A vulnerability analysis or risk assessment is a process to identify, quantify, and prioritize weaknesses or vulnerabilities in a facility or system. While a comprehensive vulnerability analysis may use both quantitative and qualitative measurements to determine risk and countermeasures, at the simplest level, a proven method of vulnerability analysis is to identify key risks to a facility or system, and then rank the probability and criticality of the particular risk.
- If the risk has a high probability and a high criticality, then the risk probably warrants immediate countermeasures to mitigate, transfer, or avoid that risk.
- If the risk has a high probability but low criticality, or vice versa, then a management decision must be made to determine if the risk warrants the necessary time and cost to resolve the vulnerability.
- Finally, if the probability and criticality are both low, then management must decide if the risk warrants any attention at all, or if a policy or plan can be put in place should the event occur.
This process can be applied to facilities, physical systems, and logical systems. The vulnerability analysis is the first step to building a Basis of Design for our clients in order to harden them from the likelihood of criminal or disastrous incidents. Using standardized risk analysis and weighted matrices, Protective Resources can help you determine where your greatest weaknesses are, and help you determine how to mitigate these risks to change the potential outcome.
Our consultants are board certified for the Security Risk Assessment Methodology (RAM) developed by Sandia Labs.