5 Threat And Risk Assessment Approaches for Security Professionals in 2025
For security professionals, accurately identifying and responding to threats is critical to ensuring safety and protection. Whether it involves reacting to immediate security breaches or strengthening long-term preventive measures, threat and risk assessment serve as vital strategies to mitigate vulnerabilities and reduce security risks.
But the definition of threat assessment varies widely across fields. Security professionals, police, military personnel, psychologists, and school counselors all conduct tasks they describe as threat assessment. While all these tasks are predictive in nature, the methods and objectives differ.
For example, a psychologist might conduct violence risk assessments to assess whether someone poses a general danger to the public, while law enforcement may assess if someone is planning on conducting a targeted attack.
Before we dig into threat assessment, a bit of background on this article. This post was first published in late 2019. Since publication, it has been the most popular page on our website. In 2024, 16,723 visitors from all over the world had read this post. For a small company like us, this is awesome. We are helping security professionals everywhere identify techniques that can help them secure lives and property.
I hope that you find this resource useful too. Don’t hesitate to reach out if we can help you or your organization.
Threat Assessment Approaches
Take a moment to think about what threat and risk assessment means to you or what problem you are hoping that threat assessment will help you solve.
Before diving into threat assessment, it’s important to clarify the specific problem you aim to address.
Are you looking to:
Plan for and protect facilities, soft targets, and critical infrastructure against terrorist attacks, insider threats, or natural disasters?
Equip your personnel to identify behavior-based threats and respond to individuals who pose immediate danger, such as active shooters?
Safeguard your computer networks, systems, and servers from attacks by malicious actors?
Identify, assess, and intervene with individuals who may commit targeted or instrumental violence, such as a mass shooting?
Evaluate a specific individual’s risk for violent behavior?
You can use this infographic to figure out which section will be most helpful to you:
1. The Security Threat and Risk Assessment
In the security and protection industry, threat assessment involves evaluating and analyzing potential risks that could compromise the safety of critical infrastructure and the people associated with a specific site or facility. It can also be a crucial tool for those seeking to protect soft targets from targeted violence.
This process focuses on identifying existing protective measures and vulnerabilities at facilities and implementing strategies to reduce those vulnerabilities and enhance safety. Assessments evaluate things like physical security, cybersecurity, and staffing protocols.
There are a broad range of threats that can affect a particular site or location, including:
External hazards: Natural disasters, fires, and other environmental risks;
Nonviolent and violent criminal threats: Theft, threats toward staff, active shooter incidents, or terrorist threats;
Potential accidents: Issues stemming from improper building maintenance or unsafe working conditions;
Cyber threats: Hacking, data breaches, ransomware, or other malicious activity targeting IT systems;
Operational disruptions: Threats that could impact telecommunications, transportation, or the delivery of essential services at the site
Security Threat Risk Assessment at a School
For a security risk assessment, let’s take the example of an elementary or high school. Potential threats to a school could include natural disasters, active shooter incidents, or accidents arising from improper safety precautions. Each of these threats requires a different response.
This security threat risk assessment includes not only identifying potential threats but also assessing the likelihood of their occurrence. Just because something can happen doesn’t mean it will.
The Vulnerability Assessment
Following the security risk threat assessment is the vulnerability assessment, which has two parts.
1. Identifying assets and people at risk: This involves determining the critical assets—such as buildings, equipment, and personnel—that may be impacted. This includes an estimation of financial impacts that would result if the location were attacked and unable to provide services.
2. Evaluating target attractiveness and defenses: For intentional attacks, this step assesses how attractive the target may be to potential attackers. It also examines the current level of defenses in place to mitigate targeted attacks.
In schools, common security gaps include challenges in securing entry and access points, insufficient security measures due to budget constraints (such as limited surveillance/camera systems or a lack of security personnel), and insufficient training or experience among school staff in handling security-related incidents.
Schools are often incorporating advanced technology into their security procedures. Learn more about the benefits and potential pitfalls of some of these security approaches in our recent blog posts:
-
If you are interested in learning more about security threat risk assessment, here are some great resources.
Learn about the federal guidelines for determining the security and resiliency of a facility, and use this corresponding infrastructure survey tool to apply it to your facility.
Plan ahead for potential emergencies by developing procedures for crisis communications, emergency response, and evacuation.
Learn about hazard prevention and response efforts specific to emergency services, law enforcement agencies, and other public safety services.
Access free tools specific to school risk assessment:
The Department of Education’s REMS Site Assess App, which is a mobile app that guides schools in conducting their own risk assessments
The web-basedK-12 School Security Assessment Tool (SSAT), which helps administrators evaluate their school’s existing security measures and identify areas for improvement.
2. Active Threat Assessment
For security professionals, threat assessment is also used to describe a process of observing, identifying, and reacting to potential imminent and immediate threats. These threats may target your personnel, the public, or both. At Second Sight, we use the term “active threat assessment” to describe our systematic process of identifying, evaluating, and responding to immediate threats in real time.
The Active Threat Assessment Methodology
Active threat assessment involves focused observation of individuals’ behaviors and actions. In this approach, an observer systematically scans their environment, identifies potentially suspicious individuals (persons of interest), and assesses any potential threats they may pose. Another way of describing active threat assessment is visual threat detection.
A person of interest (POI) is someone who displays some type of abnormal behavior, warranting closer observation. At this point, the observer can assess threat indicators, which are visual cues that might suggest threatening behavior or suspicious activity. For example, a POI might be trying to avoid notice, or they could show visible signs that they are carrying a weapon. If threat indicators are present, the POI may become a focus for potential interdiction.
These assessments, in combination, allow for the identification of active threats. If your personnel can identify these signs, they are better able to intervene and prevent a potential attack.
Potential Users of Active Threat Assessment
A wide spectrum of security professionals can use Second Sight's active threat assessment approach, including:
Executive and personal protection specialists;
Security personnel who provide foot and vehicle patrol at a range of facilities (churches, airports, schools, public events, gaming facilities, etc.);
Camera surveillance personnel; or
Security personnel who conduct access control or respond to incidents.
Second Sight offers active threat assessment training for security professionals. For more information, check out our free online course, Introduction to Active Threat Assessment. In this course, you will learn about the active threat assessment methodology and decide if our full-length programs are right for you and your personnel.
Classes are certified through ASIS International, and completion of this course provides 8.75 continuing professional education credits for security professionals.
Watch this short video to learn more about our Threat Awareness programs.
-
To learn more about active threat assessment, check out our companion posts:
“Active Threat Assessment: Identify Potential, Immediate, and Imminent Threats,” which describes our active threat assessment process in detail;
“Identifying Active Threats Through Behavioral Change,” which provides detail on identifying behavioral threat indicators;
“Threat Assessment and Active Shooter Prevention,” which applies active threat assessment to a potential active shooter scenario; and
“Identifying Concealed Weapons at Protests,” which applies active threat assessment in the context of mass gatherings, such as protests.
3. The Cybersecurity Threat and Risk Assessment
The same threat risk assessment process applies to cybersecurity, a critical component of overall risk management. A cybersecurity threat risk assessment focuses on protecting access to data and personal information, networks, software (e.g., internal communications or data management systems), as well as any hardware (e.g., employee mobile phones).
A cyberattack is any deliberate attempt to gain unauthorized access to a network, computer system, or device. Attackers typically aim to steal, modify, expose, or destroy data and other assets using a variety of techniques.
One increasingly common type of cyberattack is ransomware. Ransomware is a form of malware that is installed on a system without the user’s knowledge or permission, often via websites, emails, or file attachments. Once infected, the ransomware locks and encrypts the user’s data, files, and systems, rendering them inaccessible or unusable until a ransom is paid to the attacker.
Ransomware can have dire consequences. Once data is compromised there’s no guarantee the victim will get it back, even if they pay the ransom. Cybercriminals may still withhold or destroy the files.
In recent years, there has been a significant increase in the number of ransomware attacks, with several high-profile incidents occurring in hospitals, schools, and even government agencies. According to industry surveys conducted by Sophos in 2024, an estimated 67% of healthcare organizations, 80% of schools, and 69% of government agencies have experienced ransomware attacks. These incidents disrupt critical services, endanger lives, and cause devastating financial consequences.
-
To learn more about how to protect your organization against ransomware, check out the following resources:
NIST’s quick start guide to combating ransomware,
CISA’s best practices for protecting against and responding to ransomware attack, and
The U.S. Ransomware Task Force’s #StopRansomware Guide.
The Cyber Security Assessment
The basic steps of a cybersecurity threat risk assessment are:
Identify the potential systems that are at risk.
Identify specific threats for each system (e.g., unauthorized access, misuse of information, data leakage or exposure, service disruptions).
Evaluate inherent risks and determine what potential consequences could result if threats materialize.
Analyze existing controls and measures in place to prevent, detect, mitigate, or compensate for threats.
Determine how well current safeguards successfully reduce risk and mitigate threats.
Evaluate the probability of a threat occurring based on existing controls.
Combine impact and likelihood to determine overall risk level and calculate a “risk rating.”
After the assessment, you will have a clearer understanding of existing cybersecurity controls and remaining vulnerabilities. From there, you can implement additional security measures to mitigate potential risks.
-
For information on how to apply cybersecurity best practices, check out the following resources:
Guide to getting started with cybersecurity threat risk assessment.
Free modules from CISA to help you implement cybersecurity best practices in your organization.
Resources from CISA to help K-12 schools strengthen cybersecurity and protect against ransomware.
4. Threat Assessment for Instrumental Violence
Instrumental violence refers to acts or threats of targeted violence, such as a targeted attack or mass shooting. In a workplace setting, this could involve an employee who has made threats against colleagues or has been involved in recent altercations.
Threat assessment for instrumental violence is incident- and subject-specific, meaning it evaluates the likelihood that a particular individual will carry out a specific attack. This growing field is often referred to as Behavioral Threat Assessment and Management (BTAM) or Threat Assessment and Threat Management (TATM). For a general overview of this approach, check out the National Threat Evaluation and Reporting Program’s Behavioral Approach to Violence Prevention.
BTAM often occurs in team settings and can involve school administrators, community members, law enforcement, and mental health workers. Learn more about threat assessment teams’ baseline capabilities from recent research published by the National Counterterrorism Innovation, Technology, and Education Center (NCITE).
If you are looking to implement BTAM at your organization, the National Threat Evaluation and Reporting (NTER) Program offers courses for both trainers and trainees:
Behavioral Threat Assessment and Management (BTAM) Train-the-Trainer Program for public entities
The National Association of School Psychologists (NASP) outlines a broad framework for identifying and intervening with potentially violent individuals who exhibit risk factors for instrumental violence. In some instances, authorized personnel can use databases to access information about specific individuals to assess their risk factors.
A key authority in this area is the U.S. Secret Service National Threat Assessment Center (NTAC). In their 2023 report, Mass Attacks in Public Places, they found that many mass attackers share common characteristics, including personal grievances, history of criminal behavior, history of substance abuse or mental health symptoms, and other stressors such as financial instability. Additionally, many attackers exhibited concerning behaviors or made threatening statements before the attack. Being able to recognize these situational and behavioral indicators is essential for averting such attacks.
For more information, check out these resources from the RAND corporation:
Recognize potential warning signs of a mass attack; and
How to assess threat severity.
Threat Assessment in Schools
When it comes to preventing instrumental violence in schools, a nuanced approach is best. This process involves assessing students for multiple factors, including motives, communications, access to weapons, stressors, emotional problems, and developmental issues. For a deeper dive into this approach, check out our post on school behavioral threat assessment.
One alarming trend on the rise is the false reporting of attacks at schools and universities. These hoax calls are part of a coordinated “swatting” campaign that exploits the widespread fear of school shootings. Swatting involves making false reports of violent situations, such as a bomb threat or active shooter, to elicit a police response to a particular location, preferably by a SWAT team.
These incidents can be extremely dangerous, as they put the lives of individuals at risk and prompt law enforcement to respond aggressively, unaware that the situation is a hoax. The fear and trauma caused by the sudden, intense police response can have lasting psychological effects on those involved. Additionally, these incidents occupy emergency resources, potentially delaying response times for real emergencies. To learn more about identifying and responding to a potential swatting incident, see this guide from the state of Washington’s School Safety Center.
-
For more general information on instrumental violence in schools, check out the following resources:
Our companion posts, “Identifying Active Threats in Schools” and “School Behavioral Threat Assessment”
SchoolSafety.gov resources for preventing and mitigating targeted violence
The National Behavioral Intervention Team Association (NABITA)’s behavioral threat assessment tool
Questions to Guide Data Collection in a Threat Assessment Inquiry, courtesy of the U.S. Secret Service
University of Illinois Chicago (UIC) Violence Prevention Plan for universities
5. The Violence Threat Risk Assessment
Violence threat risk assessments are used to better understand an individual’s tendency toward violence and estimate their likelihood to engage in violent behavior in the future. These assessments help practitioners and intervention providers make informed decisions about risk mitigation, supervision, and treatment options for potentially dangerous individuals. This is often referred to simply as a “violence risk assessment” or just “risk assessment.”
The difference between this approach and the instrumental approach (e.g., BTAM) is that this approach evaluates an individual’s general tendency toward violence, and does not predict a specific attack on a specific target.
Typically, violence risk assessments are conducted by qualified clinical professionals. There are different types of violence threat risk assessments designed to predict different types of risks, ranging from domestic violence to terrorism. Some of these rely on the judgment of professionals, while others are actuarial-based.
A growing recommendation is the shift toward structured professional judgment (SPJ) approaches. The SPJ method involves a systematic evaluation of risk factors by professionals who apply their expertise and judgment to assess an individual's level of risk.
One benefit of the SPJ approach is that professionals examine a wide range of aggravating and mitigating factors and can offer more personalized assessments. However, some criticize the SPJ approach for being too subjective and inconsistent when making risk evaluations due to variations in professional judgment and individual biases.
Well-known SPJ approaches include:
In contrast, actuarial-based risk assessment instruments (RAIs) use statistical methods and a scoring system to predict future risk, rather than relying on input from professionals. These tools use predetermined risk indicators that are informed by historical data and criminological theory to generate a numercial score, which reflects an individual’s likelihood of committing a specific act in the future.
In contrast, RAIs are consistent in making predictions based on the same inputs, as they rely on predetermined formulae to assess risk. However, there are concerns about their potential to outperform human judgment, as RAIs don’t adapt well to uncommon circumstances, and they often include static factors (such as being a male) that cannot be changed. Relatedly, if historical data is biased, the algorithm might perpetuate biases.
Commonly used actuarial-based RAIs include:
Ultimately, selecting the “best” risk assessment tool for a situation depends on the nature of the risk being assessed (e.g., violent extremism, general violence), the characteristics of the population being assessed (e.g., age, gender), and the setting or context of the assessment (e.g., school, correctional facility).
For a comprehensive approach to risk management for public entities, check out the Public Risk Innovation, Solutions, and Management (PRISM) framework. This framework covers all aspects of risk identification, assessment, and management, and includes various resources to assist organizations in various types of risks.
-
For more information on violence threat risk assessment, check out the following resources:
Open-access digital book Violent Extremism: A Handbook of Risk Assessment and Management by Caroline Logan, Randy Borum, and Paul Gill, published in 2023
The American Psychological Association (APA)’s Guidelines for Psychological Evaluation and Assessment
The Peace Officer Psychological Screening Manual, courtesy of California’s Commission on Peace Officer Standards and Training (POST)
The Department of Defense’s report on predicting violent behavior
Database of risk assessment tools, courtesy of the Berkman Klein Center
What’s Next?
All of these approaches to risk assessment are essential for protecting our community and ensuring different aspects of public safety. Depending on your specific needs, any of these approaches to threat and security assessment may be relevant to you or your personnel.
As a next step, consider exploring some of the resources provided in this post, or enroll in our online training programs in visual threat detection such as, Threat Awareness for Security Professionals.
-
Arnold Ventures. (2017). “Public Safety Assessment: A Risk Tool That Promotes Safety, Equity, and Justice.” Accessed January 2025 from https://www.arnoldventures.org/stories/public-safety-assessment-risk-tool-promotes-safety-equity-justice/
Brayne, S., & Christin, A. (2020). Technologies of crime prediction: The reception of algorithms in policing and criminal courts. Social Problems, 68(3), 608-624. Accessed January 2025 from http://www.angelechristin.com/wp-content/uploads/2020/03/Technologies-of-Crime-Prediction_SocProblems.pdf
Browning-Wright, D. (2003). Eleven Questions to Guide Data Collection in a Threat Assessment Inquiry. U.S. Secret Service and the Department of Education. Accessed January 2025 from https://locker.txssc.txstate.edu/f40474bcbab5f025bb1570f1bfbf9f06/Eleven-Questions-to-Guide-Data-Collection-in-a-Threat-Assessment-Inquiry.pdf
Capellan, J.A., & Jiao, A.Y. (2019). Deconstructing Mass Public Shootings: Exploring Opportunities for Intervention. Rowan University: Rockefeller Institute of Government. Accessed January 2025 from https://rockinst.org/wp-content/uploads/2019/10/10-24-19-Deconstructing-Mass-Shootings-Brief-1.pdf
Chohlas-Wood, A. (2020). “Understanding Risk Assessment Instruments in Criminal Justice.” The Brookings Institution. Accessed January 2025 from https://www.brookings.edu/research/understanding-risk-assessment-instruments-in-criminal-justice/
Cornell, D.G. (2020). Threat assessment as a school violence prevention strategy. Criminology & Public Policy, 19(1), 235-252. Accessed January 2025 from https://doi.org/10.1111/1745-9133.12471
Criminal Intelligence Coordinating Council (CICC). (2016). Understanding Digital Footprints: Steps to Protect Personal Information. Global Advisory Committee: U.S. Department of Homeland Security. Accessed January 2025 from https://bja.ojp.gov/sites/g/files/xyckuh186/files/media/document/Understanding_Digital_Footprints-09-2016.pdf
Cybersecurity and Infrastructure Security Agency (CISA). (2014). Emergency Services Sector Roadmap to Secure Voice and Data Systems. Department of Homeland Security. Accessed January 2025 from https://www.cisa.gov/sites/default/files/publications/emergency-services-sector-roadmap-to-secure-voice-and-data-systems-032014-508.pdf
Cybersecurity and Infrastructure Security Agency (CISA). (2015). Emergency Services Sector-Specific Plan. Department of Homeland Security. Accessed January 2025 from https://www.cisa.gov/sites/default/files/publications/emergency-services-sector-specific-plan-112015-508_0.pdf
Cybersecurity and Infrastructure Security Agency (CISA). (2017). A Guide to Securing Networks for Wi-Fi, Version 1.0. Department of Homeland Security. Accessed January 2025 from https://www.cisa.gov/uscert/sites/default/files/publications/A_Guide_to_Securing_Networks_for_Wi-Fi.pdf
Defense Science Board (DSB). (2012). Predicting Violent Behavior. Task Force Report. U.S. Department of Defense. Accessed January 2025 from https://irp.fas.org/agency/dod/dsb/predicting.pdf
Desmarais, S. L., & Zottola, S. A. (2020). Violence risk assessment: Current status and contemporary issues. Marquette Law Review, 103(3), 793. Accessed January 2025 from https://scholarship.law.marquette.edu/cgi/viewcontent.cgi?article=5441&context=mulr
Dipshan, R., Hudgins, V., Ready, F., & Warren, Z. (2020). “The Most Widely Used Risk Assessment Tool in Each U.S. State.” Law.com. Accessed January 2025 from https://www.law.com/legaltechnews/2020/07/13/the-most-widely-used-risk-assessment-tool-in-each-u-s-state/
Douglas, K.S., Hart, S.D., Webster, C.D., & Belfrage, H. (2014). “HCR-20: The World’s Leading Violence Risk Assessment Instrument.” Mental Health Law and Policy Institute. Accessed January 2025 from http://hcr-20.com/
Duits, N., & Pressman, D.E. (2024). “The Violent Extremism Risk Assessment 2 Revised (VERA-2R).” Custodial Institutions Agency, Ministry of Justice and Security of the Netherlands. Accessed January 2025 from https://www.vera-2r.nl/
Enang, I., Murray, J., Dougall, N., Aston, E., Wooff, A., Heyman, I., & Grandison, G. (2021). Vulnerability assessment across the frontline of law enforcement and public health: A systematic review. Policing and Society, 32(4), 1-20. Accessed January 2025 from https://doi.org/10.1080/10439463.2021.1927025
Harris, G.T., Rice, M.E., Quinsey, V.L., & Cormier, C.A. (2015). Violence Risk Appraisal Guide Revised (VRAG-R) Scoring Sheet. VRAG-R Official Website. Accessed January 2025 from http://www.vrag-r.org/wp-content/uploads/2021/12/VRAG-R-scoring-sheet-1.pdf
International Association of Chiefs of Police (IACP). (2017). Managing Cybersecurity Risk: A Law Enforcement Guide. Accessed January 2025 from https://www.iacpcybercenter.org/wp-content/uploads/2015/04/Managing_Cybersecurity_Risk_2017.pdf
Kropp, P.R., Hart, S.D. (2000). “Spousal Assault Risk Assessment (SARA) Guide.” Gender Empowerment Measures Repository. Accessed January 2025 from https://emerge.ucsd.edu/r_1plrabytih9j494/
Mahendru, P. (2024). “The State of Ransomware in Healthcare 2024.” Sophos News. Accessed January 2025 from https://news.sophos.com/en-us/2024/07/30/the-state-of-ransomware-in-healthcare-2024/
Mahendru, P. (2024). “The State of Ransomware in State and Local Education 2024.” Sophos News. Accessed January 2025 from https://news.sophos.com/en-us/2024/07/11/the-state-of-ransomware-in-education-2024/
Mahendru, P. (2024). “The State of Ransomware in State and Local Government 2024.” Sophos News. Accessed January 2025 from https://news.sophos.com/en-us/2024/08/14/the-state-of-ransomware-in-state-and-local-government-2024/
Mayorkas, A.N. (2022). Summary of Resources for State, Local, Tribal, Territorial, and Campus Law Enforcement Partners. U.S. Department of Homeland Security. Accessed January 2025 from https://www.dhs.gov/sites/default/files/2022-04/22_0407_OSLLE_LE-resource-guide-signed_508.pdf
Miller, A. (2014). “Threat Assessment in Action.” The American Psychological Association. Accessed January 2025 from https://www.apa.org/monitor/2014/02/cover-threat.aspx.
Modzeleski, W., & Randazzo, M.R. (2018). School threat assessment in the USA: Lessons learned from 15 years of teaching and using the federal model to prevent school shootings. Contemporary School Psychology, 22(2), 109-115. Accessed January 2025 from https://link.springer.com/article/10.1007/s40688-018-0188-8
National Association for Behavioral Intervention and Threat Assessment (NABITA). (2014). “Threat Assessment Tool.” Accessed January 2025 from https://cdn.nabita.org/website-media/nabita.org/wordpress/wp-content/uploads/2014/04/2014-NaBITA-Threat-Assessment-Tool.pdf
National Association of School Psychologists (NASP). (2015). “School Violence Prevention: Guidelines for Administrators and Crisis Teams.” Accessed January 2025 from https://www.nasponline.org/resources-and-publications/resources-and-podcasts/school-safety-and-crisis/school-violence-resources/school-violence-prevention/school-violence-prevention-guidelines-for-administrators-and-crisis-teams
National Institute for Occupational Safety and Health (NIOSH). (2020). “Violence Risk Assessment Tools.” Centers for Disease Control and Prevention. Accessed January 2025 from https://wwwn.cdc.gov/WPVHC/Nurses/Course/Slide/Unit6_8
National Institute of Standards and Technology (NIST). (2012). Guide to Conducting Risk Assessments. Joint Task Force Transformation Initiative, Risk Management Framework Team. Accessed January 2025 from https://csrc.nist.gov/csrc/media/Presentations/2023/guide-to-conducting-risk-assessment-sp-800-30-rev/NIST-Risk-Assessment-Overview-2.pdf
National Threat Assessment Center (NTAC). (2018). Enhancing School Safety Using a Threat Assessment Model: An Operational Guide for Preventing Targeted School Violence. U.S. Secret Service: Department of Homeland Security. Accessed January 2025 from https://www.cisa.gov/sites/default/files/publications/18_0711_USSS_NTAC-Enhancing-School-Safety-Guide.pdf.
National Threat Assessment Center (NTAC). (2019). Protecting America’s Schools: A U.S. Secret Service Analysis of Targeted School Violence. U.S. Secret Service: Department of Homeland Security. Accessed January 2025 from https://www.secretservice.gov/sites/default/files/2020-04/Protecting_Americas_Schools.pdf
National Threat Assessment Center (NTAC). (2021). Averting Targeted School Violence. U.S. Secret Service: Department of Homeland Security. Accessed January 2025 from https://www.secretservice.gov/sites/default/files/reports/2021-03/USSS%20Averting%20Targeted%20School%20Violence.2021.03.pdf
National Threat Assessment Center (NTAC). (2023). Mass Attacks in Public Spaces: 2016-2020. U.S. Secret Service: Department of Homeland Security. Accessed January 2025 from https://www.secretservice.gov/sites/default/files/reports/2023-01/usss-ntac-maps-2016-2020.pdf
National Threat Evaluation and Reporting Program. (ND). Behavioral Approach to Violence Prevention. Office of Intelligence Analysis: Department of Homeland Security. Accessed January 2025 from https://sites.ed.gov/whhbcu/files/2022/01/Behavioral-Approach-to-Violence-Prevention.pdf
Nguyen, T. L., Scalora, M. J., & Bulling, D. (2024). Behavioral Threat Assessment and Management Programs: Practitioner-Informed Baseline Capabilities. National Counterterrorism Innovation, Technology, and Education Center (NCITE), Dept. of Homeland Security. Reports, Progress, and Research. 100. Accessed January 2025 from https://digitalcommons.unomaha.edu/ncitereportsresearch/100/
Occupational Safety and Health Administration (OSHA). (ND). “Evacuation Planning Matrix.” U.S. Department of Labor. Accessed January 2025 from https://www.osha.gov/emergency-preparedness/evacuation-matrix
Partnership on Artificial Intelligence. (2019). Report on Algorithmic Risk Assessment Tools in the U.S. Criminal Justice System. Accessed January 2025 from https://pde.is/posts/docs/Report-on-Algorithmic-Risk-Assessment-Tools.pdf
RAND Corporation (ND). “Follow-Up Actions: No Prevention Opportunity Missed.” Mass Attacks Defense Toolkit. Accessed January 2025 from https://www.rand.org/pubs/tools/TLA1613-1/toolkit/prevent/follow-up-actions.html
RAND Corporation (ND). “In Depth: Databases to Support Threat Assessments.” Mass Attacks Defense Toolkit. Accessed January 2025 from https://www.rand.org/pubs/tools/TLA1613-1/toolkit/prevent/threat-assessment/databases.html
RAND Corporation (ND). “Threat Assessment: Finding and Putting Together the Puzzle Pieces.” Mass Attacks Defense Toolkit. Accessed January 2025 from https://www.rand.org/pubs/tools/TLA1613-1/toolkit/prevent/threat-assessment.html
Ready Campaign. (2021). “Risk Assessment.” Accessed January 2025 from https://www.ready.gov/risk-assessment
Ready Campaign. (2024). “Emergency Response Plan.” Accessed January 2025 from https://www.ready.gov/business/implementation/emergency
Renfroe, N.A. and Smith, J.L. (2016). “Threat / Vulnerability Assessments and Risk Analysis.” Applied Research Associates. Accessed January 2025 from https://www.wbdg.org/resources/threat-vulnerability-assessments-and-risk-analysis.
Risk Management Authority of Scotland. (2019). Level of Service Inventory Revised (LSI-R). Accessed January 2025 from https://www.rma.scot/wp-content/uploads/2023/01/Level-of-Service-Inventory-Revised-LSI-R.pdf
Romano, S.J., Levi-Minzi, M.E., Rugala, E.A., & van Hasselt, V.B. (2011). Workplace Violence Prevention. Federal Bureau of Investigation: U.S. Department of Justice. Accessed January 2025 from https://www.fbi.gov/file-repository/stats-services-publications-workplace-violence-workplace-violence/view
Ruggiero, P., & Foote, J. (2011). Cyber Threats to Mobile Phones. U.S. Computer Readiness Team: Department of Homeland Security. Accessed January 2025 from https://www.cisa.gov/uscert/sites/default/files/publications/cyber_threats_to_mobile_phones.pdf
Savage, T.A. (2019). School-Based Behavioral Threat Assessment and Management: General Considerations. Presentation at the Minnesota School Psychologists Association: Plymouth, MN. Accessed January 2025 from https://www.youtube.com/watch?v=RXJj_bTRh5U
Simons, A., & Meloy, J. R. (2017). Foundations of threat assessment and management. In The Handbook of Behavioral Criminology, 627-644. Accessed January 2025 from https://link.springer.com/chapter/10.1007/978-3-319-61625-4_36
University of Cincinnati Corrections Institute (UCCI). (ND). Ohio Risk Assessment System. Accessed January 2025 from https://cech.uc.edu/content/dam/refresh/cech-62/ucci/overviews/oras-overview.pdf
Virginia Department of Criminal Justice Service. (2018). Virginia Pretrial Risk Assessment Instrument (VPRAI) Instruction Manual, Version 4.5. Accessed January 2025 from https://www.dcjs.virginia.gov/sites/dcjs.virginia.gov/files/publications/corrections/virginia-pretrial-risk-assessment-instrument-vprai_2.pdf