2nd Edition

Risk Analysis and Security Countermeasure Selection

By Thomas L. Norman, CPP/PSP/CSC Copyright 2016
    484 Pages 76 B/W Illustrations
    by CRC Press

    This new edition of Risk Analysis and Security Countermeasure Selection presents updated case studies and introduces existing and new methodologies and technologies for addressing existing and future threats. It covers risk analysis methodologies approved by the U.S. Department of Homeland Security and shows how to apply them to other organizations, public and private. It also helps the reader understand which methodologies are best to use for a particular facility and demonstrates how to develop an efficient security system.

    Drawing on over 35 years of experience in the security industry, Thomas L. Norman provides a single, comprehensive reference manual for risk analysis, countermeasure selection, and security program development. The security industry has a number of practitioners and consultants who lack appropriate training in risk analysis and whose services sometimes suffer from conflicts of interest that waste organizations’ money and time. Norman seeks to fill the void in risk analysis training for those security consultants, thereby reducing organizations’ wasting of resources and potential vulnerability. This book helps you find ways to minimize cost and time spent in analyzing and countering security threats.

    Risk Analysis and Security Countermeasure Selection, Second Edition gives invaluable insight into the risk analysis process while showing how to use analyses to identify and create the most cost efficient countermeasures. It leads you from a basic to an advanced level of understanding of the risk analysis process. The case studies illustrate how to put each theory into practice, including how to choose and implement countermeasures and how to create budgets that allow you to prioritize assets according to their relative risk and select appropriate countermeasures according to their cost effectiveness.

    Preface

    Acknowledgments

    Author

    Risk Analysis: The Basis for Appropriate and Economical Countermeasures
    For Students Using This Book in an Academic Environment
    Introduction
    Critical Thinking
    Qualitative versus Quantitative Analysis
    Theory, Practice, and Tools
    Organization
    Summary
    References
    Q&A

    Risk Analysis Basics and DHS-Approved Risk Analysis Methods
    Introduction
    U.S. Department of Homeland Security Concerns
    Risk Analysis for Facilities and Structures
    Many Interested Stakeholders and Agendas
    Commercially Available Software Tools
    Risk Analysis Basics
    Risk Assessment Steps
    Which Methodology to Use?
    Summary
    References
    Q&A

    Risk Analysis Skills and Tools
    Introduction
    Security Risk Analysis Skills
    Security Risk Analysis Tools
    Summary
    References
    Q&A

    Critical Thinking and the Risk Analysis Process
    Introduction
    Overview of Critical Thinking
    Importance of Critical Thinking
    Analysis Requires Critical Thinking
    The Eight Elements That Make Up the Thinking Process
    The Concepts, Goals, Principles, and Elements of Critical Thinking
    Summary
    References
    Q&A

    Asset Characterization and Identification
    Introduction
    Theory
    Practice
    Tools
    Summary
    Reference
    Q&A

    Criticality and Consequence Analysis
    Introduction
    Twofold Approach
    Criticality versus Consequence
    Criticality
    Visualization
    Consequence Analysis
    Building Your Own Criticality/Consequences Matrix
    Criticality/Consequence Matrix Instructions
    Summary
    Q&A

    Threat Analysis
    Introduction
    Theory
    Practice
    Tools
    Predictive Threat Assessment
    Inductive versus Deductive Reasoning
    Predictive Risk Example
    Summary
    References
    Q&A

    Assessing Vulnerability
    Introduction
    Review of Vulnerability Assessment Model
    Define Scenarios and Evaluate Specific Consequences
    Evaluate Vulnerability
    Summary
    References
    Q&A

    Estimating Probability
    Introduction
    Resources for Likelihood
    Criminal versus Terrorism Likelihood Resources
    Criminal Incident Likelihood Estimates
    Summary
    References
    Q&A

    Risk Analysis Process
    Introduction
    Objective
    Complete Risk Analysis Process
    Risk Analysis Process
    Diagram Analysis
    Asset Target Value Matrixes
    Probability Summary Matrix
    Vulnerability Components
    Summary
    Q&A

    Prioritizing Risk
    Introduction
    Prioritization Criteria
    Natural Prioritization (Prioritizing by Formula)
    Prioritization of Risk
    Communicating Priorities Effectively
    Best Practices: Ranking Risk Results
    Summary
    Q&A

    Security Policy Introduction
    Introduction
    Hierarchy of Security Program Development
    What are Policies, Standards, Guidelines, and Procedures?
    Summary
    Q&A

    Security Policy and Countermeasure Goals
    Introduction
    Theory
    Role of Policies in the Security Program
    Role of Countermeasures in the Security Program
    Why Should Policies Precede Countermeasures?
    Security Policy Goals
    Security Countermeasure Goals
    Policy Support for Countermeasures
    Key Policies
    Summary
    Q&A

    Developing Effective Security Policies
    Introduction
    Process for Developing and Introducing Security Policies
    Policy Requirements
    Basic Security Policies
    Security Policy Implementation Guidelines
    Regulation-Driven Policies
    Non-Regulation-Driven Policies
    Summary
    Q&A

    Countermeasure Goals and Strategies
    Introduction
    Countermeasure Objectives, Goals, and Strategies
    Access Control
    Deterrence
    Detection
    Assessment
    Response
    Evidence Gathering
    Comply With The Business Culture of the Organization
    Minimize Impediments to Normal Business Operations
    Safe and Secure Environment
    Design Programs to Mitigate Possible Harm from Hazards and Threat Actors
    Summary
    Reference
    Q&A

    Types of Countermeasures
    Introduction
    Baseline Security Program
    Specific Countermeasures
    Countermeasure Selection Basics
    Summary
    References
    Q&A

    Countermeasure Selection and Budgeting Tools
    Introduction
    The Challenge
    Countermeasure Effectiveness
    Functions of Countermeasures
    Countermeasure Effectiveness Metrics
    Helping Decision Makers Reach Consensus on Countermeasure Alternatives
    Summary
    Q&A

    Security Effectiveness Metrics
    Introduction
    Theory
    Sandia Model
    A Useful Commercial Model
    What King of Information Do We Need to Evaluate to Determine Security Program Effectiveness?
    What Kind of Metrics Can Help Us Analyze Security Program Effectiveness?
    Summary
    References
    Q&A

    Cost Effectiveness Metrics
    Introduction
    What are the Limitations of Cost-Effectiveness Metrics?
    What Metrics Can Be Used to Determine Cost Effectiveness?
    Communicating Priorities Effectively
    Complete Cost Effectiveness Matrix
    Complete Cost Effectiveness Matrix Elements
    Summary
    Q&A

    Writing Effective Reports
    Introduction
    Comprehensive Risk Analysis Report
    Summary
    Q&A

    Biography

    Thomas L. Norman, CPP/PSP/CSC, is an internationally acclaimed security risk management consultant with more than 35 years of experience working in the United States, the Middle East, Europe, Africa, and Asia. He is the author of the industry reference manual on integrated security system design. He has developed formulas and processes that are used by the entire security industry to calculate the effectiveness of security programs and overall security program cost-effectiveness. His published works have been quoted and referenced by organizations such as the Cato Institute, the National Broadcasting Company, and Security Management.

    Winner of the ASIS Security Industry Book of the Year award in 2016.  

    "This book, like its predecessor, will become a desk reference used by security professionals everywhere. Like any great reference work, it will be dog-eared, feathered with Post-It Notes, with handwriting scrawled in the margins."—Ross Johnson

    Praise for the First Edition:

    "Thomas L. Norman’s Risk Analysis and Security Countermeasure Selection is a relentlessly practical book intended to aid security consultants."—
    Jim Harper, The CATO Institute, US Counter-Terrorism Strategy and al-Qaeda, 2010

    "… by following the guidance laid out in this detailed book, security managers can do it themselves with software that’s probably already on their office computers… There is no doubt that Norman himself spent considerable time devising the process, which he presents in the book. He provides step-by-step lists for building various matrices … definitely a book for the advanced security practitioner. … it outlines an excellent methodology and is well worth the effort required to read it and work through the process outlined by the author."Glen Kitteringham, CPP, President of Kitteringham Security Group Inc., in Security Management, January 2011