Security Threat and 
Risk Assessment

Defending Critical National Infrastructure
against hybrid attack through defence
in depth and breadth
Security Threat and Risk Assessment (STARA) is a truly holistic threat and risk assessment methodology in which we examine your exposure to full spectrum attack through the identification of threat led and evidence based risks
STARA Threat Graphic Our unique understanding of threats, risks and vulnerabilities, developed from our heritage within UK Defence and National Security has, over the course of a decade, allowed us to develop a truly holistic security risk assessment process.
 
Our STARA methodology not only allows for a comprehensive analysis of your organisation’s current exposure to full spectrum attack, but also to understand the maturity of your security against some of the most advanced and persistent threat actors in the world.
 
Through a variety of technical and physical assessments, our STARA will allow you to identify, understand, measure, report, and respond to comprehensive and evidenced based risks. Ultimately empowering your organisation to move from a two dimensional and siloed Security system, to adaptive and hybridised Defence in Breadth.
 
 

Our STARA Framework at a glance

  • Identify - Our Threat Assessment Methodology has been designed to identify, understand, define and validate the current threat environment in which your organisation operates, whilst modelling the delivery of your core security strategy, mission and operations. 
  • Understand - We will review and understand all documentation and physical, people and logical assets in order to determine their criticality to your organisation and its operational environment.
  • Measure - We will measure the potential attack surface of the identified assets and your organisation to realistic threat scenarios, vulnerabilities and risks in line with ISO27001, NIST Cyber Security Framework, NCSC Cyber Assurance Framework and NIS Directive. STARA is a truly holistic assessment; therefore, we will measure the physical, logical and socio technical (Human Factors) security architecture of the organisation, department or asset.  Ensuring that you understand your exposure to full spectrum attack. 
  • Report - We will bring together the STARA outputs and ensure that your stakeholders are engaged in a collaborative process, to understand the findings of the assessment and the context in which they are made. Ultimately to support you and your organisation in maturing your security posture.
 
 
STARA Framework Diagram
 

 

Our Clients:

 

 
 

Learn more about our experience:

Delivering data defence in breadth. Identifying security threats is an age-old problem facing any organisation – but it can be done. Gary Poole and Kieran Cassidy explain why a holistic approach holds the key to effective defence – pandemic or no pandemic


Contact us:

Gary Poole is Head of Managed Security at BAE Systems Applied Intelligence
gary.l.poole@baesystems.com
Kieran Cassidy is Capability Lead for Security Threat and Risk Assessment (STARA)
kieran.cassidy@baesystems.com