Unit 1 – Security Risk Analysis
1. What asset is at risk?
2. When is it at risk and why?
3. How accessible is the asset and is it easily removable?
4. How visible is the asset?
5. Can the asset be easily concealed by the adversary? Is it portable?
6. What value does the asset have to the adversary?
7. Is the asset unique, attractive or iconic?
8. Does the asset move and is it therefore more vulnerable at any particular location?
1. What asset is at risk?
2. When is it at risk and why?
3. How accessible is the asset and is it easily removable?
4. How visible is the asset?
5. Can the asset be easily concealed by the adversary? Is it portable?
6. What value does the asset have to the adversary?
7. Is the asset unique, attractive or iconic?
8. Does the asset move and is it therefore more vulnerable at any particular location?
The analysis can then be developed to study the adversary:
1. Who are the adversaries?
2. What is their accessibility to the target assets?
3. By what means will they carry out their action against the target asset?
4. What method are they likely to use and what tools/facilitators?
5. What are their capabilities?
6. What is their motivation, determination and persistence?
7. Why are they targeting the asset?
1. Who are the adversaries?
2. What is their accessibility to the target assets?
3. By what means will they carry out their action against the target asset?
4. What method are they likely to use and what tools/facilitators?
5. What are their capabilities?
6. What is their motivation, determination and persistence?
7. Why are they targeting the asset?
Culminating with an analysis of the action:
1. What action is anticipated (theft, destruction, injury, embarrassment, stopping operations etc.)?
2. How will the action be carried out?
3. When will the action be carried out?
4. Is there a history of action or has a threat been made?
5. Has intelligence been received that suggests an action is likely?
6. Are we doing something new or controversial that it likely to attract an action?
7. Are there particular types of adversary actions that are common to this geographical area?
Common to this business sector or type of enterprise?
8. Are there facilitators or inherent vulnerabilities that make an action more likely?
9. Is it easy for the adversary to cover up the action?
10. Is the action more prevalent at specific locations or times?
1. What action is anticipated (theft, destruction, injury, embarrassment, stopping operations etc.)?
2. How will the action be carried out?
3. When will the action be carried out?
4. Is there a history of action or has a threat been made?
5. Has intelligence been received that suggests an action is likely?
6. Are we doing something new or controversial that it likely to attract an action?
7. Are there particular types of adversary actions that are common to this geographical area?
Common to this business sector or type of enterprise?
8. Are there facilitators or inherent vulnerabilities that make an action more likely?
9. Is it easy for the adversary to cover up the action?
10. Is the action more prevalent at specific locations or times?
