Security Risk &
Threat Analysis
Priority scenarios, defensible risk positions, and design implications your team can act on — grounded in our proprietary databases and structured analytical methods.
What a decision-ready threat assessment delivers
The difference between a risk register that sits on a shelf and one that drives design decisions comes down to how it's built.
-
Priority scenarios, not generic threat lists
Credible attack scenarios developed from our proprietary terrorism database and structured analytical techniques. Each scenario is assessed for likelihood and consequence using HB167-aligned methods.
For exampleOn a mixed-use waterfront precinct in Sydney, we analysed 132 global vehicle-as-a-weapon incidents to calibrate the design basis threat vehicle to the actual attack profile — rather than defaulting to worst-case assumptions that would have driven disproportionate physical responses.
-
Quantified risk positions that prevent disproportionate expenditure
We use probabilistic methods and quantified risk analysis to test whether proposed security treatments are proportionate to the actual threat. When assumed threats don't withstand structured analysis, we build the evidence to challenge them — protecting clients from expenditure the risk evidence doesn't justify. Every assessment makes assumptions explicit. Where we have evidence, we cite it. Where we're applying professional judgement, we say so.
For exampleOn a suburban rail station upgrade, a full quantitative blast risk assessment using probabilistic methods and Value of Statistical Life analysis established that explosive attack was not a credible design basis threat — preventing the project from absorbing disproportionate blast engineering costs.
-
Design implications written for design teams
Risk outputs translated into spatial, operational, and engineering implications — setbacks, sightlines, access control zones, structural requirements. Every risk finding has a traceable path to a design decision.
For exampleOn a suburban rail station upgrade, we issued 107 individually tracked security requirements — each mapped to a security zone, assigned to a responsible discipline, and tracked with documented designer responses confirming compliance.
-
A threat basis that reflects the current environment
Assessment grounded in current threat intelligence, structured open-source analysis, and comprehensive demographic and crime data. We integrate crime statistics, ABS demographic profiles, and SEIFA indices alongside national threat advisories — building a threat context specific to your site, not a generic national picture.
For exampleOn a station serving a community with a complex socioeconomic profile, we drew on crime statistics, ABS demographic profiles, and SEIFA indices to contextualise the risk environment — identifying emerging trends that informed specific design attention even where the station's own incident history was low.
How we work
We begin with what you need to protect and why. Our analysts assess the threat environment, characterise vulnerabilities, and produce risk positions that inform design briefs, operational planning, and assurance. Every assessment is structured so assumptions are explicit, evidence is traceable, and professional judgement is clearly labelled. The output is a working instrument — not a static report filed away.
For: Project directors, risk owners, government security executives, and design teams who need a threat-informed basis for security investment and design decisions.
See this in practice
Need a threat-informed risk position for your project?
We scope assessments to match your project stage, timeline, and governance requirements.