ABSTRACT
The assessment of risk needs to be based upon several critical components of the people proposed security program. The first way be by conducting a review of assets so the people know what they need to protect, a threat assessment, a physical security assessment, and a vulnerability assessment. The risk-reduction process begins with their assessments of the people client's security profile for personnel security and physical security of locations. A really inept or lazy company just make minor changes to an old security assessment and then present it as their own. A threat assessment should be initially conducted to give people a starting point for designing their security plan for the client. Vulnerability is based on the people client's past and present actions and their actions when developing and running security. Tactics that the people decide to use affect the threat in several ways including how they plan and what tactics they need to change to penetrate their security bubble.
