Vulnerability Assessment & Mitigation

By Aparna Gudad

Vulnerability Assessment & Mitigation: Why is it vital for organisational security?

All organisations are exposed to certain risk factors. These risks can occur due to accidents, natural disasters or can be intentional in nature. Irrespective of the type and extent of the risk, the organisations have a corporate responsibility to counter these threats and adapt adequate measures to protect their people and property. 

Vulnerability assessment is a vital parameter undertaken during the overall risk assessment process of any organisation. This process involves a thorough inspection of the infrastructure and geographic location of the concerned facility, in order to ascertain the vulnerabilities against perceived natural or man-made threats.  

The vulnerability assessment involves an in-depth analysis wherein an organization is scrutinized to identify susceptible areas that are prone to risks. This assessment process is subsequently followed by a risk analysis exercise. The risk analysis exercise is undertaken to understand the revelations made by the vulnerability assessment report and highlight the major risk factors that threaten the concerned organization. It further narrows down the threat perceptions to the exact time and place of possible occurrence.

A detailed risk analysis report emphasizes the magnitude of risk involved in terms of impact on human capital as well as the financial implications. The consequences also delve into business continuity. So, the determination of the risk factors impeding the operations of the organization begins with the vulnerability assessment process. The risk analysis deliberates the likelihood of occurrence of the threats and determines its economic, political and social consequences.

The vulnerability assessment process broadly entails:

  • Ascertaining the organization's mission and its supporting systems and functions.
  • Identifying vulnerabilities of critical infrastructure.
  • Overall understanding of system designs in order to ensure operational continuity during emergency situations.
  • Identification of system failures and its cascading effect on business operations.
  • Recommendations that facilitate a safer work environment by mitigating possible threats.

Threats/ hazards can be classified as:

Threats/ hazards

Typical elements


Internal factors


Fire, smoke, contamination, structural failure

Criminal activity

Arson, personal attack, vandalism

Sabotage/ espionage

Tampering, arson, letter/satchel bombs, data manipulation, theft, malicious insider


External factors


Vehicle bombs, RPGs (Rocket-propelled grenade), IEDs (Improvised explosive device), hostage situations, extortion

Information warfare

Viruses, malware, ransom ware, data alteration

Civil unrest

Rioting, looting, vandalism, arson

Natural disasters/ accidents

Floods, earthquakes, storms, hurricanes, dam bursts, air crashes

Weapons of mass destruction

Nuclear, chemical, radiological, biological


Vulnerability Mitigation:
The basic approach to vulnerability mitigation involves equipment upgrades and procedural improvements. Procedural improvements are easier to implement and are proven to be economically viable. These improvements can effectively mitigate several risk factors. Vulnerability mitigation involves systematic assessment and maintenance of existing security systems. To implement optimum safety standards, it is essential to securitize the perimeter of the facility and then strengthen the inner infrastructure. It is important to determine the security parameters of the region to combat and overcome area specific threats.

About the Author

Aparna Guddad is a Senior Analyst in the Information Services team at MitKat Advisory. She has over nine years of experience in research and writing. 

Disclaimer: Any views or opinions represented in this blog are of the author and do not represent those of MitKat. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.

Published On - Oct 26,2017


©2017 MitKat Advisory Services Pvt Ltd. All right Reserved

Made With Passion:crisis management

Join the Conversation