This guidebook sets forth a systematic, proven set of best practices for security risk assessment and management of buildings and their supporting infrastructures. These practices are all designed to optimize the security of workplace environments for occupants and to protect the interests of owners and other stakeholders. The methods set forth by the authors stem from their research at Sandia National Laboratories and their practical experience working with both government and private facilities.
Following the authors' step-by-step methodology for performing a complete risk assessment, you learn to:
The authors further provide you with the analytical tools needed to determine whether to accept a calculated estimate of risk or to reduce the estimated risk to a level that meets your particular security needs. You then learn to implement a risk-reduction program through proven methods to upgrade security to protect against a malicious act and/or mitigate the consequences of the act.
This comprehensive risk assessment and management approach has been used by various organizations, including the U.S. Bureau of Reclamation, the U.S. Army Corps of Engineers, the Bonneville Power Administration, and numerous private corporations, to assess and manage security risk at their national infrastructure facilities. With its plain-English presentation coupled with step-by-step procedures, flowcharts, worksheets, and checklists, you can easily implement the same proven approach and methods for your organization or clients. Additional forms and resources are available online at www.wiley.com/go/securityrisk.
RUDOLPH V. MATALUCCI, PhD, PE, is a retired Lieutenant Colonel in the United States Air Force and President of Rudolph Matalucci Consultants, Inc. Prior to starting his consulting firm, Dr. Matalucci was a project engineer/manager for Sandia National Laboratories, where he directed numerous risk-related projects for the Department of Energy, the Department of Defense, several other government agencies, and private organizations. He has developed, validated, implemented, and taught risk assessment methodologies for dams/locks/levees, electric power generation/transmission facilities, buildings, and other infrastructures.
SHARON L. O'CONNOR is a Principal Member of the Laboratory Staff in the Security Systems and Technology Center at Sandia National Laboratories. For the last ten years, she has supported Architectural Surety and security risk assessment work. Her baccalaureate degree is from the University of New Mexico.
1.1 Introduction.
1.2 Security Risk Equation.
1.3 Security Risk Assessment and Management Process.
1.3.1 Facility Characterization.
1.3.2 Threat Analysis.
1.3.3 Consequence Analysis.
1.3.4 System Effectiveness Assessment.
1.3.5 Risk Estimation.
1.3.6 Comparison of Estimated Risk Levels.
1.3.7 Risk Reduction Strategies.
1.4 Presentation to Management.
1.5 Risk Management Decisions.
1.6 Information Protection.
1.7 Process Summary.
1.8 References.
1.9 Exercises.
2. Screening Analysis.
2.1 Introduction.
2.2 Screening Analysis Methods.
2.3 Summary.
2.4 References.
2.5 Exercises.
3. Facility Characterization.
3.1 Introduction.
3.2 Undesired Events.
3.3 Facility Description.
3.3.1 Physical Details.
3.3.2 Cyber Information System.
3.3.3 Facility Operations.
3.3.4 Security Protection Systems.
3.3.5 Workforce Description.
3.3.6 Restrictions, Requirements, Limitations.
3.4 Critical Assets.
3.4.1 Generic Fault Tree.
3.4.2 Identifying Critical Assets.
3.5 Protection Objectives.
3.6 Summary.
3.7 References.
3.8 Exercises.
4. Threat Analysis.
4.1 Introduction.
4.2 Sources of Threat Information.
4.2.1 Local and State Sources.
4.2.2 National Sources.
4.3 Adversary Spectrum.
4.4 Adversary Capability.
4.5 Threat Potential for Attack.
4.5.1 Outsider Threat.
4.5.2 Insider Threat.
4.6 Summary.
4.7 References.
4.8 Exercises.
5. Consequence Analysis.
5.1 Introduction.
5.2 Reference Table of Consequences.
5.3 Consequence Values for Undesired Events.
5.4 Summary.
5.5 References.
5.6 Exercises.
6. Asset Prioritization.
6.1 Introduction.
6.2 Prioritization Matrix.
6.3 Summary.
6.4 References.
6.5 Exercises.
7. System Effectiveness.
7.1 Introduction.
7.2 Protection System Effectiveness.
7.2.1 Adversary Strategies.
7.2.2 Physical Protection System Effectiveness.
7.2.3 Cyber Protection System Effectiveness.
7.3 Summary.
7.4 References.
7.5 Exercises.
8. Estimating Security Risk.
8.1 Introduction.
8.2 Estimating Security Risk.
8.2.1 Conditional Risk.
8.2.2 Relative Risk.
8.3 Summary.
8.4 References.
8.5 Exercises.
9. Risk Reduction Strategies.
9.1 Introduction.
9.2 Strategies for Reducing Likelihood of Attack.
9.3 Strategies for Increasing Protection System Effectiveness.
9.3.1 Physical Protection System Upgrades.
9.3.2 Cyber Protection System Upgrades.
9.3.3 Protection System Upgrade Package(s).
9.4 Strategies for Mitigating Consequences.
9.4.1 Construction Hardening.
9.4.2 Redundancy.
9.4.3 Optimized Recovery Strategies.
9.4.4 Emergency Planning.
9.5 Combinations of Reduction Strategies.
9.6 Summary.
9.7 References.
9.8 Exercises.
10. Evaluating Impacts.
10.1 Risk Level.
10.2 Costs.
10.3 Operations/Schedules.
10.4 Public Opinion.
10.5 Other Site-Specific Concerns.
10.6 Review Threat Analysis.
10.7 Summary.
10.8 References.
10.9 Exercises.
11. Risk Management Decisions.
11.1 Introduction.
11.2 Risk Assessment Results.
11.2.1 Executive Summary.
11.2.2 Introduction.
11.2.3 Threat Analysis.
11.2.4 Consequence Analysis.
11.2.5 System Effectiveness Assessment.
11.2.6 Risk Estimation.
11.2.7 Risk Reduction Strategies and Packages.
11.2.8 Impact Analysis.
11.2.9 Supporting Documentation.
11.2.10 Report Overview.
11.3 Risk Management Decisions.
11.4 Establish Design Basis Threat (DBT).
11.5 Summary.
11.6 References.
11.7 Exercises.
12. Summary.
12.1 Facility Characterization.
12.2 Threat Analysis.
12.3 Consequence Analysis.
12.4 System Effectiveness Assessment.
12.5 Risk Estimation.
12.6 Comparison of Estimated Risk Level to Threshold.
12.7 Risk Reduction Strategies.
12.8 Analysis of Impacts Imposed by Risk Reduction Upgrade Packages.
12.9 Presentation to Management.
12.10 Risk Management Decisions.
外文書商品之書封,為出版社提供之樣本。實際出貨商品,以出版社所提供之現有版本為主。部份書籍,因出版社供應狀況特殊,匯率將依實際狀況做調整。
無庫存之商品,在您完成訂單程序之後,將以空運的方式為你下單調貨。為了縮短等待的時間,建議您將外文書與其他商品分開下單,以獲得最快的取貨速度,平均調貨時間為1~2個月。
為了保護您的權益,「三民網路書店」提供會員七日商品鑑賞期(收到商品為起始日)。
若要辦理退貨,請在商品鑑賞期內寄回,且商品必須是全新狀態與完整包裝(商品、附件、發票、隨貨贈品等)否則恕不接受退貨。