Professional Documents
Culture Documents
• Part 1: • Part 2:
• Risk Analysis • Interventions
• Limitations • Recommendations
• Interdependency • Budgetary considerations
• Part 3
• In Practice
Purpose Statement
• Phase 1 • Phase 2
– Analyze Risks – Countermeasures
Assets Mitigation Opportunities
Threats Plan Development
Vulnerabilities Policy Institution
Risks
Phase 1
Risk Assessment: Phase 1
• Asset Characterization
Risks Assets • Criticality Analysis
• Threat Identification
• Consequence Analysis
• Vulnerability Analysis
• Probability Assessment
Vulnerabilities Threats • Risk Assessment
• Risk Prioritization
• Risk Management
Risk Assessment: Phase 1
Assets
People
Property
Proprietary Information
Reputation
Risk Assessment: Phase 1
• Criticality Analysis
Understand -which assets are critical
• Mission related
Hazard Threat
• Natural • Manmade
• Manmade • Intentional
• Unintentional • With Malice
• Safety • Terrorists
• Security • Petty or Economic Criminals
• Disasters • Subversives
• Political/Military
• Environmental or Behavioral
Risk Assessment: Phase 1
• Consequence Analysis
– Losses
• Human life
• Property
• Proprietary information
• Reputation
– Impact
• Environmental
• Economical
Risk Assessment: Phase 1
• Vulnerability Analysis
Define
– 3 distinct steps
• Define
• Evaluate
• Identify Vulnerability
Identify Evaluate
Risk Assessment: Phase 1
• Probability Assessment
– View point dependent
– Based on attractiveness
– Historic Data
– Statistics
Risk Assessment: Phase 1
Risk =
Probability x Vulnerability x Consequence
Risk Assessment: Phase 1
• Risk:
Assess
– Assessment
– Prioritization
Prioritize
– Management
Manage
Phase 2
Risk Assessment: Phase 2
Countermeasures
• Mitigation opportunities
Policy
– Safety Safety
– Security
– Policy Development Security
• Enforcement
• Costs
Mitigation
Risk Assessment: Phase 2
Trigger
Monitor Review
Approval Impact
Expert
Review
Phase 3
Risk Assessment: Phase 3
• In Practice:
– Small facility
– 5 employees
– Widgets
Risk Assessment: Phase 3
• Prioritization
Asset Risk
Reputation 125
Proprietary Information 100
Equipment 20
Facility 16
Employees 12
Risk Assessment: Phase 3
• Countermeasures
– QA/QC support
– Sabotage protection
– Computer back-up and security
– Visitor management
Risk Assessment: Phase 3
Booz-Allen and Hamilton, Inc. (2000). Analytical risk management: A course guide for