Security Risk Analysis

Security risk analysis, also referred to as VTS (value-threat-vulnerability) analysis, is an important part of enterprise risk management and a recognized method for identifying and assessing risks associated with intentional actions against an object of analysis. This process follows the methodology steps in both Norwegian Standard 5814:2022, ISO 27000, ISO 31000 and Norwegian Standard 5032:2014, all of which provide detailed guidelines for assessing such risks. We help you navigate the complexities of security risk analysis and planning, and ensure compliance with relevant regulations and standards.

We help you carry out security risk analyses, plan and carry out exercises, and other processes related to societal security and emergency preparedness. This includes identifying possible threats, vulnerabilities and risks, and determining which security measures should be implemented to protect the organization’s assets against intentional and malicious actions.

We know the subject to the fingertips and have extensive experience, both as RSO (Recognized Security Organization) in accordance with regulations and regulations from the Norwegian Coastal Administration, but also as an auditor for Offshore Qualific on bases and suppliers’ security risk analyses and security plans.

We help you navigate the complexities of security risk analysis and planning, and ensure compliance with relevant regulations and standards.

About the process

Security risk analysis is a systematic process for identifying and managing risks associated with intentional and malicious actions. The process starts by describing the object of analysis, which can be a building, a system, a process, or anything else of value. Next, the values of the object of analysis are identified and described, which may be human lives, material assets, information, reputation, or other things that are important to the business.

The next step is to identify and describe threats that may pose a risk to the object of analysis and its assets. This can be anything from criminal actors to internal threats. This is followed by identifying and describing the vulnerabilities in the business that can be exploited by threat actors.

After these elements have been identified, a risk analysis is performed to assess the likelihood of an undesirable event occurring and the consequences if it does. Based on this analysis, relevant measures to reduce the risk are assessed. These measures can range from physical security measures to procedures and training. The aim is to reduce the risk to an acceptable level while maintaining the operational efficiency and cost-effectiveness of the business.

This process provides a comprehensive approach to security risk analysis, helping organizations understand which assets need to be effectively protected.

Security plan

The basis for a hedging plan is made through, among other things, a hedging risk analysis. A security plan is a strategic document that describes how an organization will protect its assets. Some of the key elements of a security plan include:

  1. Responsibility and roles: The security plan should clearly define who is responsible for the implementation and maintenance of the various security measures.
  2. Security measures and security levels: Based on the results of the assurance risk analysis, the assurance plan will identify the most effective and cost-efficient measures to mitigate the risk. This can include physical security measures, technological solutions, procedures and training. The plan must describe the company’s basic level of security with measures, as well as measures in the event of an increase in the level of security, as well as compensatory security measures.
  3. Maintenance and training: The security plan should also describe how technological measures are maintained, and operational and organizational measures are practiced and trained.
  4. Review and update: Finally, the security plan should be regularly reviewed and updated to ensure that it remains relevant and effective in the face of changing threats.

Contact us for a chat.


(+47) 913 57 771