This practice is intended for use by Cybersecurity Services Division, business areas and
other security practitioners to help understand Department IT security risks, prepare and
conduct Security Threats and Risks Assessments (STRAs) if need be in a timely manner
as new projects are initiated. This practice provides an overview of the relationship
between these three vectors (vulnerabilities, threats and controls/safeguards) as they
relate to IT security risks.