Improve accuracy and relevance of risk assessments - ON-102

Preferred Disciplines: Business, Statistics, -- Master or PHD
Company: Enterprises Inc. (soon to be under
Project Length: 4 to 6 months
Desired start date: As soon as possible
Location: Ottawa, ON 
No. of Positions: 2 (2 units per intern (each unit is 4 to 6 months))
Preferences: Language: English.

About the Company: 

Threatalytics vision is to become the reference standard for risk analysis.  We want to improve the communications related to risk and raise the level of professionalism among risk management and security professionals.  We offer services and methods to facilitate better decision making for strategic and operational issues.

Project Description:

We aim to re-invigorate the security industry. The fundamental problem facing most organizations today is how to prioritize security investments to best mitigate “risk” to the organization. The obvious challenge is: managing complexity. Currently, threat risk assessment methods are time consuming, invasive, expensive and often of limited value. Our project is all about managing this complexity.

1. Facilitate the development of a sector-based framework through modelling of a representative organization. We will define risk-related data that would measure the relative impacts throughout the organization's architecture. We will review case studies, review applicability of various business modelling tools, analyze patterns and idioms. We will apply threat and control modelling throughout the organization and to inter-connected organizations. Our method is unique because we consider the holistic organization, its stakeholders and the relationships between organizations.

2. Improve the risk calculation and reporting process, using the above derived sector framework, to measure the true level of risk based on the organization type's asset attributes and relationships. Currently, risk calculations are not accurate nor relevant to the overall organization, using only generic risk values, without heed to categories of assets, and without considering the attributes of the components within the organization. Our ability to select a specific or a combination of elements to determine the algorithm for inclusion in the risk calculation process results in greater specificity, accuracy and applicability for managing risks


Research Objectives:

  • To define sector-based frameworks for the types and sensitivity level of assets under assessment, using idioms to build a Bayesian Belief Network topology, mapping nodes and relations, considering threats and control measures.
  • To determine the true value of risks to enable informed decisions on controls to be selected to counter risks to the assets in the threat environment.
  • To support risk-based and risk-conscious decision-making and drive smarter risk management.


  • Business analysis and modelling methodologies. TOGAF views. Modelling and visualization techniques, such as UML
  • Enterprise Architecture approaches and methodologies, such as SABSA Framework and ArchiMate Specification Language.
  • Bayesian Belief Networks

Expertise and Skills Needed:

    • Creative talents and the ability to solve tough problems
    • Proficient understanding of logical and statistical modelling techniques
    • Proficient understanding of OWASP security principles would be helpful

    For more info or to apply to this applied research position, please

    1. Check your eligibility and find more information about open projects.

    2. Complete this webform. You will be asked to upload your CV. Remember to indicate the title of the project(s) you are interested in and obtain your professor’s approval to proceed!

    3. Interested students need to get the approval from their supervisor and send their CV along with a link to their supervisor’s university webpage by applying through the webform.