Modern private companies must deal with ever-increasing security related risks. This is partly because serious security threats such as terrorism, political extremism, espionage and organised crime are increasingly aimed at, or harmful to, private businesses. CERTA develops Security Risk Assessments to provide companies with impending strategic decisions, a clear overview of its security risks. Companies should assess whether the risks it is exposed to are acceptable, or whether measures should be implemented to eliminate or limit these risks.
This is also true for other strategic-level corporate decisions such as:
Entering a new market
Corporate takeovers
Partnerships, strategic alliances, commercial or franchising agreements etc.
Agreements with suppliers, key accounts etc.
Outsourcing
Development of the company’s facilities, information and communication systems along with other infrastructure
To perform a such risk assessments requires specific insight and skills in the security field which individual companies rarely have in-house, nor do they have the capacity to develop and maintain such skills and insight.
CERTA has therefore specialised in performing security risk assessments for private companies to use during their strategic decision processes.
The risk assessments, performed by CERTA’s researchers, analysts and security advisers, include the following components:
A threat assessment that contains a description and assessment of the company’s profile, assets and situation (i.e. what is at stake); the general threat environment (the relevant context); the opponents’ motivation, will, capacity and goals (the extent and character of the threats to the company); the modus and scenarios (the concretisation of the threat spectrum); a general assessment and eventually an assessment of the threat level.
An impact assessment that focuses on both the immediate and longer-term, overarching effects, in the event that the described threats materialise.
A vulnerability assessment that reviews the established security measures and on that basis assesses the company’s vulnerability in relation to the previously assessed threat environment.
A risk assessment that summarises the different elements by combining threat, vulnerability, probability and impact analyses.
Recommendations listing how the company best mitigates its risks to what it considers an acceptable level and eventually estimates the costs linked to the various aspects of risk mitigation.