Threat Vulnerability Assessments

Mitigate countermeasures necessary to protect assets.

Contact us
/en-ca/services/security-risk-management/security-consulting/threat-vulnerability-assessments /-/media/feature/services/security-risk-management/threat-vulnerability-assessments-desktop-banner.jpg service

Kroll’s approach to conducting a Threat and Vulnerability Assessment is based on our in-house methodology that has been utilized across entities as varied as major sporting venues, corporate headquarters, mass transit centers and campus settings. 

The primary intent of a Threat and Vulnerability Assessment is to best understand criticality of assets, vulnerabilities to those assets and mitigating countermeasures necessary to protect those assets effectively.

Kroll will identify the high-risk areas in your organization based on the severity of impact and the likelihood of a damaging/disruptive event occurring. This process typically includes both interviewing a variety of personnel and examining technical resources such as electronic security systems. When the current program is evaluated, Kroll will work with you to create a master asset list to be tested for criticality and impact as part of the assessment. These assets will be analyzed with the use of threat scenarios to determine which assets have the greatest vulnerabilities or the greatest loss impact and thereby ascertain the most critical assets requiring countermeasures.

The four major components for developing a Threat and Vulnerability Assessment include:

  1. Asset definition is where we establish priorities for the deployment of mitigating countermeasures. It is not realistic to assume that every asset can be or should be protected against every possible threat. Assets will be identified based on how critical each is to the organization and the local and national economies.
  2. Threat assessment that includes the identification and analysis of potential threats against your organization. Events are typically categorized as terrorism, criminal, natural or accidental.
  3. Vulnerability analysis is where we correlate assets and threats and define the method or methods for compromise. We will analyze the existing security program to identify any physical, operational and procedural weaknesses that may exist and identify potential countermeasures that could be implemented to minimize the probability of a damaging/disruptive event occurring. The primary goal of this analysis is to develop a profile that defines the overall threats that may affect your organization. A profile is developed categorizing threats as highly probable, possible or unlikely.
  4. Security measures are selected for implementation. The selection process is intended to channel resources to protect the most vital assets against the most probable threats. Security measures for a comprehensive security master plan address the following:
  • Architectural elements
  • Operational elements
  • Electronic security systems
  • Policies and procedures (guidelines)


Timothy V Horner
Timothy V. Horner
Senior Managing Director and Global Head of Security Risk Management
Security Risk Management
Peter McFarlane
Managing Director
Forensic Investigations and Intelligence

How we can help

Security Program Assessment

Ensure your organizational security function is appropriately staffed, resourced and situated.

Security Master Plans

An effective Security Master Plan enables an organization to identify, prioritize, budget for and implement risk mitigation measures that can be adapted as the threat environment and organizational risk profile evolves.

Security Risk Assessments

Our multidisciplinary approach looks at security from every angle to mitigate risks—from the physical environment to the human element to the role of technology.

Security Audits

We have the resources to uncover where weaknesses and security gaps exist throughout your organization. We help tackle issues that are driving noncompliance to establish an effective security program.

Security Training Services

Kroll has extensive experience providing security training calibrated to each client’s needs, whether they’re brief one-day introductory sessions, “refresher” programs or multi-day curriculums.

Security Policy Procedure Development

We can develop security policies tailored to the exact risks you face—all within the framework of laws and regulations of each country you operate in.

Securing Intellectual Property

We work closely with your staff to design a system of readily understood, integrated and adaptable activities that produce ongoing, consistent results.


Insider Threat Indicators and Detection: When Employees Turn Ransomware Accomplices

Jan 24, 2022

by Nicole Sette Anthony Knutson


Three Tactics to Bypass Multi-factor Authentication in Microsoft 365

Aug 18, 2021

by Devon Ackerman Krystina Lacey


Updated Cyber Security Fundamentals for Financial Services Organizations

Jul 06, 2021

by Ryan Spelman

Security Risk Management

Election-Related Uncertainty – Safeguarding Your Organization

Oct 26, 2020

by Timothy V. HornerMatthew J. Dumpert