Open the app Sign in Start free

CRISC - Risk Assessment - Section 2.2

Analyse the threat landscape and apply threat modelling to identify IT risk.

Analyse the current threat landscape by categorising threat sources and mapping attack vectors to organisational assets. Apply threat modelling to structure this analysis so that the highest-priority IT risks are surfaced for assessment.

Threat landscapeThreat modellingThreat sourcesAttack vectors

More in this domain

Develop and evaluate IT risk scenarios from risk events, contributing conditions and loss consequences.Section 2.1
Conduct vulnerability and control deficiency analysis to identify gaps that expose the organisation to risk.Section 2.3
Identify risk arising from emerging technologies including artificial intelligence, large language models and quantum computing.Section 2.4
Select risk assessment concepts, standards and frameworks appropriate to the organisation.Section 2.5
Perform risk analysis using qualitative and quantitative methodologies to estimate likelihood and impact.Section 2.6
Distinguish inherent and residual risk and use business impact analysis to evaluate risk against criteria.Section 2.7

Back to all Risk Assessment objectives, or the CRISC cert hub.

Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.