Request an assessment

Threat risk assessment

Risk you can see.
Decisions you can defend.

We turn a tangle of threats, assets and unknowns into a clear, scored picture your board and your engineers can both act on. Structured method, plain language, every finding traced back to its source.

Request an assessment Read the research

Built on

NIST SP 800-30 ISO/IEC 27005 STRIDE MITRE ATT&CK NIST CSF 2.0
Risk matrix5 × 5
Impact
Likelihood
Hover a cell to read its score
1999
Cyber Electra, working in security since
6
Step method, run the same way every time
7
Recognised frameworks the work is built on
1–5
Risk scale, anchored and traceable

What it is

A threat risk assessment is a decision tool, not a checklist

Most security reports tell you what is broken. A proper assessment tells you what it means.

We start from the things you actually need to protect, work out who would come after them and how, then score the risk before and after the controls you already have.

What you get is a clear view of where your real exposure sits, ranked so you can put time and money where it changes the outcome. No scare tactics. No hundred-page export nobody reads.

The point of it

We score the risk twice

Once as it stands today, before anything is done about it. Again once the controls you have, or the ones we recommend, are accounted for.

The gap between the two is where an assessment earns its keep. It shows you what your existing investment already buys you, and exactly how much further a given fix would take you.

Inherent risk20 / 25
Controls applied
Residual risk8 / 25

Scoped to what matters

We assess the systems, data and processes that carry your real risk, not a generic inventory. Every finding traces back to something you value.

Threat-led, not tool-led

Threats modelled with STRIDE and mapped to MITRE ATT&CK, so the work reflects how attackers actually move against systems like yours.

Built to be questioned

Scoring you can put in front of a regulator, an auditor or a board. The same scale every time, every number traceable.

The method

Six steps, run the same way every time

Repeatable structure is what lets you compare a risk picture from one year to the next. Here is the path every assessment follows.

01

Asset identification

What matters, where it lives, what it is worth.

02

Threat modelling

STRIDE and MITRE ATT&CK mapped to real attacker behaviour.

03

Vulnerability analysis

Weaknesses tied to each threat, not a scanner dump.

04

Inherent risk

Likelihood times impact, scored before controls.

05

Control mapping

Mitigations matched to the tools you already run.

06

Residual risk

What is left, ranked, with a roadmap to close it.

Research

Public reference work, free to read

We publish full threat models and assessments anyone can read and cite. The method on display, sources named, nothing behind a form.

THREAT MODEL  ·  SATELLITE SYSTEMS  ·  v1.0

Threat Model for Satellite Systems Security

A reference threat model across the space, link, ground and user segments. Twenty-four named threats, eight actor classes, STRIDE mapping, a kill chain modelled on the 2022 Viasat incident and a defence-in-depth target state.

Read the threat model
  • Security and risk leaders who need a defensible number, not a feeling
  • Boards and executives weighing where to invest next
  • Teams facing an audit, a regulator or a major customer security review
  • Organizations taking on a new platform, vendor or architecture
  • Public sector bodies working to Canadian regulatory expectations

Who it is for

When you need to know, with evidence

An assessment earns its place the moment a decision carries weight. The report is written to be handed straight to the people who hold that decision.

Where to start

Tell us the decision you are facing

We will scope an assessment that answers it, on a timeline that fits, and tell you plainly what it will and will not cover.

Request an assessment