Case Study:  Incident Analysis and Threat Profiling

Threat Profile


A large web services provider hired a new Director of Security who wanted to understand what sort of security incidents the Company had been facing. The company had grown rapidly in recent years, and was struggling with maintaining an open and collegial campus atmosphere while simultaneously ensuring the safety of its people, technology and customer data. Very little analysis of security events had been undertaken and consequently, not much was known about the company’s specific threat profile and environment.  


Bellwether gathered together all available incident reports from US and international locations. Because the reports had not been formally organized and categorized by the client, it was necessary to develop an incident categorization and classification scheme to enable meaningful analysis. Concurrently, Bellwether undertook interviews of key security staff members and internal customers in an effort to determine the threats facing the company based on the perceptions of individuals familiar with security issues and operational concerns. Secondary research was undertaken with respect to geographical, political climate and environmental hazards.

Analysis & Results

Using both client data and secondary research data, Bellwether undertook an integrated incident analysis that was used to develop a preliminary threat profile which highlighted areas of concern and gaps across the company’s US and international locations. This preliminary threat profile indicated an unhealthy clustering of company assets relative to potential natural hazards and political hotspots. This spoke loudly to the need to review and enhance the company’s business resiliency strategy and plans and to manage its geographic footprint from a security viewpoint.

Benefits to Client

As a result of the incident analysis and resultant threat profiling, the client was able to identify several opportunities to reallocate existing resources to higher risk areas within the company and successfully make the case for additional investment in mitigative capability. Threats facing our client were largely concentrated in two areas which made it easier to focus on mitigation techniques to counter the threat concentrations representing >80% of the overall risk. Additionally, the need for business continuity planning at the facility and operational levels became increasingly apparent with the resulting commitment to develop comprehensive and integrated contingency plans.