5003-Chapter 5 Threat Identification and Assessment
In order to identify and assess threats and implement risk-management strategies to counteract them, it is necessary to have a clear picture of prospective adversaries. Carl A. Roper's focus is on U.S. government assets and the security responses that are appropriate to protecting them, but the implication is that similar methods of identification, assessment, and mitigation can be extrapolated to the benefit of organizations of all sizes and levels of complexity.
Roper begins by explaining that identification and assessment of threats may pose a challenge. That is because of the potential adversary's nature. Risk managers are obliged to speculate the capabilities and intentions of adversaries based on partial information. That being so, it is important to identify categories of threat. Roper says there are eight kinds: foreign intelligence, terrorist, inside-job, outside criminal, environmental, foreign military, political, and "other" threat categories. Not all kinds of adversaries will be relevant to all kinds of organizations; however, it is important to recognize the ones that do relate to the organization--or to a specific subset of the organization, such as a particular project or facility or person.
Within these categories, further general distinctions can be made about motivations and intentions. For example, a terrorist may well be motivated by a "cause," but terrorists may also be motivated by the attractions of public notoriety to be gained from an attack. A criminal's motivation is greed. Yet there are areas of overlap and convergence where threat motivations are concerned. For example, a foreign agent may be motivated by both a cause and by greed, or by the exigencies of a foreign government's objectives (Roper, 1999, pp. 44-45). It is highly likely that such an agent would be a foreign national.
Once threat categories are identified, then specific adversarie...