Threat Analysis Group, LLC (TAG) utilizes performance-based, industry-specific risk assessment methodologies that incorporate effective deter, detect, delay and response criteria for protecting assets. Our assessments incorporate best practices, standards, and guidelines unique to your industry. Our security risk assessment methodology is a holistic and logical process as seen in the flow chart below:

Security Risk Assessment Process

Given a specific risk, there are five strategies available to security decision makers to mitigate risk: avoidance, reduction, spreading, transfer and acceptance. The goal of most security programs is to reduce risk. Risk mitigation is accomplished by decreasing the threat level by eliminating or intercepting the adversary before they attack, blocking opportunities through enhanced security, or reducing the consequences if an attack should occur. Without question, the best strategy for mitigating risk is a combination of all three elements, decreasing threats, blocking opportunities and reducing consequences.

A logical mitigation strategy ties assets to threats to vulnerabilities to identify risks. Solutions for the identified risks typically enhance three facets of security: Policies, Procedures and Training; Physical/Electronic Security Systems; and Security Personnel. A sound mitigation strategy maximizes existing security resources (optimization) and prioritizes Policies first, Systems second, and Personnel third.

Threat Assessments
A Threat Assessment is a logical process used to determine likelihood of adverse events impacting your assets and to validate security levels. We utilize a number of different data sources to assess real, perceived, and conceptual threats.

See Security Metrics

Vulnerability Assessments

A vulnerability assessment, sometimes referred to as a security vulnerability assessment, is an analysis of security weaknesses and opportunities for adversarial exploitation in one or more of the above categories. The fundamental method for assessing vulnerabilities is the security survey, which is a tool for collecting information about the facility. The goal of a vulnerability assessment is to identify and block opportunities for attacks against assets. By effectively blocking opportunities, security decision makers can mitigate threats and reduce risk.

No two facilities are exactly the same. We develop customized security surveys to identify the unique security posture for each facility.

During a vulnerability assessment, we can also assess compliance with Crime Prevention through Environmental Design (CPTED). CPTED is a security concept that, through elements of the built environment, attempts to influence offender decisions that precede criminal acts. CPTED is based upon the theory that the proper design and effective use of the built environment can reduce crime, reduce the fear of crime, and improve the quality of life. Strategies used in support of this concept include natural surveillance, natural access control, and natural territorial reinforcement.

Security Risk Modeling

Threat Analysis Group, LLC has experience developing evidence-based Security Risk Models based on variables (unique vulnerabilities and security posture) for companies with multiple locations. The objective of a Security Risk Model is to develop a model that incorporates the variables to identify risks to people and inform security decisions at each site. The goal of a Security Risk Model is to optimize Security by focusing on the Variables that actually impact Security Risk.

Risk Predictor Variables may include:

  • Past Crimes and Threats
  • Facility Characteristics (static and dynamic)
  • Current Security Measures
  • Existing Vulnerabilities

Liability Analysis
Our security consultants evaluate your company’s security program with an eye toward reducing liability exposure. Our assessments consist of a detailed analysis of crime including foreseeable crime on the property and in the area; vulnerability identification, risk mitigation strategies, and cost effective security solutions. We will provide a written report with findings and recommendations for reasonable security measures.