Assessing Threats To Information Security In Financial Institutions

Threat assessment is an essential component of an information security risk evaluation. In order to prioritize vulnerabilities for remediation and to evaluate existing controls, a thorough understanding of potential threat sources is required. Particularly for financial institutions, this activity is a pre-requisite for a comprehensive information security program and a stated regulatory requirement. This paper explores key issues related to threat assessment, including essential elements, methodologies, and common pitfalls. A recommended approach for completing and documenting this activity is also provided. While the focus of this paper is on financial institutions and related regulatory requirements, the general concepts and the recommended approach for conducting a threat assessment are applicable to other organizations and industries.