Threat and Vulnerability Assessments

Kroll’s threat and vulnerability assessments mitigate countermeasures necessary to protect assets.

Contact us

Kroll’s approach to conducting a Threat and Vulnerability Assessment is based on our in-house methodology that has been utilized across entities as varied as major sporting venues, corporate headquarters, mass transit centers and campus settings. 

The primary intent of a Threat and Vulnerability Assessment is to best understand criticality of assets, vulnerabilities to those assets and mitigating countermeasures necessary to protect those assets effectively.

Kroll will identify the high-risk areas in your organization based on the severity of impact and the likelihood of a damaging/disruptive event occurring. This process typically includes both interviewing a variety of personnel and examining technical resources such as electronic security systems. When the current program is evaluated, Kroll will work with you to create a master asset list to be tested for criticality and impact as part of the assessment. These assets will be analyzed with the use of threat scenarios to determine which assets have the greatest vulnerabilities or the greatest loss impact and thereby ascertain the most critical assets requiring countermeasures.

The four major components for developing a Threat and Vulnerability Assessment include:

  1. Asset definition is where we establish priorities for the deployment of mitigating countermeasures. It is not realistic to assume that every asset can be or should be protected against every possible threat. Assets will be identified based on how critical each is to the organization and the local and national economies.
  2. Threat assessment that includes the identification and analysis of potential threats against your organization. Events are typically categorized as terrorism, criminal, natural or accidental.
  3. Vulnerability analysis is where we correlate assets and threats and define the method or methods for compromise. We will analyze the existing security program to identify any physical, operational and procedural weaknesses that may exist and identify potential countermeasures that could be implemented to minimize the probability of a damaging/disruptive event occurring. The primary goal of this analysis is to develop a profile that defines the overall threats that may affect your organization. A profile is developed categorizing threats as highly probable, possible or unlikely.
  4. Security measures are selected for implementation. The selection process is intended to channel resources to protect the most vital assets against the most probable threats. Security measures for a comprehensive security master plan address the following:
  • Architectural elements
  • Operational elements
  • Electronic security systems
  • Policies and procedures (guidelines)
Connect with us

Connect with us

Timothy V Horner
Timothy V. Horner
Senior Managing Director
Security Risk Management
New York
Phone
Jeff Kernohan is an associate managing director
Jeff Kernohan
Associate Managing Director
Security Risk Management
New York
Phone
Nicholas Doyle
Nick Doyle
Managing Director and Regional Leader, EMEA and APAC
Security Risk Management
London
Phone
Bob Thompson
Bob Thompson
Associate Managing Director, EMEA and APAC
Security Risk Management
London
Phone

Connect the dots to proactively see threats with software from Resolver, A Kroll Business
Connect the dots to proactively see threats with software from Resolver, A Kroll Business

Resolver’s Threat Protection app ingests and connects intel from any source, improving security teams’ accuracy. Fully integrated case management solutions, notifications, workflows and reports make driving mitigating actions and proving the value of your threat program simple.

Learn More

Connect the dots to proactively see threats with software from Resolver, A Kroll Business

See all servicesStay Ahead with Kroll

Valuation

Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

M&A advisory, restructuring and insolvency, debt advisory, strategic alternatives, transaction diligence and independent financial opinions.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation, disputes and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.

Security Risk Management


2023 Europe and Africa Security Trends: Business Resiliency Takes Center Stage

Mar 08, 2023

Play

Security Risk Management


2023 North America Security Trends: Staying Ahead of Modern-Day Risks

Feb 22, 2023

Play

Security Risk Management


Navigating Security Risks Amidst Economic Uncertainty

Play

Security Risk Management


Bob Thompson – How to Prepare for Critical Infrastructure Security Threats

Dec 06, 2022

Play

Cyber


Updated Cyber Security Fundamentals for Financial Services Organizations

Jul 06, 2021

by Ryan Spelman

Podcast


Security Concepts

Jun 30, 2022

Economic Outlook


The Debt Ceiling—This Time is Different

May 19, 2023

Cyber


KAPE Quarterly Update – Q1 2023

May 18, 2023

by Eric ZimmermanAndrew Rathbun

Return to top