A Threat/Risk Assessment is a process to identify potential threats and analyze what could happen if a threat occurs.
A Threat Assessment is typically the sum of all threats that may impact the organization.
Hazards and external threats: Fire, Explosion, Natural Hazards, Hazardous Materials spill or release, Terrorism, Vandalism, Theft, Workplace violence, Pandemic disease, Utility outage, Mechanical breakdown, Supplier failure, Cyber attack.
For each hazard there are many possible scenarios that could unfold depending on timing, magnitude and location of the hazard.
Internal Threats: hardware failure (servers, storage, network, ISP-connectivity, workstations, laptops, peripherals, UPS, HVAC in server room, e.g.), software failure (software bugs, bad upgrade/update, admin error, OS/VM error, traffic spikes, being hacked from inside the office, unauthorized (malicious or accidental) disclosure, modification, or destruction of information). Risk assessment helps to identify potential Single Point(s) Of Failure within the infrastructure.
Vulnerability Assessment: People, Property including buildings, critical infrastructure, Supply chain, Systems/equipment, Information Technology, Business operations, Reputation of or confidence in entity, Regulatory and contractual obligations, Environment
Impact Analysis: Casualties, Property damage, Business interruption, Loss of clients/customers, Financial loss, Environmental contamination, Loss of confidence in the organization, Fines and penalties, lawsuits.
A Business Impact Analysis (BIA) is the process for determining the potential impacts resulting from the interruption of time sensitive or critical business processes.