COMP 4060

ASSIGNMENT 5

Name: Itesh Nathoo

Student ID: 101398060
HTRA (Harmonized Threat and Risk Assessment)
The Harmonized Threat and Risk Assessment (HTRA) Methodology was developed by the
Royal Canadian Mounted Police (RCMP) and the Communications Security
Establishment Canada (CSEC) to assess and identify risks and threats concerning both
information technology security and physical security.
Numerous risk analysts use the HTRA methodology as a guide to satisfy the needs of the risk
owners. Also, it is simple to integrate the latter with system development life cycles and project
management processes. When managing risks across shared facilities and connected information
technology systems, the usage of common tools can encourage interoperability. This is an
increasingly crucial factor to consider as service delivery responsibilities cross organisational
borders. Finally, objective metrics and analytical reports assist the Management Accountability
Framework to evaluate results and performance, particularly regarding risk management and
accountability, in the spirit of Modern Comptrollership.
As a risk management strategy, the formal HTRA addresses some of the serious security
standard flaws. Any new technology can immediately benefit from an HTRA methodology once
it has been selected. If the instrument is both standard and can be expanded, the study can be
limited to a few problems to produce quick solutions to pressing situations. Most of the time, the
assessment provides a clear, comprehensive explanation for the solutions proposed, assisting in
overcoming opposition to the necessary expenditures.
Why should we use HTRA?
1. It has a standardized approach for identifying, assessing, and managing risks and threats
which allows for consistent and comparable assessments across different operations.
2. HRTA provides a comprehensive evaluation on risks and threats, including physical
security, cyber threats and more which allows an effective risk management.
3. The HRTA is a collaborative process that involves multiple stakeholders, including
experts from various agencies and organizations.
4. Risk-based decision-making: The HRTA enables risk-based decision-making which
allows for more efficient allocation of resources and a more targeted response to potential
risks and threats.
5. It is a dynamic process that is continually reviewed and updated based on changes in the
threat environment and emerging risks.
The "Baseline Cyber Security Controls for Small and Medium Organizations V1.2" is a set
of guidelines created by the Australian Cyber Security Centre (ACSC) to assist small and
medium-sized organizations in improving their cybersecurity posture.
1. The document provides guidance on how to implement each of the Essential Eight
controls, including recommended configuration settings and best practices:
 Application whitelisting
  Patching applications
 Patching operating systems
 Configuring Microsoft Office macro settings
 Restricting administrative privileges
 Multi-factor authentication
 Daily backups
 User education and awareness
2. It includes guidance on establishing a cybersecurity culture, risk management, and
monitoring and continuous improvement.

References:
1. https://www.bdpro.ca/wpcontent/uploads/2012/05/
Harmonized_TRA_Limitations_13Sep2011.pdf
2. https://cyber.gc.ca/sites/default/files/cyber/publications/tra-emr-1-e.pdf