HomeLearnBoKEvents & Case StudiesWorkplace Violence and Threats
Back to Hub
Last Reviewed: 2026-06-24
Reviewer: ITMG® Security Advisory
BoK Reference Sheet
Core Event taxonomy

Workplace Violence and Threats

Workplace violence and threat events involve threats, intimidation, coercion, stalking, harassment, physical harm, or behaviors that may create safety risk for people, facilities, or operations.

Notional composite.

Incident Case Analysis & Real-World Context

Case basis: Notional composite. After a disciplinary action, an employee made threatening comments about a supervisor, attempted to access a restricted work area after hours, and posted hostile statements on a personal account. Coworkers were unsure where to report the concerns, and the first reports were handled separately by management, HR, and security. The case shows why threat-related insider events require coordinated intake, documentation, safety planning, access decisions, and privacy-aware review.

Why This Event Pattern Matters

Violence and threat cases matter because insider risk includes harm to people as well as harm to systems and data. These events require multidisciplinary coordination and careful documentation of objective behavior, not unsupported conclusions.

Common Event Scenarios & Progression Path

Triggering workplace event such as discipline, termination, grievance, conflict, or role change.

Threatening, intimidating, or coercive statements or behavior.

Potential facility, badge, schedule, or executive-location exposure.

Fragmented reporting across HR, management, security, and legal channels.

IRCF™ Capability Alignment

Lessons from this event pattern directly map to the following canonical Insider Risk Capability Framework™ (IRCF™) components for organizational capability improvement:

Personnel AssurancePhysical SecurityGovernanceInvestigationOversight and ComplianceRisk Management and Reporting

Insider Threat Matrix Alignment

Matrix mapping may involve motive and means, but the Matrix should not replace threat-management expertise. Use it only to describe supported behavior such as unauthorized access, coercion, or attempts to reach people or facilities.

*The Insider Threat Matrix™ is an open framework maintained by Forscie Limited for computer-enabled insider threat investigations.

Controls & Safeguards to Leverage

Multidisciplinary threat-management intake and escalation.
Clear workforce reporting channels.
Badge and physical access adjustments when warranted.
Coordination among HR, Legal, Security, EAP, management, and law enforcement when appropriate.
Objective documentation of behaviors, decisions, and protective actions.

Relevant Program Metrics & KPIs

Metric
Threat referrals by site and source.
Metric
Time to triage safety concerns.
Metric
Protective action completion.
Metric
Open high-risk cases.
Metric
Lessons-learned closure after safety events.

Legal, Privacy, and Ethical Cautions

Threat and violence cases require Legal, HR, privacy, safety, and threat-management review. Content should not provide legal, clinical, or law-enforcement advice. Protect privacy and avoid unsupported labels.

Source References & Investigation Fact-Verification

Notional composite. Do not describe this as a real event. Use the case label shown above.

Operationalize This Learning

Need to evaluate whether this scenario is covered in your environment? Use RiskTKO® or request a Guided Exposure Assessment to evaluate your current control coverage, capability maturity, and exposure trends.