A vulnerability analysis is a systematic review of security weaknesses in an organization’s physical and electronic security posture. Protective Resources conducts thorough assessments to identify potential threats and recommends appropriate countermeasures — delivered as an independent, objective work product with no products to sell and no installation contract to win.
Our Assessment Methodology
Every assessment begins by understanding what you are protecting and from whom. We combine document review, stakeholder interviews, site surveys (including after-hours and adversarial-perspective walk-throughs), and systems testing to build a complete picture of your security posture:
- Threat characterization — identifying the adversaries and events relevant to your facility, from opportunistic crime to insider threat and targeted attack
- Asset identification — people, property, information, and operations, ranked by criticality
- Physical survey — perimeter protection, access control, video surveillance coverage, intrusion detection, security lighting, and CPTED (Crime Prevention Through Environmental Design) factors
- Electronic systems review — system health, coverage gaps, configuration weaknesses, and end-of-life exposure in existing platforms
- Policy and procedure review — post orders, visitor management, key control, alarm response, and employee security awareness
What You Receive
The result is a detailed written report with findings ranked by risk and prioritized, budget-conscious recommendations — distinguishing what must be fixed now from what can be planned into future budget cycles. Each recommendation is actionable: specific enough to hand to a designer or integrator, and documented well enough to support funding requests to leadership.
Regulatory and Industry Contexts
Our assessments support compliance-driven requirements including NERC CIP-014 evaluations for utilities, MTSA Facility Security Assessments for waterfront facilities, DEA diversion risk assessments, and bank security program reviews. Assessments are also frequently commissioned by counsel following an incident, where our expert witness experience ensures the work product withstands legal scrutiny.
Executive Protection — Independent Security Studies Under 26 U.S. Code § 132
When a corporation provides security to an executive — a residential security system, secure transportation, or personal protection — the cost of that security is ordinarily treated as taxable compensation to the executive. Under 26 U.S. Code § 132 and Treasury Regulation § 1.132-5(m), however, employer-provided security may qualify as a non-taxable working condition fringe benefit when a bona fide business-oriented security concern exists and the protection is provided under an overall security program.
For most organizations, maintaining 24-hour protection is impractical. The regulations provide an alternative: an independent security study performed by an independent security consultant. When the study is based on an objective assessment of the facts, recommends specific security measures, and the employer implements the applicable recommendations on a consistent basis, security provided in accordance with the study — including security at the executive’s residence — may satisfy the overall security program requirement.
Protective Resources performs independent security studies structured to support this classification:
- Threat assessment — documenting the specific facts that establish a bona fide business-oriented security concern, such as threats, incidents, kidnapping or terrorism exposure, or the executive’s public profile
- Residential security evaluation — assessment of the executive’s residence(s), with specific recommendations for alarm systems, video surveillance, access control, lighting, and safe rooms
- Transportation and travel security — vehicle, driver, and travel protocol recommendations, including use of employer-provided or chartered aircraft where warranted
- Workplace protection measures — office access restrictions, mail screening, and protective staffing appropriate to the assessed threat
- Periodic reassessment — updates that keep the study current as threats, roles, and residences change
Because we are fully independent — with no affiliation to any integrator, product manufacturer, or protective services provider — our studies meet the regulation’s independence expectation and provide your tax advisors with an objective, defensible foundation. Protective Resources does not provide tax or legal advice; the tax treatment of any security program should be determined by your tax counsel, with our study serving as the supporting security documentation.