Security Threat and Risk Assessment can be defined as a technique that classifies the overall business and security risks with the aim of defining the competence of security controls, together with the service, in order to reduce the set of risks that appear for the business.