In the investigative reports that follow major security incidents, the finding of failure of assessment is a common theme. Information that was available was not gathered; facts that were known were not properly analysed; and what was analysed was not acted upon. How can managers ensure that they obtain needed information about threats in their environment and evaluate its validity? How can they avoid discovering that a security incident was imminent only after it has happened?
Threat assessment is a process of gathering and analysing information to gain a clear picture of the dangers in your environment. This chapter will present some of the basic techniques for collecting and assessing information in a systematic way, including:
Threat assessment is a forward-looking process that is undertaken to make long- and short-term predictions about the types and levels of threat in the working environment. While its purpose is to predict ongoing or future threats, it also looks backwards at what has already happened in recent and longer-term history. By looking at news reports, various patterns, and rate at which they occur, we can make useful, if imperfect, predictions about threats that face us each day.
Security threats are the potential dangers to you, your staff, and equipment in your working environment. As you have already learned, they are normally expressed as events such as robbery, kidnapping or harassment. Conceptually, threats can be divided into four basic categories:
In conducting a threat assessment it is useful to consider each type of threat that your organization may face in the field. For example, threats arising from natural disasters such as floods, earthquakes, storms, and tsunami, strike everyone and everything in their path without regard to nationality, ethnic group or political affiliation. For this class of threat, assessment can be done simply by looking at the history of the place and the patterns of occurrence of the threat. Cyclones tend to come at the same season each year, and intensity or severity can easily be mapped and presented as “scientific” data.
For example, in some areas, severe cyclones may occur approximately once every 5 years. Even though that information is correct and very useful as part of your threat analysis, it still will not tell whether or not you will face such a storm this year. Similarly, indirect threats of violence from ongoing warfare, insurrection, or terrorism in the community are also assessed by noting the numbers of events, and any patterns or trends in the data, in order to project what may happen in the future. Crime, banditry and other threats are assessed in the same general way; over time certain areas are known as “high crime areas” and others are regarded as safe.
Of course, how you behave in the field and what security measures you and your organization take can change the likelihood that an actual incident will happen to you, or possibly reduce the harm to you if it does happen. These important decision-making and risk-reduction measures will be discussed in more detail in coming modules. The focus of this module is limited to threat assessment, as a logical foundation on which to build a reasonable risk-management approach.