With the rapid political, social, economic, and technical changes that are taking place the task of protection has become increasingly complex. At the same time, resources for security have become more constrained. Professional Protection Incorporated security professionals provide a systematic approach to acquiring and analyzing the information necessary to support decision makers in protecting their assets and the allocation of available, required security resources. Our approach is designed as a tool to help our clients in the everyday performance of their jobs that support the planning, implementation, and evaluation of risk-based security strategies.

By definition, Risk Management is, "the process of selecting and implementing countermeasures to achieve an acceptable level of risk at an acceptable cost." A PPI security professional tailors and applies The Risk Management Analysis to any analysis task. Our documented focused approach provides a spotlight mainly on the facility or site protection view.

The activities contained in the documentation we provide should be conducted on an ongoing basis. Risk Management is a dynamic process requiring monitoring of the changes to asset value, threat, and vulnerability. Where significant risks have been accepted, contingency planning must be included as part of the process.

Professional Protection’s methodology uses a systematic approach that provides structure, an audit trail, and objectivity in each step of the process. These steps are broken down into sub-steps. Risk Management Analysis is not an exact science. It is critical that the client maintain accurate records that track opinions and judgments of experts in each phase. This information can then be provided to senior executives as a baseline for follow-on or future analysis.

In the conduct of these complex assessments, the effective application of this process integrates the skills, knowledge, and abilities along with personal experience of a variety of specialists. This includes the client and the security analysts. Knowing when and how to solicit information and advice from other professionals is critical. Our team approach helps ensure that the client receives credible, viable, and defensible recommendations that are based on objectively collected data, rather than on memory or judgment of a single expert.

Risk Management includes cost as a major variable in the decision process. Identifying and prioritizing requirements is especially important when resources are limited and can only be allocated to what is determined to be the most critical needs. The goal of the analysis Professional Protection Incorporated provides its clients is not to achieve the maximum feasible security, but to achieve maximum efficiency in the allocation of limited resources.

Our documented analysis is an iterative versus sequential process. Each of the five Risk Management Analysis Steps we employ may yield new information that affects the information developed earlier. The data gathered is documented and maintained for further analysis. It is also presented to the client to substantiate recommended decisions proposed and alternatives.

These five Risk Management Analysis Steps include:

STEP 1. Identify Assets and Loss Impacts
1.1 Determine Critical Assets Requiring Protection
1.2 Identify Undesirable Events and Expected Impacts
1.3 Value/Prioritize Assets Based on Consequence of Loss

STEP 2. Identify and Characterize the Threat to Specific Assets
2.1 Identify Threat Categories and Potential Adversaries
2.2 Assess Intent and Motivation of the Adversary
2.3 Determine the Capability of the Adversary
2.4 Determine the Frequency of Threat-Related Incidents Based on Historical Data
2.5 Estimate the Degree of Threat Relative to Each Critical Asset and Undesirable Event

STEP 3. Identify Characterize Vulnerabilities to Specific Threats
3.1 Identify Potential Vulnerabilities Related to Specific Assets and Undesirable Events
3.2 Identify Effectiveness of Existing Countermeasures
3.3 Determine Vulnerability Level

STEP 4. Assess Risk and Determine Priorities for Asset Protection
4.1 Estimate the Degree of Impact Relative to Each Critical Asset
4.2 Estimate the Likelihood of attack by Potential Threat or Adversary
4.3 Estimate the Likelihood that a Specific Vulnerability will be Exploited
4.4 Determine the Relative Degree of Risk
4.5 Identify Unacceptable Risks and Determine Risk Mitigation Priorities

STEP 5. Identify Countermeasures, Costs, and Tradeoffs
5.1 Identify Potential Countermeasures to Reduce Vulnerabilities
5.2 Identify the Benefit of each Countermeasure
5.3 Identify the Cost of each countermeasure
5.4 Analyze the Cost Versus the Benefit of Each Option
5.5 Prioritize Countermeasures Options that Address Risk


Our process begins with an assessment of the value of assets, the degree of specific threats, and the extent of vulnerabilities. These factors determine client risk. Decisions are then made for what level of risk can be accepted and which countermeasures should be applied. This decision involves a cost-benefits analysis that provides the ability to weigh out variable security risk levels as they apply to the cost of specific countermeasures.

Home Page     Company Profile     Certifications     Associations     Security Services     Specialized Services     Training     Contact Us     

Copyright © Professional Protection Incorporated. All rights reserved. Website by Garis Graphics