Risk, Threat, and Vulnerability
Before any security detail can be put in place, you first need to determine the risks and threats that are present in your area of responsibility and the vulnerabilities they are open to. So, to start, it is very important to know the difference between risk, a threat, and vulnerability. I do however have to start by saying, this is just my explanation of how I see and measure Risk, Threat, and Vulnerability. You will indefinitely meet more people with more elaborate definitions or even some who sound quite the opposite of what I am going to attempt to explain in this post. So keep an open mind and try to KISS it. (Keep It Simple Stupid).
Risk: Risk is the potential for an unwanted result. For example a financial loss, loss of life, emotional trauma, or disruption of activities.
Threat: A threat is that occurrence or event that leads to, or causes the unwanted result (Risk). For example damage to infrastructure or property, murder, traumatic event, or sabotage. These events can happen by nature, the lack of maintenance, wear and tear, or it can, of course, be inflicted/implemented by a person.
Vulnerability: A vulnerability is a specific flaw or weakness in a system or a design in general. Such as someone with an allergy, it is not necessarily a risk on its own, as long as it is avoided. It can, however, be exploited by a potential attacker and used as a method of attack.
A quick example:
You have a nut allergy (Vulnerability). A long-standing business partner wants to eliminate you by exploiting your allergy (Threat). If he is successful in his covert operation, you will most likely lose your life (Risk). So, for you to survive, you will have to devise a plan to test your food and drinks, or even anything that may enter your bloodstream. A habit of chewing your pen (Vulnerability) may even be used, by applying some peanut oil on the pen.
So you can also see that some vulnerabilities can be used in conjunction with another, to achieve a less suspicious attack. One can get quite creative once you learn to exploit vulnerabilities and determine the risk it carries.
A proper risk assessment can tell a very definitive story. Once you make the connections, you will know where to focus your attention and do what is necessary to avoid the risk. Some risks will require more attention than others, depending on your mission results.
Perhaps you are not a security operative or into Risk-Management, and you wonder how this methodology can help you in normal life?
Picture yourself driving down the street on your way home. Looking around, you notice a bunch of everyday things, like people walking on the sidewalk, some garbage bags alongside a bin or two, a few potholes in the road and here and there a tree leaning over to the side.
What can this simple picture tell you? What if someone slips and falls off the sidewalk right in front of your car? What if he is drunk and deliberately walks in front of the car to draw your attention? Did you compensate for that? What if one of the garbage bags is half-way on the road, forcing you to swerve into oncoming traffic? Same with the pothole, or it can also cause a tire to blow and force your vehicle to collide into oncoming traffic? And what if that tree starts to fall right as you attempt to drive past it?
It's a simple equation, anything that can cause a negative outcome (Threat) when coupled with asking "what if", can lead to a Risk. Some more severe than others. So it's evident that a risk is something that could happen, and a threat is a likelihood with which that same thing can happen.
If you would like to read more advanced terminology and explanations, I suggest you visit: https://protectioncircle.org/2017/01/27/threats-and-risks/