001/2
  • Information Security Risk Management using ISO 27005:2011
  • Communication Security Establishment-Royal Canadian Mounted Police (RCMP) Harmonized TRA methodology
  • NIST SP800-30 Risk Management Guide for Information Technology Systems

Security Compass also incorporates in the TRA process, any additional internal or external standards, regulations, legislations, or best practices that the organization needs to adhere to.

According to the client mandates and project requirements, Security Compass is ready to customize the TRA process and execute between a range of light-weight to full spectrum TRA processes.

By completing the TRA process, the client will learn about the real or potential threats that they could expect to affect their assets, as well as the risk and likelihood associated with each threat. The process also assesses the effectiveness of the existing safeguards and the residual risk associated with each asset. In addition, guidelines and recommendations are provided to achieve an acceptable level of risk.

Meet Our Experts

  • Nima Dezhkam

    Nima Dezhkam

    Security Consultant

    Threats can come in many different forms and perspectives. Our unique threat and risk assessment approach ensures various aspects are considered while aligning to standardized methods such as the RCMP Harmonized TRA Methodology.

    Nima brings extensive experience in policy and standard reviews, gap analysis and application and infrastructure security architecture to his clients. Outside his day to day work, Nima co-authored the 2010 Rotman-TELUS Security Study and most recently, was the co-speaker at the 2012 Cancer Care Ontario Seminar where he spoke about Secure Development Practices.


The Threat and Risk Assessment (TRA) service enables organizations to evaluate their information security posture, direct their information security and privacy management, enhance their safeguards, and reduce the overall risk of their organization.

Key Business Benefit

By supporting a wide range of standards and technical assessments, we customize our Threat and Risk Assessment methodology for every single project to uniquely address clients' specific goals and mandates.


Security Compass' team is comprised of experienced software architects and application developers. Our methodology is tried and tested to provide results across multiple industries.

Learn more