Eagle’s approach to the Threat, Vulnerability & Risk Analysis (TVRA) process is to establish a realistic view of the types of threats that an Organization’s is currently exposed to. Results from the TVRA process will depict the level of protection presently in place and make recommendations as needed. The following is Eagle’s approach to the entire TVRA process:
- Identify each critical assets to be considered in the TVRA. This includes collecting information on each type of asset and rating the criticality of the asset and its overall importance to the organization’s ability to function and be successful. Assets under reviewed will include people, processes, technology and equipment associated with the facilities as determined by the client.
- Next, a Facility Characterization is performed which includes gathering site-specific data to identify the purpose of the various facilities, layout, and operational states. Information typically collected includes building layouts, the location and operational status of existing security countermeasures and operational security policies.
- A Threat Assessment Statement will be developed that clearly illustrates existing threats. This process involves gathering intelligence from various sources to identify the threat that each asset may encounter. This may require analyzing local, national, and international crime statistics, conducting case studies on incidents related to the similar assets, reviewing actual investigative data from corporate reports and analyzing the impact of significant corporate decisions such as mergers or anticipated layoffs, as appropriate.
- The methodology requires that our analysts identify Physical Protection Systems. These systems include elements of detection, delay and response. In other words, what elements are used to detect an adversary’s actions, delay them from accomplishing their goals and lastly, how long does it take for a response force to interrupt the adversary’s actions.
- The next step in the methodology involves developing realistic scenarios based on the threat statement. Once scenarios are established, a tabletop analysis is conducted to determine the effectiveness of the protection systems presently in place.
- The final comprehensive report will detail the identified risks, and proposed mitigation for all known threats.