Creation Date:  2009-08-24
Category:  Risk Management
Effective Date:  2009-08-24
Version:  4.9
Last Reviewed:  2023-03-03
Security Classification:  Protected A
Scheduled Review Date:  
Status:  Approved

Please note that information classified as Protected (per the Data and Information Security Classification standard) is only accessible to Government of Alberta Employees. External users are therefore not able to download this document. To request access, please contact us:

This practice is intended for use by Cybersecurity Services Division, business areas and other security practitioners to help understand Department IT security risks, prepare and conduct Security Threats and Risks Assessments (STRAs) if need be in a timely manner as new projects are initiated. This practice provides an overview of the relationship between these three vectors (vulnerabilities, threats and controls/safeguards) as they relate to IT security risks.​

Keywords: risk assessment, risk management, STRA, vulnerability, cybersecurity