The outcome or objective of a threat and risk assessment is to provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability. In order to best determine the answers to these questions a company or organization can perform a threat and risk assessment. This can be accomplished using either internal or external resources. It is important that the risk assessment be a collaborative process, without the involvement of the various organizational levels the assessment can lead to a costly and ineffective security measure.

COLSA has developed a continual process of compiling and examining all available information concerning potential terrorist activities by terrorist groups which could target a facility. A threat analysis will review the factors of a terrorist group's existence, capability, intentions, history, and targeting, as well as the security environment within which friendly forces operate. Threat analysis is an essential step in identifying probability of terrorist attack and results in a threat assessment.