| |
| |
| |
Security Risk Assessment and Management Process | |
| |
| |
| |
Introduction | |
| |
| |
| |
Security Risk Equation | |
| |
| |
| |
Security Risk Assessment and Management Process | |
| |
| |
| |
Facility Characterization | |
| |
| |
| |
Threat Analysis | |
| |
| |
| |
Consequence Analysis | |
| |
| |
| |
System Effectiveness Assessment | |
| |
| |
| |
Risk Estimation | |
| |
| |
| |
Comparison of Estimated Risk Levels | |
| |
| |
| |
Risk Reduction Strategies | |
| |
| |
| |
Presentation to Management | |
| |
| |
| |
Risk Management Decisions | |
| |
| |
| |
Information Protection | |
| |
| |
| |
Process Summary | |
| |
| |
| |
References | |
| |
| |
| |
Exercises | |
| |
| |
| |
Screening Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Screening Analysis Methods | |
| |
| |
| |
Summary | |
| |
| |
| |
References | |
| |
| |
| |
Exercises | |
| |
| |
| |
Facility Characterization | |
| |
| |
| |
Introduction | |
| |
| |
| |
Undesired Events | |
| |
| |
| |
Facility Description | |
| |
| |
| |
Physical Details | |
| |
| |
| |
Cyber Information System | |
| |
| |
| |
Facility Operations | |
| |
| |
| |
Security Protection Systems | |
| |
| |
| |
Workforce Description | |
| |
| |
| |
Restrictions, Requirements, Limitations | |
| |
| |
| |
Critical Assets | |
| |
| |
| |
Generic Fault Tree | |
| |
| |
| |
Identifying Critical Assets | |
| |
| |
| |
Protection Objectives | |
| |
| |
| |
Summary | |
| |
| |
| |
References | |
| |
| |
| |
Exercises | |
| |
| |
| |
Threat Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Sources of Threat Information | |
| |
| |
| |
Local and State Sources | |
| |
| |
| |
National Sources | |
| |
| |
| |
Adversary Spectrum | |
| |
| |
| |
Adversary Capability | |
| |
| |
| |
Threat Potential for Attack | |
| |
| |
| |
Outsider Threat | |
| |
| |
| |
Insider Threat | |
| |
| |
| |
Summary | |
| |
| |
| |
References | |
| |
| |
| |
Exercises | |
| |
| |
| |
Consequence Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Reference Table of Consequences | |
| |
| |
| |
Consequence Values for Undesired Events | |
| |
| |
| |
Summary | |
| |
| |
| |
References | |
| |
| |
| |
Exercises | |
| |
| |
| |
Asset Prioritization | |
| |
| |
| |
Introduction | |
| |
| |
| |
Prioritization Matrix | |
| |
| |
| |
Summary | |
| |
| |
| |
References | |
| |
| |
| |
Exercises | |
| |
| |
| |
System Effectiveness | |
| |
| |
| |
Introduction | |
| |
| |
| |
Protection System Effectiveness | |
| |
| |
| |
Adversary Strategies | |
| |
| |
| |
Physical Protection System Effectiveness | |
| |
| |
| |
Cyber Protection System Effectiveness | |
| |
| |
| |
Summary | |
| |
| |
| |
References | |
| |
| |
| |
Exercises | |
| |
| |
| |
Estimating Security Risk | |
| |
| |
| |
Introduction | |
| |
| |
| |
Estimating Security Risk | |
| |
| |
| |
Conditional Risk | |
| |
| |
| |
Relative Risk | |
| |
| |
| |
Summary | |
| |
| |
| |
References | |
| |
| |
| |
Exercises | |
| |
| |
| |
Risk Reduction Strategies | |
| |
| |
| |
Introduction | |
| |
| |
| |
Strategies for Reducing Likelihood of Attack | |
| |
| |
| |
Strategies for Increasing Protection System Effectiveness | |
| |
| |
| |
Physical Protection System Upgrades | |
| |
| |
| |
Cyber Protection System Upgrades | |
| |
| |
| |
Protection System Upgrade Package(s) | |
| |
| |
| |
Strategies for Mitigating Consequences | |
| |
| |
| |
Construction Hardening | |
| |
| |
| |
Redundancy | |
| |
| |
| |
Optimized Recovery Strategies | |
| |
| |
| |
Emergency Planning | |
| |
| |
| |
Combinations of Reduction Strategies | |
| |
| |
| |
Summary | |
| |
| |
| |
References | |
| |
| |
| |
Exercises | |
| |
| |
| |
Evaluating Impacts | |
| |
| |
| |
Risk Level | |
| |
| |
| |
Costs | |
| |
| |
| |
Operations/Schedules | |
| |
| |
| |
Public Opinion | |
| |
| |
| |
Other Site-Specific Concerns | |
| |
| |
| |
Review Threat Analysis | |
| |
| |
| |
Summary | |
| |
| |
| |
References | |
| |
| |
| |
Exercises | |
| |
| |
| |
Risk Management Decisions | |
| |
| |
| |
Introduction | |
| |
| |
| |
Risk Assessment Results | |
| |
| |
| |
Executive Summary | |
| |
| |
| |
Introduction | |
| |
| |
| |
Threat Analysis | |
| |
| |
| |
Consequence Analysis | |
| |
| |
| |
System Effectiveness Assessment | |
| |
| |
| |
Risk Estimation | |
| |
| |
| |
Risk Reduction Strategies and Packages | |
| |
| |
| |
Impact Analysis | |
| |
| |
| |
Supporting Documentation | |
| |
| |
| |
Report Overview | |
| |
| |
| |
Ri | |