Risk Analysis and Security Countermeasure Selection
Features
- Details the 5 core principles of the risk analysis lifecycle
- Evaluates DHS-approved risk assessment methods, including Carver, API/NPRA, RAMCAP, and various Sandia methodologies
- Explains why terrorism threats and ordinary crime each require their own unique risk assessment approaches
- Presents a risk analysis methodology applicable to public and private industry, as well as critical infrastructure
- Introduces a user-friendly graphic risk analysis tool that can be adapted to most situations
Summary
When properly conducted, risk analysis enlightens, informs, and illuminates, helping management organize their thinking into properly prioritized, cost-effective action. Poor analysis, on the other hand, usually results in vague programs with no clear direction and no metrics for measurement. Although there is plenty of information on risk analysis, it is rare to find a book that explains this highly complex subject with such startling clarity. Very few, if any, focus on the art of critical thinking and how to best apply it to the task of risk analysis.
The first comprehensive resource to explain how to evaluate the appropriateness of countermeasures, from a cost-effectiveness perspective, Risk Analysis and Security Countermeasure Selection details the entire risk analysis process in language that is easy to understand. It guides readers from basic principles to complex processes in a step-by-step fashion, evaluating DHS–approved risk assessment methods, including CARVER, API/NPRA, RAMCAP, and various Sandia methodologies.
Using numerous case illustrations, the text clearly explains the five core principles of the risk analysis lifecycle—determining assets, threats, vulnerabilities, risks, and countermeasures. It also supplies readers with a completely adaptable graphic risk analysis tool that is simple to use, can be applied in public or private industries, and works with all DHS–approved methods. This reader-friendly guide provides the tools and insight needed to effectively analyze risks and secure facilities in a broad range of industries, including DHS designated critical infrastructure in the chemical, transportation, energy, telecommunications, and public health sectors.
Table of Contents
SECTION I: RISK ANALYSIS
Risk Analysis—The Basis for Appropriate and Economical Countermeasures
Critical Thinking
Qualitative versus Quantitative Analysis
Theory, Practice, and Tools
Organization
Risk Analysis Basics and the Department of Homeland Security–Approved Risk Analysis Methods
Risk Analysis for Facilities and Structures
Many Interested Stakeholders and Agendas
Commercially Available Software Tools
Risk Analysis Basics
Risk Assessment Steps
Which Methodology to Use?
Risk Analysis Skills and Tools
Skill #1: Gathering Data
Skill #2: Research and Evidence Gathering
Skill #3: Critical Thinking in the Risk Analysis Process
Skill #4: Quantitative Analysis
Skill #5: Qualitative Analysis
Skill #6: Countermeasures Selection
Skill #7: Report Writing
Critical Thinking and the Risk Analysis Process
Overview of Critical Thinking
The Importance of Critical Thinking
Analysis Requires Critical Thinking
The Eight Elements that make up the Thinking Process
The Concepts, Goals, Principles, and Elements of Critical Thinking
Pseudo-Critical Thinking
Intellectual Traits
The Importance of Integrating Critical Thinking into Everyday Thinking
Applying Critical Thinking to Risk Analysis
More about Critical Thinking
The Root of Problems
Asset Characterization and Identification
Theory
Practice
Tools
Criticality and Consequence Analysis
Twofold Approach
Criticality
Consequence Analysis
Building your Own Criticality/Consequences Matrix
Criticality/Consequence Matrix Instructions
Threat Analysis
Theory
Practice
Tools
Assessing Vulnerability
Review of Vulnerability Assessment Model
Define Scenarios and Evaluate Specific Consequences
Evaluate Vulnerability
Estimating Probability
Resources for Likelihood
Criminal versus Terrorism Likelihood Resources
Criminal Incident Likelihood Estimates
The Risk Analysis Process
Diagram Analysis
Asset Target Value Matrices
Probability Summary Matrix
Vulnerability Components
Prioritizing Risk
Prioritization Criteria
Natural Prioritization (Prioritizing By Formula)
Prioritization of Risk
Communicating Priorities Effectively
Best Practices Ranking Risk Results
SECTION II: POLICY DEVELOPMENT BEFORE COUNTERMEASURES
Security Policy Introduction
The Hierarchy of Security Program Development
What are Policies, Standards, Guidelines, and Procedures?
Security Policy and Countermeasure Goals
Theory
The Role of Policies in the Security Program
The Role of Countermeasures in the Security Program
Why Should Policies Precede Countermeasures?
Security Policy Goals
Security Countermeasure Goals
Policy Support for Countermeasures
Key Policies
Developing Effective Security Policies
Process for Developing and Introducing Security Policies
Policy Requirements
Basic Security Policies
Security Policy Implementation Guidelines
Regulatory-Driven Policies
Nonregulatory-Driven Policies
SECTION III: COUNTERMEASURE SELECTION
Countermeasure Goals and Strategies
Countermeasure Objectives, Goals, and Strategies
Access Control
Deterrence
Detection
Assessment
Response (Including Delay)
Evidence Gathering
Comply with the Business Culture of the Organization
Minimize Impediments to Normal Business Operations
Safe and Secure Environment
Design Programs to Mitigate possible Harm from Hazards and Threat Actors
Types of Countermeasures
Baseline Security Program
Specific Countermeasures
Countermeasures Selection Basics
No-Tech Elements
Countermeasure Selection and Budgeting Tools
The Challenge
Countermeasure Effectiveness
Functions of Countermeasures
Countermeasure Effectiveness Metrics
Helping Decision Makers Reach Consensus on Countermeasure Alternatives
Helping Decision Makers Reach Consensus on Countermeasure
Alternatives
Security Effectiveness Metrics
Theory
Sandia Model
A Useful Commercial Model
What kind of Information Do We Need to Evaluate to Determine Security Program Effectiveness?
What Kind of Metrics Can Help Us Analyze Security Program Effectiveness?
Cost-Effectiveness Metrics
What Are the Limitations of Cost-Effectiveness Metrics?
What Metrics Can Be Used to Determine Cost-Effectiveness?
Communicating Priorities Effectively
Basis of Argument
Complete Cost-Effectiveness Matrix
Complete Cost-Effectiveness Matrix Elements
Writing Effective Reports
The Comprehensive Risk Analysis Report
Countermeasures
Report Supplements
Each chapter begins with an "Introduction" and ends with a "Summary"
Editorial Reviews
… by following the guidance laid out in this detailed book, security managers can do it themselves with software that’s probably already on their office computers: Microsoft Excel. … There is no doubt that Norman himself spent considerable time devising the process, which he presents in the book. He provides step-by-step lists for building various matrices … definitely a book for the advanced security practitioner. … it outlined an excellent methodology and is well worth the effort required to read it and work through the process outlined by the author.
— Glen Kitteringham, CPP, President of Kitteringham Security Group Inc., in Security Management, January 2011
