Information security | Information security threat risk assessments

Understanding information and security risks in our technology-enabled world is a challenge for any industry

Organizations that own or handle sensitive information—such as health or payment card information—need a clear view of the risks in respect to to that information. Furthermore, the need to understand the intricacies of complex technical solutions, interpret technical jargon and consider vulnerabilities in the context of impact to the business is increasingly a challenge for manager and stakeholderan organization. Threat and risk assessments (TRAs) complement audits and technical vulnerability assessments. A TRA presents a focused view of potential risks to information in the context of attack, loss of service, and impacts to data integrity— from any threat source.


How can we help?

At Grant Thornton, we have developed a mature, adaptable methodology that provides you with a comprehensive view of the risks to your organization and information systems. Our methodology has been adopted internally by many of our own clients. And our TRAs look beyond the technical, spanning across personnel, administrative, operational and technical domains. Our approach also includes a deep analysis on the technologies supporting the organization or information system and the susceptibility to internal or external attack.


Effective security is layered and considers risks that involve people, process and technology. Our reports provide a comprehensive and business-centric view of risk for an organization and include action plans that can immediately be leveraged to improve the organization’s risk posture.

Our services include

  • IT threat and risk assessments
  • technical vulnerability assessments
  • application and infrastructure penetration testing
  • business impact assessments
  • IT security programs and policies
  • IT security certification and accreditation support