----------------------------- Get new 
Threat and Vulnerability Assessment (TVA)
SAM conducts TVAs using a three-pronged approach that identifies and assesses specific threats while analyzing client vulnerabilities to those threats.
Our TVA consists of the following components:
- Threat Identification and Evaluation
- Client Vulnerability Identification
- Vulnerability Assessment and Risk Analysis
Threat Identification and Evaluation
The identification and evaluation of threats is often conducted within the context of 'security risk' as it pertains and relates to our clients needs and protocols. As a result, SAM identifies and evaluates the following potential threats:
- Adversaries (competitor, criminal and terrorist)
- Adversary capabilities and attack methodologies in conjunction with their aims and ideological underpinnings
- Environmental context (i.e. potential catalysts that could change the 'normal' behavior of a specific adversary)
- Potential attack types and probability of such attacks against client infrastructure
- Threat trajectory of adversary activities, including an assessment of evolving targeting practices
- Key client vulnerabilities as determined by adversary characteristics and activities
Client Vulnerability Identification
This involves a comprehensive review of a client's potential vulnerability to threats that have been identified within the Threat Identification and Evaluation section of the TVA. Vulnerability is determined by considering client objectives, operations, exposure to external factors, and existing mitigation strategies and policies.
Vulnerability Assessment and Risk Analysis
The final procedure of SAM's TVA is to provide our clients with an assessment of identified client vulnerabilities measured against the potential and probable threats that they may face. This assessment of client vulnerability is matched with an analysis of the level of risk that our client may face in a specific environment and under a specific set of circumstances.
This stage of the TVA will provide clients with the following detailed information:
- Identification of the probability of threat occurring
- Evaluation of the severity of risk based on threat and applied against mitigation measures that our client already has in place
- Identification of the interdependencies among risks
- Outline of the potential consequences our client may face from the identified risks
- Assessment of the vulnerability of a client's critical assets, equipment, systems and processes to the identified risks
- Mitigation, response and planning recommendations