v Threat And Risk Assessment Approaches for Security Professionals in 2022

Threat assessment means different things to different people. Security professionals, police, judges, psychologists, and school counselors all use the term and deport tasks they describe as threat assessment. These approaches are all predictive in nature, but very different.

This post was first published in late 2019. Since publication, it has been the nearly pop page on our website. In 2021, 23, 787 , 5,483 visitors from all over the world read this post. For a minor company like us, this is awesome. Nosotros are helping security professionals everywhere identify techniques that can assist them secure lives and property.

I hope that you detect this resource useful too. Don't hesitate to reach out if nosotros can help yous or your arrangement.

threat cess approaches

Take a moment to think about what threat and gamble assessment means to you, or what problem you are hoping that threat assessment volition help you solve.

Are you looking to:

  1. plan for and protect facilities and critical infrastructure confronting terrorist attacks, insider threats, or natural disasters;

  2. assistance your security personnel identify and react to threatening individuals such equally active shooters or terrorists;

  3. protect your figurer networks, systems, and servers from attacks by malicious actors;

  4. place, assess, and arbitrate with a person who may commit targeted or instrumental violence (east.m., a schoolhouse shooting); or

  5. appraise the overall likelihood that a specific individual for violent behavior.

This post isn't meant to be a comprehensive review of each method. Rather, it is meant to define and aid you identify threat assessment grooming and resources.

At present, let's take a deeper dive into each threat and risk assessment approach.

1. The Security Threat and Risk Cess

To people who work in the security or protection industry, threat assessment is the commencement pace in a gamble and vulnerability analysis. This threat assessment task involves assessing the diverse security risks associated with a particular location. It covers a broad range of threats, including: natural threats (tornadoes, hurricanes, floods, earthquakes), criminal threats (theft from location, violence against staff), terrorists (agile shooter, vehicle, and person-borne improvised explosive devices), and potential accidents.  Once threats are identified, organizations can plan for how they will protect their workers, facilities, supplies, and critical infrastructure.

Threat & Risk at an airport

For a security risk threat assessment, let's take an example of a final at an drome. Potential threats to an aerodrome could include natural disasters (such every bit a snowstorm, earthquake or hurricane), an organized terrorist attack, other criminal acts (due east.g., employees smuggling in contraband into the aerodrome), or an blow (such as a computer failure causing the airdrome communication systems to shut down).  Each of these threats will require a different response.

Security Threat Risk Assessment for Law Enforcement

This security threat adventure cess includes non simply identifying potential threats, but also evaluating the likelihood of occurrence for each--just because something can happen, doesn't mean information technology will.

The vulnerability assessment

Following the security take a chance threat assessment is the vulnerability assessment, which has two parts. First, it involves a decision of the assets as risk (due east.grand., people, buildings, equipment). Office of this includes an interpretation of the financial loss that would be incurred if the given location was successfully attacked and stopped providing service. 2d, information technology includes an assessment of the level of bewitchery of the target (in the instance of intentional attacks) and the level of existing defenses against each threat.

In the instance of a big airport in a busy metropolitan area without nearby airports, any suspension of services at the airport would create a significant disruption. In contrast, suspension of services at a modest county aerodrome would create less of a disruption. As an case of attractiveness, a pocket-size canton airport performance may be a less attractive target for this reason.

Potential threats, impacts associated with loss of the facility, and assessments of vulnerability are reviewed in combination as part of a gamble analysis. The risk analysis as well involves the study of existing and necessary countermeasures to protect against and mitigate potential threats. This analysis reveals opportunities for upgrading or improving existing countermeasures.

Learn about Security Threat Risk Assessment

If you lot are interested in learning more about risk analysis, here are some great resources:

  • The "Chance Management Process for Federal Facilities" Guide from the U.s.a. Section of Homeland Security(DHS); and

  • The DHS and State Department'south "Guide to Disquisitional Infrastructure and Security Resilience."

2. Active Threat Assessment

For security professionals, threat assessment is also used to describe a process through which your operational personnel observe and identify potential, immediate, or imminent threats (e.one thousand., agile shooters, terrorists, criminals). At 2d Sight, nosotros utilise the term active threat assessment to draw the process of systematic ascertainment to identify threats. These threats could be confronting your clients, their facilities, or your personnel.

The Active Threat Assessment Methodology

Agile threat cess involves a focused ascertainment of behaviors and actions. It is a threat assessment methodology by which an observer (such as one of your security officers) systematically observes their environment, identifies potentially suspicious individuals (too known as persons of interest), and assesses the potential threats posed by these individuals.

Threat_Assessment_Training_V2.jpg

A person of interest (POI) is an individual who is a target for farther observation. They may go a target due to suspicious activity or a display of threatening behavior.

Further observation of the POI involves an assessment of threat indicators. Threat indicators are visual behaviors that betoken an individual might be a threat. For case, they might be trying to avoid notice, or they could show visible signs that they are carrying a weapon.

These assessments, in combination, allow for the identification of active threats.

Potential Users of Active Threat Assessment

Second Sight's threat assessment approach tin be used by a broad range of security personnel, including:

  1. Executive and personal protection specialists;

  2. Uniformed security providing foot and vehicle patrol at a range of facilities (churches, airports, schools, public events, gaming facilities, etc.);

  3. Photographic camera surveillance personnel; or

  4. Security personnel conducting access control or responding to incidents.

To learn more virtually active threat assessment, read our post about active threat assessment, join our mailing list, or enroll in one of our online active threat cess training courses.

3. The Cyber-security Threat and Take a chance Assessment

The same threat gamble cess and assay process tin can be applied to cyber-security. A cyber-security threat risk assessment tin can involve protecting information (e.1000., the Personally Identifiable Information of your customers), networks (e.one thousand., the net at your offices), software (due east.g., your customer management organisation), and hardware (e.g., the laptops and desktops of your employees). The basic steps of a cyber-security threat adventure assessment are:

Cyber Security Threat Risk Assessment

  1. narrate the blazon of system that is at risk;

  2. identify threats to that system (unauthorized access, misuse of information, data leakage/exposure, loss of data, disruption of service);

  3. determine inherent risks and impacts;

  4. analyze and place existing controls that may prevent, mitigate, detect, or compensate for potential threats. Assess the extent that existing controls successfully mitigate the threats.

  5. make up one's mind the likelihood of a threat occurring based on electric current controls; and

  6. calculate a run a risk rating based on a combination of touch on and likelihood of occurrence.

After the cess, it is then possible to implement or improve controls based on the higher risk threats to cyber-related infrastructure.

If yous are interested in learning more nigh the cyber-security threat risk assessments, nosotros recommend y'all review the following resources:

  • National Institute of Standards and Technology'south (NIST) "Guide for Conducting Take chances Assessments"

  • International Association of Chiefs of Police's (IACP) Law Enforcement Cyber Center

  • The RAND Corporation's all-encompassing body of research on cyber-security

  • The Cybersecurity and Infrastructure Security Bureau (CISA)

4. Threat Assessment for Instrumental Violence

The National Association of School Psychologists (NASP) describes a wide spectrum of activities for identifying and intervening with potentially violent individuals who appear at risk for committing instrumental violence.

Instrumental violence is when an individual commits (or threatens to commit) a specific assault, such as a mass shooting. In your example, information technology could involve an employee who has made threats against other staff members or has been involved in recent altercations at piece of work. For executive and personal protection, it could involve individuals who take made threats against your protectee.

Threat Assessment in Schools

A noted say-so on this approach is the U.S. Hush-hush Service National Threat Assessment Center (NTAC). In a recent report titled "Mass Attacks in Public Places," they noted many of the attackers in 2019 had like backgrounds, including: a personal grievance; history of criminal behavior; substance abuse or mental health symptoms; or other stressors (such as fiscal instability). Many of these attackers as well had communicated or elicited business concern from others prior to the set on. These situational and behavioral factors tin can serve as flags of individuals who may commit instrumental violence.

Threat Cess in Schools

The NTAC adult the national model for threat assessment in a school setting. While NTAC's focus is on schools, their approach is applicable to other facilities equally well.  This approach has five steps:

  1. establish a multi-disciplinary threat assessment team;

  2. define behaviors that require intervention (e.one thousand., carrying weapons);

  3. constitute and provide preparation on a central reporting organization;

  4. determine a threshold for intervention; and

  5. establish an investigative-driven threat assessment process that focuses on a range of factors, including just non limited to: motives, communications, weapons access, stressors, emotional and developmental issues, and protective factors.

Potentially threatening individuals are identified from information and referrals. And then, these individuals are assessed for the extent they may commit an attack. Those at-hazard for violence are targeted with a diversity of interventions. In the example of an imminent assail, immediate measures would be necessary to control the individual.

When it comes to school violence prevention, the NASP provides suggested guidelines for administrators and crunch teams. Farther, a 2018 article reviews the major findings from the enquiry on the federal school threat assessment model and provides guidance on how to implement the model effectively.

If you would like to learn more near this type of threat assessment, more information is available from the sources beneath, and an net search will reveal a diverseness of other resources on the topic:

  • The United states of america Secret Service National Threat Assessment Center

  • The Association of Threat Assessment Professionals

5. The Violence Threat Risk Cess

Violence threat risk assessments are generally legal and clinical in nature, and are typically used to estimate the likelihood of future fierce behavior by an individual. This is somewhat dissimilar than the instrumental violence approach described above, though information technology still involves identification of risk factors and intervention strategies. The violence threat risk assessment focuses on assessing an individual's predilection for violence more generally, and is not related to a specific attack against a specific target. These threat gamble assessments include things like domestic violence lethality assessments or algorithmic risk assessment tools.

Violence Threat Risk Assessment

This approach may not be something you lot or your personnel perform directly. More oft, these assessments are conducted by clinical professionals who are qualified to administer a battery of tests that evaluate one's likelihood of committing a fierce act. These violent threat run a risk assessments can include professional judgment of the clinician as well as actuarial-based assessments. The latter uses predictive algorithms that assess risk factors and determine the probability of future violence.

Violence threat risk assessments are used to guide decisions at various points in the criminal justice organisation. For example, they are often used in determining pretrial or parole release decisions, release from psychiatric facilities, civil commitment and criminal sentencing decisions, and for inmate nomenclature within correctional facilities.

In that location are many different types of threat risk assessment tools. For example, ane well-known and widely-adopted tool is the Public Rubber Assessment (PSA). Though, please annotation that there are a fair amount of criticisms regarding the accuracy and fairness of dissimilar algorithmic techniques. If yous are looking for inquiry and support to conduct threat assessments related to individual chance and violence, we encourage you to access resources available from:

  • The Center for Disease Control (CDC)

  • The American Psychological Association (APA)'south Guidelines for Psychological Evaluation and Cess

  • The Bureau of Justice Assistance (BJA)'southward Public Safety Risk Assessment Clearinghouse

What'due south Next?

Depending on your needs, any of these approaches to threat and security cess may be relevant to you or your personnel. Every bit a side by side step, take a deeper dive into some of these resources and continue your quest to learn more most threat and run a risk assessment. All of these approaches are essential to protecting our community and keeping people safe.

If y'all are interested in learning more nigh active threat assessment, bank check out our active threat assessment for security professionals now.

References

Avant-garde Psychological Associates. (2020). APA Guidelines for Psychological Assessment and Evaluation. Retrieved January 2022 from https://www.apa.org/about/policy/guidelines-psychological-assessment-evaluation.pdf

Arnold Ventures. (2017). Public Safety Assessment: A Risk Tool That Promotes Safety, Equity, and Justice. Retrieved January 2022 from https://www.arnoldventures.org/stories/public-safe-assessment-hazard-tool-promotes-safety-equity-justice/

Bare, R.1000., and Gallagher, P.D. (2012). Guide for Conducting Risk Assessments. The National Institute of Standards and Technology (NIST). Retrieved January 2022 from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

Botha, A. (2021). Affiliate 28: Prevention of Terrorist Attacks on Disquisitional Infrastructure. In the Handbook of Terrorism Prevention and Preparedness. Retrieved January 2022 from https://icct.nl/app/uploads/2021/04/Handbook-Ch-28-Botha-Prevention-of-Terrorist-Attacks-on-Critical-Infrastructure.pdf

Brayne, S., & Christin, A. (2021). Technologies of crime prediction: The reception of algorithms in policing and criminal courts. Social Problems, 68(iii), 608-624. Retrieved January 2022 from http://www.angelechristin.com/wp-content/uploads/2020/03/Technologies-of-Crime-Prediction_SocProblems.pdf

Bucklen, M.B., Duwe, Thousand., and Taxman, F.Southward. (2021). Guidelines for Post-Sentencing Hazard Assessment. National Institute of Justice: Washington, D.C. Retrieved January 2022 from https://www.ojp.gov/pdffiles1/nij/300654.pdf

Chohlas-Wood, A. (2020). Agreement Risk Cess Instruments in Criminal Justice. The Brookings Institution. Retrieved January 2022 from https://world wide web.brookings.edu/research/understanding-hazard-cess-instruments-in-criminal-justice/

Cornell, D.G. (2020). Threat assessment every bit a school violence prevention strategy. Criminology & Public Policy, xix(ane), 235-252. Retrieved January 2022 from https://onlinelibrary.wiley.com/doi/abs/10.1111/1745-9133.12471National Threat Cess Center (NTAC). (2018A). Mass Attacks in Pubic Spaces - 2017. United States Cloak-and-dagger Service. Obtained January, 2019 from https://world wide web.secretservice.gov/data/protection/ntac/USSS_NTAC-Mass_Attacks_in_Public_Spaces-2017.pdf

Cybersecurity and Infrastructure Security Bureau (CISA). (2019). A Guide to Critical Infrastructure Security and Resilience. Retrieved January 2022 from https://www.cisa.gov/sites/default/files/publications/Guide-Disquisitional-Infrastructure-Security-Resilience-110819-508v2.pdf

Desmarais, S. L., & Zottola, S. A. (2019). Violence risk assessment: Current status and contemporary issues. Marquette Law Review, 103, 793. Retrieved January 2022 from https://scholarship.law.marquette.edu/cgi/viewcontent.cgi?article=5441&context=mulr

Enang, I., Murray, J., Dougall, Northward., Aston, E., Wooff, A., Heyman, I., & Grandison, G. (2021). Vulnerability assessment across the frontline of law enforcement and public wellness: A systematic review. Policing and Society, 1-20. Retrieved January 2022 from https://world wide web.tandfonline.com/doi/full/10.1080/10439463.2021.1927025

Huber, N. (2019). "Intelligence-Led Policing for Constabulary Enforcement Managers." The Federal Bureau of Investigation Police Enforcement Bulletin. Retrieved Jan 2022 from https://leb.fbi.gov/articles/featured-articles/intelligence-led-policing-for-law-enforcement-managers

Interagency Security Commission. (2016). The Chance Management Process for Federal Facilities: An Interagency Security Commission Standard, 2nd Edition. Retrieved Jan 2022 from https://www.cisa.gov/sites/default/files/publications/isc-risk-direction-process-2016-508.pdf

International Clan of Chiefs of Police (IACP). (2017). Managing Cybersecurity Risk: A Police force Enforcement Guide. Retrieved January 2022 from https://www.iacpcybercenter.org/wp-content/uploads/2015/04/Managing_Cybersecurity_Risk_2017.pdf

Metivier, B. (2017). "6 Steps to a Cyber Security Take chances Assessment." Sage Data Security. Available atRetrieved January 2022 from https://www.sagedatasecurity.com/blog/half-dozen-steps-to-a-cybersecurity-risk-assessment.

Miller, A. (2014). Threat Assessment in Action. The American Psychological Association. Available at https://world wide web.apa.org/monitor/2014/02/cover-threat.aspx.

Modzeleski, West., & Randazzo, Thou.R. (2018). School threat assessment in the USA: Lessons learned from fifteen years of teaching and using the federal model to preclude school shootings. Contemporary Schoolhouse Psychology, 22(2), 109-115. Retrieved January 2022 from https://link.springer.com/article/10.1007/s40688-018-0188-8

National Association of Schoolhouse Psychologists (NASP). (2015). School Violence Prevention: Guidelines for Administrators and Crisis Teams. Retrieved January 2022 from https://www.nasponline.org/resources-and-publications/resource-and-podcasts/school-safety-and-crisis/school-violence-resource/schoolhouse-violence-prevention/schoolhouse-violence-prevention-guidelines-for-administrators-and-crisis-teams

National Institute for Occupational Condom and Health (NIOSH). (ND). "Violence Risk Cess Tools." The Centers for Illness Command and Prevention. Retrieved January 2022 from https://wwwn.cdc.gov/WPVHC/Nurses/Class/Slide/Unit6_8

National Institute of Justice (NIJ). (2005). Domestic Violence Lethality Screen for Starting time Responders. Retrieved January 2022 from https://nij.ojp.gov/sites/g/files/xyckuh171/files/media/document/domestic-violence-screening.pdf

National Threat Assessment Eye (NTAC). (2018A). Enhancing School Safety Using a Threat Assessment Model: An Operational Guide for Preventing Targeted School Violence. The states Cloak-and-dagger Service: Department of Homeland Security. Retrieved January 2022 from https://www.cisa.gov/sites/default/files/publications/18_0711_USSS_NTAC-Enhancing-School-Safety-Guide.pdf. Obtained Jan, 2019 from

National Threat Assessment Center (NTAC). (2019). Protecting America's Schools: A U.South. Hugger-mugger Service Analysis of Targeted School Violence. United States Hush-hush Service: Section of Homeland Security. Retrieved January 2022 from https://www.secretservice.gov/sites/default/files/2020-04/Protecting_Americas_Schools.pdf

National Threat Cess Center (NTAC). (2020). Mass Attacks in Public Spaces - 2019. U.s.a. Hugger-mugger Service: Department of Homeland Security. Retrieved January 2022 from https://world wide web.secretservice.gov/sites/default/files/reports/2020-09/MAPS2019.pdf

Partnership on Artificial Intelligence. (2019). Study on Algorithmic Risk Assessment Tools in the U.S. Criminal Justice System. Retrieved January 2022 from https://pde.is/posts/docs/Report-on-Algorithmic-Hazard-Cess-Tools.pdf

RAND Corporation. (2021). "Terrorism Threat Assessment." Retrieved January 2022 from https://www.rand.org/topics/terrorism-threat-assessment.html

Set.gov. (2021). "Risk Assessment." Retrieved Jan 2022 from https://world wide web.set.gov/adventure-assessment

Fix.gov. (2021). "Risk Mitigation." Retrieved Jan 2022 from https://www.gear up.gov/adventure-mitigation

Renfroe, N.A. and Smith, J.Fifty. (2016). "Threat / Vulnerability Assessments and Risk Analysis." Practical Research Associates. Retrieved Jan 2022 from https://www.wbdg.org/resources/threat-vulnerability-assessments-and-adventure-analysis.

Vicious, T.A., and Woitaszewski, Southward.A. (2018). School-Based Threat Assessment: Best Practices and Resource. Presentation at the Minnesota School Psychologists Clan: Plymouth, MN. Retrieved Jan 2022 from https://world wide web.mspaonline.net/resources/Documents/past%20conference%20materials/2018/School-Broad%20Practices/School-Based%20Threat%20Assessment_%20Best%20Practices%20and%20Resources%20-%20Savage,%20Woitaszewski.pdf

Serin, R.C., Lowenkamp, C.T., Johnson, J.L., & Trevino, P. (2016). Using a multi-level take chances cess to inform case planning and risk direction: Implications for officers.Federal Probation,fourscore, ten. Retrieved January 2022 from https://world wide web.uscourts.gov/sites/default/files/80_2_2_0.pdf

Simons, A., & Meloy, J. R. (2017). Foundations of threat assessment and management. In The Handbook of Behavioral Criminology, 627-644. Retrieved Jan 2022 from https://link.springer.com/chapter/x.1007/978-3-319-61625-4_36

"Violence Risk Assessments." (ND). Obtained from December 2018Retrieved January 2022 from https://psychology.iresearchnet.com/forensic-psychology/violence-risk-assessment/