After completing a needs assessment and identifying your assets you should think about potential and existing threats to your organization. Threats come in various forms and that can be recognized and categorized. It's not a matter of if a security incident will happen, it is only a matter of when.
Threat categories to consider:
1. Natural disasters
Organizational threats can be broken down into three categories for assessments. Thinking through these types of threats in advance will help pinpoint a plethora of scenarios, frame out the potential impact, and determine the likelihood and/or frequency of an emergency.
Your goal should be to understand the best and worst cases, which will ultimately prioritize your competing security needs and create a proactive plan.
Keep in mind, enterprise organizations need to conduct a full assessment of each facility for regional factors including differences in surrounding perimeters and cultures, and variances in facility specifications. For example, metropolitan sites will have different threats than a less developed suburban or rural setting.
10 key questions to help start the threat assessment:
- What types of natural disasters is the region prone to? How frequently do they occur?
- What other organizations have a nearby presence?
- What major infrastructure and transportation structures surround the site?
- Are there any future developments that will affect your organization?
- Does the surrounding area have a high crime rate?
- Could your organization experience any geopolitical unrest?
- Are there any areas that contain sensitive materials?
- Do you have any regulatory obligations to abide by?
- Could high level executives be vulnerable to additional threats?
- How many people interact with the organization on a daily basis? Are they primarily employees, contractors, vendors or visitors?
Identifying potential threats in detail takes time and serious thought. These 10 questions are merely a starting point to get the process going. We recommend tackling threat assessments with a team of key stakeholders and an experienced security integrator.
Security 101 professionals have worked with several different organizations to expedite the process. They know where to look for vulnerabilities and threats. Most importantly, they know how to create an enterprise security program to proactively mitigate future emergencies.