Essay Sample on Threat and Vulnerability Assessments in Organizations

Most organizations and facilities tend to face various threats that subject them to some degree of risk. Such threats may cause accidents or harm. It is the responsibility of management and the owners of different facilities to be able to manage and limit the risks that may be caused by the threats. A threat is anything that can be considered to exploit intentionally or accidentally that result to destruction and damage of assets or facilities. Vulnerability, on the other hand, is a gap or weakness that is experienced concerning a security program which can be exploited by threats to have access to a facility or asset that is unauthorized. A risk is the possibility of a loss occurring as a result of a vulnerability being exploited by a threat. Risk can be referred to as a function of the values of threat. Risk management should be put in place to help protect facilities from being vulnerable to any form of threats, and this will contribute to reducing the possibility of a risk occurring (Bidgoli, 2006).

The difference between these factors is that the effects of a threat cannot be controlled. For example, no individual is in a position of preventing a hurricane or Tsunami in advance before it happens. Threats can be identified, but in most occasions, they tend to be uncontrollable. Risk, on the other hand, can be managed to help control the overall impact or lower vulnerability of a business or a facility. A vulnerability is a weakness that can be identified and various measures are taken to correct it. Vulnerabilities could include problems in the Information Technology systems, security countermeasures, and loss prevention programs (Bidgoli, 2006).

Risk analysis

The possibility of a risk occurring to a given facility as a result of a given threat can be evaluated through a combination of the vulnerability rating and the rating of the loss impact. When the level of risk is very high the management or owners of facilities should ensure that they put in place immediate measures to reduce it. Once a risk is considered to be high, it is unacceptable, and measures to reduce possible hazards are required to be implemented as soon as possible. Medium risk level tends to acceptable for a period that is short. For medium risk level plans to reduce the risk are required to be included in future budgets and plans (Ciampa, 2017).

Threat assessment

The owners of various facilities need to implement risk management procedures. The first action that a risk management program should take is the evaluation of a threat. Through threat assessment, the management can identify all the possible causes which could be for example be triggered by different factors such as terrorists, criminal cases, natural factors or could be accidental. Various procedures can be used to assess the threat. Historical data can be used to estimate the frequency of natural disasters occurring such as earthquakes, fire, floods, and hurricanes occurring which could result in natural threats. The rate of crimes can be used to estimate the possibility of a threat occurring that could cause damage to the facility such as when people are having demonstrating in a manner that is not peaceful could result to the facilities in that particular location being threatened. A threat can be considered to be credible, defined, minimal or potential (Wheeler, 2011).

Vulnerability assessment

After the identification of a threat, the management should carry out a vulnerability assessment. It is important for the vulnerability assessment to be conducted since it helps to know the possibility of a loss occurring from an attack that was successful. The loss may be severe, devastating, noticeable or minor. A devastating impact of loss occurs when a facility is fully damaged beyond repair or to be used again. A severe loss occurs when a facility has been damaged partially. A noticeable loss is one that the facility ceases to operate temporarily but is not entirely affected while a minor impact of the loss is one that significant assets of a facility are not lost and there is no great impact on the operations taking place in that particular area. How vulnerable a facility is towards the aggressor depends on its attractiveness and the level of security that is provided towards that given facility (Gheorghe, 2005).

Threat and vulnerability assessments play a critical part in the composition of a physical security plan since they help the management to be in a position of identifying the upgrades that are required that will assist lower the level of risks. It helps the management to be prepared for any threat that is likely to occur. It helps the management to be in a position of estimating the level of risks that can be caused by a particular threat and know how to classify it as to whether it is low, medium or high. It helps in the re-evaluation of the already security measures and makes various recommendations regarding those that require being upgraded. It helps fill the existing gaps in the protective security systems after they have been identified. The vulnerability assessment helps the facility with the design-basis threat that is unique to their assets and mission.

References

Bidgoli, H. (2006). Threats, vulnerabilities, prevention, detection, and management. Hoboken, NJ: Wiley.

Ciampa, m. a. (2017). CompTIA security+ guide to network security fundamentals. S.l.: Cengage learning.

Gheorghe, A. V. (2005). Integrated risk and vulnerability management assisted by decision support systems: Relevance and impact on governance. Dordrecht: Springer.

Snedaker, S., & Rima, C. (2014). Business continuity and disaster recovery planning for IT professionals.

Wheeler, E. (2011). Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. Burlington: Elsevier Science.