Case Study: Incident Analysis and Threat Profiling
Situation A large web services provider hired a new Director of
Security who wanted to understand what sort of security incidents the
Company had been facing. The company had grown rapidly in recent years,
and was struggling with maintaining an open and
collegial campus atmosphere while simultaneously ensuring the safety of
its people, technology and customer data. Very little analysis of
security events had been undertaken and consequently, not
much was known about the company’s specific threat profile
and environment.
Approach Bellwether
gathered together all available incident reports from US and
international locations. Because the reports had not been formally
organized and categorized by the client, it was necessary to develop an
incident categorization and classification scheme to enable meaningful
analysis. Concurrently, Bellwether undertook interviews of key security
staff members and internal customers in an effort to determine the
threats facing the company based on the perceptions of individuals
familiar with security issues and operational concerns. Secondary
research was undertaken with respect to geographical, political climate
and environmental hazards. Analysis & Results Using
both client data and secondary research data, Bellwether undertook an
integrated incident analysis that was used to develop a preliminary
threat profile which highlighted areas of concern and gaps across the
company’s US and international locations. This preliminary
threat profile indicated an unhealthy clustering of company assets
relative to potential natural hazards and political hotspots. This
spoke loudly to the need to review and enhance the company’s
business resiliency strategy and plans and to manage its geographic
footprint from a security viewpoint. Benefits to Client As a
result of the incident analysis and resultant threat profiling, the
client was able to identify several opportunities to reallocate
existing resources to higher risk areas within the company and
successfully make the case for additional investment in mitigative
capability. Threats facing our client were largely concentrated in two
areas which made it easier to focus on mitigation techniques to counter
the threat concentrations representing >80% of the overall risk.
Additionally, the need for business continuity planning at the facility
and operational levels became increasingly apparent with the resulting
commitment to develop comprehensive and integrated contingency plans. |
Case Studies
- Cost-Benefit Analysis
- Governance Model
- Security Integration
- US Site Security
- Physical Security Benchmarking
- Security Vision and Strategy
- High-Profile Landmark Building
- Risk Based Resource Allocation
- Threat Analysis
- Disaster & Terrorism Preparedness
- Pandemic Preparedness