Index

Note: Page numbers followed by “f” and “t” refer to figures and tables, respectively.

A

Access control, 22, 111, 112
Accessibility, 76–77
Accountability, 58, 59–60, 136
Action plans, 59
Activity support, 113
Adapting organizations, 130
All-hazards approach, 38–41, 40
Amelioration, 117–118
Assessment process, 13, 38, 38f
Asset, 12, 57–58
assessment, 11
characterization and screening, 5
classification and control, 20
identification and prioritization, 63–64

B

Biodefense for the 21st Century, 8
“Broken window” theory, 109, 114
BS 7799, 20
Built environment concepts, 108, 109
Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), 3–4
Business activities, 18
Business continuity management, 23
Business continuity plan, 34–35, 35, 36, 36
Business’s internal processes, 58–59

C

Centers for Disease Control and Prevention (CDC), 41
Central Intelligence Agency (CIA), 3–4
Chemical, biological, radiologic, nuclear, and explosive (CBRNE) materials, 73, 77, 77, 77–78, 80t, 82t, 91
Chemical spill, 93, 95
Closed Caption Television (CCTV), 85t, 89, 89, 89, 89, 89, 113, 113
Collateral mass casualties, potential for, 73, 78–79
Communications and operations management, 21
Communication tools, 137
Compliance, 23
Computing and network equipment, 87
Computing infrastructure, 86, 88
Confusion, during evacuation process, 136, 136–137
Consequences, 103
analysis, 6
considerations for, 98–100
economic impact, 99
human impact, 98
impact on government capability, 100
impact on public confidence, 100
determination of, 100–102
Controls, 21, 22, 27, 120–121
Coordinators, in emergency action plans, 135
Cost-effective security solutions, 30
Cost-to-benefit ratio, 30
Countermeasure options, determination of, 11
Crime prevention through environmental design (CPTED), 107
categories, 111–114
activity support, 113
maintenance, 114
natural access control, 112
natural surveillance, 112–113
target hardening, 114
territoriality, 111–112
and crime reduction, 114–116
history of, 108–111
Critical Infrastructure and Key Resources (CIKR), 64, 64–70
protection, 103, 103–104
Critical Infrastructure Identification, Prioritization and Protection, 7
Cyber infrastructure, 66
Cyber Security Initiative, 8
Cyber terrorism, 85

D

Deepwater Horizon oil spill, 99
Defensible space, 108, 108–109, 109
Department of Homeland Security (DHS), 1, 32, 41, 64, 66, 67, 67, 68, 69, 90
Homeland Security Act of 2002, 6–7
homeland security platform, 2–4
Homeland Security Presidential Directives (HSPDs), 7–8
risk analysis and management for critical asset protection, 4–6
threat levels used by, 91f
Design-basis threat, 40
Deterrence, 84, 84, 88
DHS Security Information Intelligence Agency (CIA), 42
Disaster management, phases of, 119t
Documented procedures, 21
Domestic Nuclear Detection, 8

E

Economic impact (EI), 26–27, 99
EI value, 101
worksheets, 101t
Electronic commerce, 21
Emergency action plans (EAP), 90–95, 133–134
accounting for everyone after implementation, 94, 136
coordinators in, 135
creation of, 134
emergencies outside of the building, 94, 134
evacuation procedures, escape routes, and floor plans, 92–93, 135–136
media contact person, identifying, 94–95, 138
in Morgan Stanley, 134–135
new staff, training, 95, 138–139
notifying next of kin, 94, 137–138
policies for updating and maintaining, 95, 139
reporting and alerting authorities, 93, 136–137
staff and visitors, alerting, 93–94, 137
Emergency management, phases of, 79
Emergency plan, 35, 89, 90, 95, 136, 138
Emergency preparedness, 130–132
Emergency response team, 137–138, 138–139
Emerging organizations, 130
Employee background checks, 88
Enterprise risk management (ERM), 13–14, 72
Environmental disruption, 88
Environmental issues, 17
Environmental Protection Agency (EPA), 7, 8
Escape routes, 92–93, 135–136
Evacuation planning, 118, 134–135, 135, 136
Evacuation procedures, 92–93, 135–136
Event incidents in order of probability, 123–127
Executive management, in risk analysis, 32–36
Exercises, in emergency preparedness, 130–131, 131
Expanding organizations, 130
Exposure, 30, 58–60
Extending organizations, 130
Exxon Valdez oil spill, 51

F

Facility owners, 41, 41
Facility’s vulnerability, 79, 79
Family-based disaster planning, 128–129
Federal Bureau of Investigation (FBI), 3–4
FBI Joint Terrorism Task Forces, 41
Federal Emergency Management Agency (FEMA), 7, 131–132
Federal grants, 65
Flashing lights, 137
Floor plans, for evacuation, 92–93, 135–136
“The four dimensions of crime”, 109
Full-scale exercise, 131
Full security threat assessment, 39
Fusion centers, 42, 44

G

General assessment, 79
Government capability, impact on, 100
Great San Francisco fire and earthquake, 46, 47f

H

Hazard Identification Worksheet, 53t
Hazardous material, release of, 102
Hazards, identifying, 45–46
Health emergencies, 93
Hearing impaired, emergency notification for, 137
Heat wave of 1980, 47
High impact threat, 121
High probability threat, 121
Homeland Security Act of 2002, 6–7, 65, 69
Homeland Security Offices, 41
Homeland security platform, 2–4
Homeland Security Presidential Directives (HSPDs), 7–8
HSPD-5, 7
HSPD-7, 7, 64, 70, 98
HSPD-8, 7
HSPD-9, 8
HSPD-10, 8
HSPD-12, 8
HSPD-14, 8
HSPD-20, 8
HSPD-23, 8
Human error, 88
Human impact (HI), 98
and economic impact worksheets, 101t
value, 101
Human-made (terrorist) attacks, 72–74
assessment worksheet, 80t
Human-made disaster, 64, 65, 66, 102
Human-made hazards, 49–54
Exxon Valdez oil, 51
interstate 35 (I-35) Mississippi River bridge collapse, 50, 51f
Kansas City hotel walkway collapse, 49, 50f
Oil Pollution Act of 1990, 51
Hurricane Katrina, 2005, 48

I

Impact analysis, 126
Industrial relations, 17
Information, 12
and software exchange agreements, 21
gathering, 41–42
Information security infrastructure, creation of, 20
Information security policy for organization, 20
Information security professionals, 86, 86, 86, 86, 86
Infrastructure database warehouse, 67
Intangible assets, 12
Intelligence community, 3, 3
Intelligence Reform and Terrorism Prevention Act of 2004, 68
Interagency Security Committee (ISC) Standard, 41
Interstate 35 (I-35) Mississippi River bridge collapse, 50, 51f
Intrusion, 84, 84, 90–91, 91, 91
Inventory system, 67
Islamic State in Iraq and the Levant (ISIL), 42
ISO 17799, 20

J

Jurisdiction, 38
criticality of target site to, 73, 74–75
impact outside of, 73, 75–76
Jurisdictional threat, 42–44

K

Kansas City hotel walkway collapse, 49, 50f

L

Law enforcement community, 3, 109
Law enforcement team, 137–138, 138
Legal risk (information security), 16, 19–23
access control, 22
asset classification and control, 20
business continuity management, 23
communications and operations management, 21
compliance, 23
information security infrastructure, creation of, 20
information security policy for organization, 20
ISO 17799 and BS 7799, 20
personnel security, 20–21
physical and environmental security, 21
system development and maintenance, 22
Legislative compliance, 18
Level of visibility, 73, 74, 74t
Litigation or legal risk, 18
Local law enforcement, 88–89, 91
Long-term planning, 117–118
Loss-control techniques, 120
Losses, 60–61
Low impact threats, 121
Low probability threats, 121

M

Maintenance, 114
Management of Domestic Incidents, 7
Media contact person, identifying, 94–95, 138
Mitigation, 35, 40, 40, 117–118, 119, 126t
and preparedness, 117
Mitigation measures, 60–61
evaluation, 61
Mitigation of risk, 120–121
Mitigation planning, 118
Morgan Stanley, emergency action plans (EAP) in, 134–135
Mutual aid agreements, See Reciprocal aid agreements

N

National Construction Safety Team Act (2002), 128
National Continuity Policy, 8
National Fire Protection Association, 131–132
National Incident Management System (NIMS), 7
National Infrastructure Protection Plan (NIPP), 63–64, 64–70, 64, 98, 103
and critical infrastructure and key resources, 64–70
goal of, 64–65, 66
mission of, 64
protection of resources, 65
National Institute of Standards and Technology (NIST) investigation, 128
examples of, 128t
National Preparedness, 7
National Preparedness Guidelines (NPG), 65
National Response Center, 131–132
National Response Framework (NRF), 7, 65
National Strategy for Homeland Security, 69
National Strategy to Secure Cyberspace, 69
National Transportation Safety Board, 128
Natural access control, 112
Natural disaster, 17, 17, 38, 46, 46, 64, 65, 66, 102
Natural hazards, 46–49
great San Francisco fire and earthquake, 46
heat wave of 1980, 47
Hurricane Katrina, 48
Natural surveillance, 112–113
Negative socioeconomic dynamics, 114–115
Network management, 21
New staff, training
on emergency action plan, 83, 138–139
Next of Kin, notifying, 137–138
9/11 attack, 2–3, 3, 3, 5
Notification system, 137
Nuclear Regulatory Commission, 131

O

Observation, 34
Occupational Safety and Health Administration’s (OSHA’s) policies, 131, 133–134
Occupational Safety and Health Organization, 35
Oil Pollution Act of 1990, 51
Operational risk, 15–19
areas contributing to, 16–17
business activities, 18
environmental issues, 17
industrial relations, 17
legislative compliance, 18
litigation/legal risk, 18
natural disasters, 17
payment and processing system, 18
risk management techniques, 18
security, 17
technology failures, 17
legal risk, 16
personnel risk, 16
property risk, 16
regulatory risk, 16
reputation risk, 16
technology risk, 16
Organizations, 129–130
adapting, 130
emerging, 130
expanding, 130
extending, 130
redundant, 130

P

Partnership, 65, 68, 68, 69
Payment and processing system, 18
People, 12
Performance metrics, use of, 68
Personnel risk, 16
Personnel security, 20–21
Physical and environmental security, 21
Physical security, 14
risk assessments, 10–14, 27–28
Physical security systems, for vulnerabilities, 84–88
component matrix, 84t, 85t
physical threat, See Physical threat
technology and physical security blended, 86–87
Physical threat, 87–88
environmental disruption, 88
human error, 88
monitoring, 85–86
sabotage, 87
theft, 87
Policies for updating and maintaining EAP, 95, 139
Possible terrorist attack, 77, 79, 79
Post orders, 85t, 89
Posttraumatic stress counseling, 35
Potential population capacity, 73
Potential target threat of hazard, 77–78
Potential threat element (PTE), 40, 42–43, 43–44, 54, 73, 77, 80t, 81t, 82t
Preparedness, 35
in emergency management, 130–132
National Preparedness, 7
real, 130–131
short-term, 130–131
Project management, 120
Property assets, 12
Property risk, 16
Psychological impact, 98, 100
Public address system, 137
Public confidence, impact on, 100
Public law enforcement agency, 138
Public relations person, 138

Q

Quadrennial Homeland Security Review, 7
Quantitative methods, 124
Questioning, 34

R

Real preparedness, 130–131
“Real-time” system, 137
Reciprocal aid agreements, 129–130
Reconstruction, 117–118
Recorded business information, 58
Recovery plan, 35, 36
Redundant organizations, 130
Regulatory risk, 16
Relative risk analysis, 126t
Reporting and alerting authorities, 93, 136–137
Reputational risk, 23
managing, 23
Reputation risk, 16, 23
“Residual” risks, 123
Resilience, 127–128
Response protocol, 84, 90, 90–91, 91
Response to a disaster, 35
Risk, defined, 10
Risk analysis, 25, 120, 123–127
business perspective, 26
decision-making process, 26
executive management role in, 32–36
major event incidents in order of probability, 123–127
physical security risk assessments, 27–28
quantitative risk model, 26
risk assessment method, 28–30
security assessments, benefits of, 31–32
Risk Analysis and Management for Critical Asset Protection (RAMCAP), 4–6
Risk assessment, 6, 11, 56, 56, 56–57, 58, 60, 97, 120–121, 134, 134
applied approach, 100–102
consequences, considering, 98–100
economic impact, 99
government capability, impact on, 100
human impact, 98
public confidence, impact on, 100
consequences, determining, 100–102
departments involved in, 57
effective, 58, 59–60
formulas, 126t
matrix, 121, 122f, 122f
physical security, 27–28
tools, 58, 60
types of, 57
vulnerability assessment, 60–61
Risk assessment method, 28–30, 31
Risk control, 29
Risk identification, 29, 55
assets, 57–58
exposure, 58–60
losses, 60–61
Risk impact, 56, 56, 58, 59, 59
Risk management, 6, 10, 10–11, 14–15, 65, 68, 68, 120
asset assessment, 11
countermeasure options, determination of, 11
formula used in, 11
risk assessment, 11
threats assessment, 11
vulnerabilities assessment, 11
Risk management model, 121t
Risk Management Process for Federal Facilities, 41
Risk management program, 56
Risk management techniques, 18
Risk mitigation, 65, 66, 66, 67
Risk occurrence, 56, 59
likelihood of, 59, 60–61
Risk tolerance, 59, 59, 59

S

Sabotage, 87
Security, 17, 22
information security, 19, 20, 20
and intelligence organizations, 41
personnel, 20–21
physical and environmental, 21
physical security systems, 84–88
and safety engineering, 128–129
Security assessments, benefits of, 31–32
cost effectiveness, 31
Security audits, 33
Security guard, 89, 89, 89
Security officers, use of, 88–90
Security program, 72, 72
Security survey, 33, 34
Security threat assessment, 12–13
Security vulnerability, 72, 72, 72
Short-term preparedness, 130–131
Sign-in sheet, for visitors, 137
Six ranking level
for accessibility, 76
for potential target site population, 78
for potential target threat of hazard, 77–78
Smart Practices, 131–132
Social media, 43f
Staff, alerting
of an emergency, 93–94, 137
Staff and visitors, alerting, 137
Surveillance, 112
natural, 112–113
System development and maintenance, 22

T

Target hardening, 111, 114
Target site
criticality of, to jurisdiction, 74–75
potential target site population, 78
Technology failures, 17
Technology risk, 16
Territoriality, 111–112
Terrorism, 2–3, 42, 42, 42
Terrorist attack, 4, 102
Terrorist attack, possible, 77, 79, 79
Terrorist mitigation, 118
Terrorist Threat Integration Center (TTIC), 42
Threat, 103
analysis, 126, 126t
assessment, 6, 11, 28
characterization, 5
defined, 12, 120–121
deterrence, 65
physical and virtual, 87
probability, 124
rating, 72, 74, 75
sources, 126
Threat Factor Rating Worksheet, 44
Threat factors, 43–44
capability, 43
existence, 43
history, 43
intention, 43
targeting, 43
Threat identification and rating, 37, 41–42
all-hazards approach versus design-basis threat, 38–41
human-made hazards, 49–54
identifying hazards, 45–46
information gathering, 41–42
jurisdictional threat, 42–44
natural hazards, 46–49
TOPOFF (Top Officials), 131–132
Tornado, 90, 92, 92–93, 95
Total consequence score, 102
Training
for new staff, 138–139
for security officer, 89, 89–90
Transportation Security Administration (TSA), 4

U

U.S. Department of Justice, 131

V

Violent emergencies, 94
Visitors, alerting
of an emergency, 93–94, 137
Visual alarms, 137
Voice-activated fire alarms, 137
Vulnerabilities, 83, 103
defined, 12, 120–121
emergency action plans (EAP) for, 90–95
employee background checks, 88
lessening of, 65, 66, 67, 67, 68, 68, 69
physical security systems, 84–88
security officers, use of, 88–90
Vulnerability analysis, 6, 31, 124–125, 126t
Vulnerability assessment, 11, 27, 27, 28, 31, 60–61, 71, 72–79
accessibility, 76–77
collateral mass casualties, potential for, 78–79
criticality of target site to jurisdiction, 74–75
impact outside of the jurisdiction, 75–76
level of visibility, 74
potential target site population, 78
potential target threat of hazard, 77–78
worksheet
human-made (accidental), 81t
human-made (terrorist), 80t
natural disaster, 82t
Vulnerability hazards, 45

W

White-collar crime, 32
WMD-CST (weapons of mass destruction, civil support team), 131–132
World Trade Center bombing (1993), 2–3
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset