Sign up to save your podcasts
Or
Share Managing Uncertainty – Episode #42: Threat Severity Levels
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Managing Uncertainty – Episode #42: Threat Severity Levels
What factors would make a threat “high risk” versus “medium” or “low risk”?
What are some good examples of low, medium, and high-risk threats?
In this episode of the Managing Uncertainty podcast, Bryghtpath Principal & CEO Bryan Strawser addresses these questions as he shared a model set of threat severity levels and examples that can be used by any organization.
Episode Transcript
Hey, folks. Bryan Strawser, principal and CEO at Bryghtpath, here, and welcome back to the Managing Uncertainty Podcast. This week, I wanna continue our discussion on workplace balance and threat management programs by talking about how to categorize a threat in terms of severity. We like to keep our threat severity discussions relatively simple and think about organizing threats as either low, medium or high. A low-risk threat would be a threat that is a general security incident with nonspecific threats. In these cases, this might require … it might involve general security support in a situation, it might involve a simple employment dispute, and involve, primarily, indirect threats.
So, if we think back to last week’s episode where we were talking about the threat incident risk factors and how to evaluate those risks against those risk factors, evaluate the threat rather, against the risk factors, that’s really what we’re doing here. We’re looking at this low-risk threat, we’re looking at those threat incident risk factors and we look at it and say, “Well, there’s not many of these risk factors present.”
So, a good example of a low-risk threat would be when your company’s call center receives an anonymous call that’s a nonspecific threat to blow up your headquarter’s location. It’s literally someone calls and says, “I’m unhappy about this refund that I didn’t get, and so I’m gonna blow up your headquarters in Minneapolis,” and then hangs up. That’s not a very specific threat. There’s nothing specific there, there’s not a lot of directness, there’s not a lot of detail, there’s nothing actionable, there’s no outlining of a plan. It’s just somebody who’s mad and they’re blowing off steam. Should you still communicate this, should you still evaluate it, should you still think about, “Are there preventative measures?” Sure. But again, this is a low-risk situation.
Next, we think about how we categorize a medium-risk threat. Factors here could be multiple, repeated threats about the same situation or from the same individual, repeated angry outbursts, a repeated pattern of harassment or violent behavior, it could be a subject with multiple risk factors present, the risk factors that we talked about in last week’s episode, or it could be a strong suicide threat where those threat factors, threat risk incident … threat risk factors we spoke about last week for suicide are present in this individual, and so you’ve chosen to classify this as a medium-risk threat.
An example would be a current employee at your company who’s made a public threat of suicide. They have had recent performance issues and problems and a recent uptick in grievances towards their supervisor. So, this is a medium-risk situation. This is one that probably requires a threat action plan. You may need to take some specific safety and security measures in response to this. Definitely worth active intervention and determining the right threat strategy, threat management strategy to put into place.
And then, finally, we have high-risk threats. This would be where you have a specific, direct, and actionable threat made or perhaps threats made against multiple victims. It could be a subject with multiple confirmed risk ...
View all episodes
By Bryghtpath LLC
5
99 ratings
What factors would make a threat “high risk” versus “medium” or “low risk”?
What are some good examples of low, medium, and high-risk threats?
In this episode of the Managing Uncertainty podcast, Bryghtpath Principal & CEO Bryan Strawser addresses these questions as he shared a model set of threat severity levels and examples that can be used by any organization.
Episode Transcript
Hey, folks. Bryan Strawser, principal and CEO at Bryghtpath, here, and welcome back to the Managing Uncertainty Podcast. This week, I wanna continue our discussion on workplace balance and threat management programs by talking about how to categorize a threat in terms of severity. We like to keep our threat severity discussions relatively simple and think about organizing threats as either low, medium or high. A low-risk threat would be a threat that is a general security incident with nonspecific threats. In these cases, this might require … it might involve general security support in a situation, it might involve a simple employment dispute, and involve, primarily, indirect threats.
So, if we think back to last week’s episode where we were talking about the threat incident risk factors and how to evaluate those risks against those risk factors, evaluate the threat rather, against the risk factors, that’s really what we’re doing here. We’re looking at this low-risk threat, we’re looking at those threat incident risk factors and we look at it and say, “Well, there’s not many of these risk factors present.”
So, a good example of a low-risk threat would be when your company’s call center receives an anonymous call that’s a nonspecific threat to blow up your headquarter’s location. It’s literally someone calls and says, “I’m unhappy about this refund that I didn’t get, and so I’m gonna blow up your headquarters in Minneapolis,” and then hangs up. That’s not a very specific threat. There’s nothing specific there, there’s not a lot of directness, there’s not a lot of detail, there’s nothing actionable, there’s no outlining of a plan. It’s just somebody who’s mad and they’re blowing off steam. Should you still communicate this, should you still evaluate it, should you still think about, “Are there preventative measures?” Sure. But again, this is a low-risk situation.
Next, we think about how we categorize a medium-risk threat. Factors here could be multiple, repeated threats about the same situation or from the same individual, repeated angry outbursts, a repeated pattern of harassment or violent behavior, it could be a subject with multiple risk factors present, the risk factors that we talked about in last week’s episode, or it could be a strong suicide threat where those threat factors, threat risk incident … threat risk factors we spoke about last week for suicide are present in this individual, and so you’ve chosen to classify this as a medium-risk threat.
An example would be a current employee at your company who’s made a public threat of suicide. They have had recent performance issues and problems and a recent uptick in grievances towards their supervisor. So, this is a medium-risk situation. This is one that probably requires a threat action plan. You may need to take some specific safety and security measures in response to this. Definitely worth active intervention and determining the right threat strategy, threat management strategy to put into place.
And then, finally, we have high-risk threats. This would be where you have a specific, direct, and actionable threat made or perhaps threats made against multiple victims. It could be a subject with multiple confirmed risk ...