There are many approaches to conduct a strategic cybersecurity risks assessment. This is one of my favorite ways, using a Threat Agent Risk Assessment (TARA) methodology.
This paper was authored by Tim Casey, David Houlding, and I while we were at Intel. It showcases how to understand the origins of threats to an organization The resulting knowledge can greatly improve the management of cyber risks!
The threat agent risk assessment methodology provides information necessary to highlight the difference in risks of specific threat agents to a project, in comparison to default risks which already exist. Insights allow for these areas to be the focus of the follow-on analysis
The full Intel solution brief “Improving Healthcare Risk Assessments to Maximize Security Budgets” can be downloaded here: https://www.slideshare.net/MatthewRosenquist/improving-healthcare-risk-assessments-to-maximize-security-budgets