truck. You entered on a green light but to your right a large truck is rapidly driving into the intersection right at your pretty red crew cab!
What is the risk — besides messing up your trousers? The threat is the truck barreling at your truck. The vulnerability is your truck wasn’t designed to be hit at 35 miles per hour by a large vehicle — even with side and front air bags. The consequence could range from death or serious injury to you, death/injury to adjacent cars and pedestrians, death/injury to the truck driver, citations from the police, years of lawsuits, etc.
That is pretty obvious example. What about something more subtle?
I was recently driving by a refinery near my home. I noted a perimeter fence around the facility, but the top barbed wire array was facing towards the plant and not towards the threat (i.e., the terrorist/attacker) as it should. The risk is not particularly profound; however, there is a vulnerability with the barbed wire topper facing the wrong direction which would more readily allow an intruder to enter the refinery perimeter. The consequences could range from sabotage to simple vandalism; but, there are consequences to consider.
Risk is all around us and you really should have an innate sense of what risk includes so you can fix it later.
What is a Risk Assessment?
A comprehensive risk, threat, and vulnerability assessment offers an organized and systematic approach to assessing and documenting risks to the organization. The risk assessment provides an informed list of risks and recommended corrective actions to help the enterprise attack and correct the most serious risks identified. A risk assessment is generally a holistic view of the facility and is intended to view all activities and look for “all hazards” that can constitute risks to the company.
In the US Interagency Security Committee Standard, a risk assessment is the process of evaluating credible threats, identifying vulnerabilities, and assessing consequences. In the National Institute of Standards and Technology (NIST) Special Publication 800-30, Guide for Conducting Risk Assessments, the authors define a Risk Assessment as:
The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation...
As mentioned in his Newcastle Consulting Blog, “The Value of Security Risk Assessments,” Mr. J. Kelly Stewart recognizes that properly performed risk assessments can offer the following:
Reduce long-term costs to the enterprise.
Improve future operations and aid the organization in achieving strategic objectives.
Break down organizational barriers.
Provide important self-analysis.
Facilitate internal and external communications.
Help the enterprise avoid major accidents and events.
The Risk Assessment Flow Chart
As we delve into the risk assessment process, it is easy to separate it into three primary phases:
Phase 1: Pre-Assessment Planning
Phase 2: Site Assessment, and
Phase 3: Reporting.
Figure 0-2 provides a map of the risk assessment process:
Figure 0-2 Hybrid Facility Risk Analysis Flow Chart
As we proceed with this book, and especially in Chapters 5 through 8, this map will help you understand where in the process we are, and what are the subprocesses in play for each phase.
Your Job
Your job is to jump in and use this handbook to guide you and your teams when you perform risk assessments and other facility analyses. There’s a lot going on and I think you’ll find this a worthwhile guide. Good Luck! Enjoy your journey as we try to eat the elephant!
REFERENCES
Biss, E. (2020). Eula Biss — Some of the most interesting research that I... Retrieved April 14, 2020, from https://www.brainyquote.com/quotes/eula_biss_724462
Interagency Security Committee. (2013). The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard. Retrieved from https://www.dhs.gov/publication/isc-risk-management-process-aug-2013
Joint Task Force Transformation Initiative. (2012). Guide for Conducting Risk Assessments (SP 800-30, Rev 1). Retrieved from https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
Stewart, J. K. (2019). The Value of Security Risk Assessments. Retrieved from https://www.nccllc.net/journal-shift//the-value-of-security-risk-assessments
Tzu, L. (2020). Lao Tzu — Do the difficult things while they are easy and... Retrieved April 14, 2020, from https://www.brainvquote.com/quotes/lao_tzu_398196?src=t_journey
PART I
FOUNDATIONS
Before you can begin to conduct a risk assessment you need to understand a few fundamentals. This section helps you get prepared before you pick up your pen and camera to walk down the site.
Part I includes essential information on the following:
What constitutes Critical Infrastructure and how is it defined in the US and internationally?
What is Risk? What are the elements that make up this concept?
What is a Risk Assessment? What are the different types of risk assessments and their constituent parts?
You should find this an interesting read which will offer the basic information necessary to jump into the risk assessment phase.
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив
