The Security Risk Assessment Methodology

AbstractThere is an increasing demand for physical security risk assessments in which the span of assessment usually encompasses threats from terrorism. This paper presents a brief description of the approach taken by the author's organization based on a systematic computation of ratings, which are further supported by logical arguments backed by factual data. The procedure compiles the results of the threat assessment, vulnerability assessment and impact assessment to arrive at a numeric value for the risk to each asset against a specific threat given by: Risk Rating(R) = Threat Rating (T) x Vulnerability Rating (V) x Impact Rating (I) This systematic approach could assist decision-makers in selecting risk management strategy by ranking various threats in accordance to their respective Risk Profile. Following which mitigation measures can be explored to reduce the risk for valuable assets, and a logical prioritization for implementation can be achieve