Frequently Asked Questions  


Business Continuity Planning

Threat Risk Assessment

Security Budget Review

Computer Security

TRA ConsultationsA Threat Risk Assessment (TRA) is the most important undertaking for a company looking at implementing or enhancing a security protocol for their operations. Only after a TRA has been performed professionally will senior management be able to fully identify and assign resources to the issues of concern.

After the World Trade Center attack, many companies were forced out of business because they could not meet their ongoing obligations.  Files were so severely damaged or destroyed that they just could not continue.  Though extreme, this case highlights the various risks that a company can face.  How fast you recover and continue to maintain your client obligations will depend on the preparations in place before an incident occurs. A proactive approach versus a reactive one is far less costly in the end.   

TRA concerns can include the following:

  • Personnel
  • Inventory
  • The building
  • Paper documents
  • Computer data and hardware
  • Telephone service
  • Computer backup systems
  • Internet and email security
  • Fire and other life safety issues
  • Access to parking areas
  • Surrounding property
  • Workplace violence and or harassment

After the preliminary interview, management decides which items they wish to explore and, by working with the security consultant, establish the scope of work. If life safety issues and telephone services are currently well taken care or are not placed high on the list, then they receive only a brief review. Instead, the client may be very concerned about shrinkage and workplace violence. These would then be the items that would receive the appropriate attention.

Threat Assessments: Sample Threats

  • Theft of merchandise
  • Disgruntled employees
  • Breaching of the company's Internet services
  • Theft of computer systems, including laptops from the office, hotel room or from the car
  • Fire
  • Flood (Are the backup documents/tapes in a locker in the basement?)
  • Malicious acts of vandalism
  • Power failure

A TRA will often raise or revisit issues that may have been discussed briefly before but were never fully explored, i.e. a bomb threat or the protection of confidential personnel files.

Planning for the TRA process encompasses establishing the scope of the project, determining the appropriate methodology, setting the time frame, identifying the key partners and allocating the resources to perform the TRA.

The closing phase of the TRA process will indicate the threats, the likelihood of them occurring and list the options available along with preliminary budgets to accomplish the tasks.  The recommendations are intended to improve the security posture of the organization through risk reduction and provide considerations for business recovery activities, should a threat cause actual damage.