Threat and Risk Assessments

There are many competing ideas of what this really means. We have found the following approach provides our clients with a real understanding of the risks they face.

The first step in any risk reduction programme must be to identify those Assets which you are trying to protect. This includes not only the obvious physical ones but also the intangibles such as reputation, trade secrets and intellectual property.

Threats are the events which may occur and cause damage or loss to those assets. These may be natural or man made, if it is the latter what are their intentions and capabilities? The threat assessment will look across the spectrum facing a facility or organisation.

Vulnerabilities are exploitable weaknesses in the existing security profile. The vulnerability assessment then identifies each possible event and how it could occur.

Impact assessments look at the likely effects of an identified event occurring. This can be expressed in financial terms, death/injury rates or reputational loss.

Risk is the probability or frequency of a given event. The risk assessment tries to give a quantitative assessment of the probability of an event occurring or the frequency with which it may occur.