Assessments (SVA) is a term now commonly adopted by many organizations
to describe what was prior to “9/11” considered Risk
Assessments. In fact the recognized leader in the field of Vulnerability
Assessment Methodologies, namely Sandia Laboratories (part of
the U.S. Energy Department), utilizes the term RAM as their patented
heading for Risk Assessment Methodology. Many
of Wivenhoe Group’s consultants have undergone
RAM training and are certified in that Methodology
|Wivenhoe Group, and its associated
consultants have carried-out literally hundreds of Vulnerability
Assessments or Risk Assessments over the past 20 to 30 years as
an integral part of their approach to security design engineering
assignments. The reason being that it is important to know who
and what you are going to protect, and also equally important
to know from who and what (Threat Level) that you are required
to protect against.
|Regardless of which methodology is utilized
in carrying-out a Vulnerability Assessment (VA), and there are
many; all of which Wivenhoe Group consultants are experienced
with, the essential elements comprise the following:
|This aspect of a VA involves identifying
the likely level of threat that will apply to the facility, organization,
etc. In other words, is it necessary to protect from such adversaries
as State Sponsored Terrorists, or is the threat level more criminal
in nature. Three types of Threat Level are generally considered
in this section, being Outside Adversaries, Inside Adversaries,
and Cyber Adversaries. Wivenhoe Group in association
with various law enforcement agencies researched and then summarized
the various types of threat levels now used by many security specialists
in conducting VA’s.
|Accurately prioritizing each critical asset
by Consequence, allows the consultant team and
local facility management to determine which critical assets should
be considered most important with respect to available resources
and funding. Wivenhoe Group works with each client
to ascertain what is important and what is feasible in terms of
improving security or providing for effective Mitigation
in the case of each critical asset.
|Wivenhoe Group will provide
a full written report detailing both Findings and appropriate
Recommendations. The first report is a Draft Report to be discussed
with the client, and it is important to remember that Wivenhoe Group consults with the client throughout the entire
VA exercise to ensure that the client is aware of all findings
as they occur.
When the draft report is presented to the client, it is a summary
of what is already known to the client at that time, and should
not provide any unexpected surprises.
| It should be noted that Wivenhoe Group also provides each client with a Recommended
Timetable of Implementation that may be over several years as
even with unlimited funding, it is not practical to implement
All recommendations overnight.
|In the Final Report, Wivenhoe Group will conduct a PowerPoint presentation to all involved client
parties explaining All Findings and All Recommendations and with
then be available to answer any and all questions.
|We have found that our experience and expertise
in security engineering design and implementation covering a multitude
of industries and environments has allowed Wivenhoe Group to successfully provide Vulnerability Assessments that are
sound, responsible, effective and cost-effective.
|The Vulnerability Assessment for each client
will detail those Findings and Recommendations that are appropriate
for that particular client’s situation. They will be no
less and no more than is required to provide the level of security
to protect that particular facility or group of facilities.