Threat, Risk & Vulnerability Assessments

Proactive Security in a Changing Threat Environment
Threat, Risk & Vulnerability Assessments

In an evolving business environment, with work tied less than ever to traditional physical spaces, new threats and risks are appearing every day. As organizations move quickly to adapt to more dispersed ways of working, a mindset of operations first/security later can unfortunately lead to new vulnerabilities being exposed. The workspace we must protect is no longer just the building we go to work in. Security and systems testing must evolve to account for remote and online work, and the increased intermingling of personal and business information.
A rigorous and detailed Threat and Risk Assessment (TRA) is an effective first line of defence against both new and longstanding challenges. Applied to either physical or information security, or both, a TRA identifies unacceptable security risks to an organization by considering the value of assets, threats to the organization, the effectiveness of existing and planned safeguards, and the broader vulnerabilities and risks in a real-world context.

What is Risk?

Risk arises when there is a probability that a threat agent can exploit a vulnerability to compromise an asset. If any of the components on the risk spectrum increase in value, they are more likely to draw the attention of bad actors, thereby exposing the organization to higher levels of risk. Risk is about probability. Many types of attack may be possible, but that does not mean they are probable. Our goal with a TRA is to identify the risks that are most likely to occur and the damage that may result if they do. These are situated on a heat map along with recommended changes and safeguards to reduce unacceptable risks to acceptable levels, which can be prioritized based on budget and impact.

Where we look for threat and risk

Threat and Risk Assessments are guided by industry standards, regulatory compliance requirements, and best practices. Our approach combines physical and information risk assessment under a single, consistent methodology. Our real-world use of standard methodology is granular but scalable, allowing us to uncover and assess risk in all of the ways in which work is done in an organization.

Intangible Assets


  • Morale
  • Ethics
  • Productivity
  • Loyalty


  • Public confidence
  • Public trust
  • Reputation
  • Competitive Advantage
  • Product Identity
  • Organizational Credibility
People and Services


  • Employees
  • Contractors
  • Subcontractors
  • Clients

Third Party/Vendor

  • Product Vendors
  • Service Providers
  • Regulators
  • Public
Tangible Assets


  • Intellectual property (IP)
  • Reference information (for example, an on-site library)
  • Administrative information
  • Security files
  • Information shared with third party organizations
  • Sensitive information subject to regulatory control
  • Network traffic


  • Commercial Off-the-Shelf
  • Custom
  • Embedded (for special purpose devices and equipment)


  • Corporate network workstations
  • Corporate network servers and network equipment
  • IGCSI hardware
  • Public display screens
  • Telephone system
  • Security systems
  • Custom and special purpose hardware


  • Buildings
  • Security Devices
  • HVAC systems
  • Plumbing
  • Electrical
  • Furnishings
  • Office Equipment
What Can I Do When I Know 
My Threats?

Though ADGA operates and reports its TRAs based on industry accepted standards, we pride ourselves on delivering more than cookie-cutter results. With a level of customization and client focus rare for the sector, we provide clear and detailed itemized observations, as well as recommendations on mitigation strategies in response to everything we uncover. We understand the industry-specific impacts of particular vulnerabilities, and our mission is to help you not just understand the risks we identify, but the real world consequences as they apply to your business.

No items found.

Become a client

Reach out to discuss how we can help with your critical business challenges.

Get In Touch

Work with ADGA

With positions from coast to coast, find the perfect opportunity for you as part of our 600+ member team.

Design Your Career
ISO 9001:2015 – Quality Management Systems – certified
ISO 27001:2013 – Information Security Management – certified