The three dimensional tactics concept is adopted from recent formulations of ‘spherical security’. This is adapted to develop a conceptual approach to vulnerability analysis in counter terrorism planning, dealing with the problems where there is no intelligence-based threat analysis, and an attack can come from any direction. The UK Intelligence and Security Committee report on the 2005 London Underground attacks emphasises that the challenge to security assessments was the difficulty in realistically identifying potential terrorist targets. I believe this problem can be mitigated with suitable tools and methodologies. My approach is based on the US Federal Emergency Management Agency document – FEMA 426 Reference Manual. Matrix modelling and simple cluster modelling are adopted as tools to help identify vulnerabilities. As well, concepts such as building weaponisation, time and deception are discussed to demonstrate key operational aspects of terrorist attacks, which also need to be accounted for in the analysis of vulnerabilities and mitigations.