Index
Note: Page numbers followed by “f” and “t” refer to figures and tables, respectively.
A
Adapting organizations,
130
characterization and screening,
classification and control,
20
identification and prioritization,
63–64
B
Biodefense for the 21st Century,
“Broken window” theory,
109,
114
Built environment concepts,
108,
109
Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF),
3–4
Business continuity management,
23
Business’s internal processes,
58–59
C
Centers for Disease Control and Prevention (CDC),
41
Central Intelligence Agency (CIA),
3–4
Chemical, biological, radiologic, nuclear, and explosive (CBRNE) materials,
73,
77,
77,
77–78,
80t,
82t,
91
Collateral mass casualties, potential for,
73,
78–79
Communications and operations management,
21
Computing and network equipment,
87
Computing infrastructure,
86,
88
Confusion, during evacuation process,
136,
136–137
analysis,
impact on government capability,
100
impact on public confidence,
100
Coordinators, in emergency action plans,
135
Cost-effective security solutions,
30
Cost-to-benefit ratio,
30
Countermeasure options, determination of,
11
Crime prevention through environmental design (CPTED),
107
natural access control,
112
Critical Infrastructure and Key Resources (CIKR),
64,
64–70
Critical Infrastructure Identification, Prioritization and Protection,
Cyber Security Initiative,
D
Deepwater Horizon oil spill,
99
Department of Homeland Security (DHS), ,
32,
41,
64,
66,
67,
67,
68,
69,
90
Homeland Security Act of 2002,
6–7
homeland security platform,
2–4
Homeland Security Presidential Directives (HSPDs),
7–8
risk analysis and management for critical asset protection,
4–6
threat levels used by,
91f
DHS Security Information Intelligence Agency (CIA),
42
Disaster management, phases of,
119t
Documented procedures,
21
Domestic Nuclear Detection,
E
accounting for everyone after implementation,
94,
136
emergencies outside of the building,
94,
134
evacuation procedures, escape routes, and floor plans,
92–93,
135–136
media contact person, identifying,
94–95,
138
policies for updating and maintaining,
95,
139
reporting and alerting authorities,
93,
136–137
staff and visitors, alerting,
93–94,
137
Emergency management, phases of,
79
Emerging organizations,
130
Employee background checks,
88
Enterprise risk management (ERM),
13–14,
72
Environmental disruption,
88
Environmental Protection Agency (EPA), ,
Event incidents in order of probability,
123–127
Executive management, in risk analysis,
32–36
Exercises, in emergency preparedness,
130–131,
131
Expanding organizations,
130
Extending organizations,
130
Exxon Valdez oil spill,
51
F
Facility’s vulnerability,
79,
79
Family-based disaster planning,
128–129
Federal Bureau of Investigation (FBI),
3–4
FBI Joint Terrorism Task Forces,
41
Federal Emergency Management Agency (FEMA), ,
131–132
“The four dimensions of crime”,
109
Full security threat assessment,
39
G
Government capability, impact on,
100
Great San Francisco fire and earthquake,
46,
47f
H
Hazard Identification Worksheet,
53t
Hazardous material, release of,
102
Hazards, identifying,
45–46
Hearing impaired, emergency notification for,
137
High probability threat,
121
Homeland Security Act of 2002,
6–7,
65,
69
Homeland Security Offices,
41
Homeland security platform,
2–4
Homeland Security Presidential Directives (HSPDs),
7–8
HSPD-5,
HSPD-8,
HSPD-9,
HSPD-10,
HSPD-12,
HSPD-14,
HSPD-20,
HSPD-23,
and economic impact worksheets,
101t
Human-made (terrorist) attacks,
72–74
assessment worksheet,
80t
Human-made hazards,
49–54
interstate 35 (I-35) Mississippi River bridge collapse,
50,
51f
Kansas City hotel walkway collapse,
49,
50f
Oil Pollution Act of 1990,
51
Hurricane Katrina, 2005,
48
I
and software exchange agreements,
21
Information security infrastructure, creation of,
20
Information security policy for organization,
20
Information security professionals,
86,
86,
86,
86,
86
Infrastructure database warehouse,
67
Intelligence community, ,
Intelligence Reform and Terrorism Prevention Act of 2004,
68
Interagency Security Committee (ISC) Standard,
41
Interstate 35 (I-35) Mississippi River bridge collapse,
50,
51f
Islamic State in Iraq and the Levant (ISIL),
42
J
criticality of target site to,
73,
74–75
Jurisdictional threat,
42–44
K
Kansas City hotel walkway collapse,
49,
50f
L
Law enforcement community, ,
109
Legal risk (information security),
16,
19–23
asset classification and control,
20
business continuity management,
23
communications and operations management,
21
information security infrastructure, creation of,
20
information security policy for organization,
20
ISO 17799 and BS 7799,
20
personnel security,
20–21
physical and environmental security,
21
system development and maintenance,
22
Legislative compliance,
18
Litigation or legal risk,
18
Loss-control techniques,
120
Low probability threats,
121
M
Management of Domestic Incidents,
Media contact person, identifying,
94–95,
138
Mitigation measures,
60–61
Morgan Stanley, emergency action plans (EAP) in,
134–135
N
National Construction Safety Team Act (2002),
128
National Continuity Policy,
National Fire Protection Association,
131–132
National Incident Management System (NIMS),
and critical infrastructure and key resources,
64–70
protection of resources,
65
National Institute of Standards and Technology (NIST) investigation,
128
National Preparedness,
National Preparedness Guidelines (NPG),
65
National Response Framework (NRF), ,
65
National Strategy for Homeland Security,
69
National Strategy to Secure Cyberspace,
69
National Transportation Safety Board,
128
Natural access control,
112
great San Francisco fire and earthquake,
46
Negative socioeconomic dynamics,
114–115
New staff, training
Nuclear Regulatory Commission,
131
O
Occupational Safety and Health Administration’s (OSHA’s) policies,
131,
133–134
Occupational Safety and Health Organization,
35
Oil Pollution Act of 1990,
51
areas contributing to,
16–17
legislative compliance,
18
litigation/legal risk,
18
payment and processing system,
18
risk management techniques,
18
P
Payment and processing system,
18
Performance metrics, use of,
68
Personnel security,
20–21
Physical and environmental security,
21
Physical security systems, for vulnerabilities,
84–88
technology and physical security blended,
86–87
environmental disruption,
88
Policies for updating and maintaining EAP,
95,
139
Possible terrorist attack,
77,
79,
79
Posttraumatic stress counseling,
35
Potential population capacity,
73
Potential target threat of hazard,
77–78
National Preparedness,
Psychological impact,
98,
100
Public address system,
137
Public confidence, impact on,
100
Public law enforcement agency,
138
Public relations person,
138
Q
Quadrennial Homeland Security Review,
Quantitative methods,
124
R
Recorded business information,
58
Redundant organizations,
130
Relative risk analysis,
126t
Reporting and alerting authorities,
93,
136–137
Response to a disaster,
35
decision-making process,
26
executive management role in,
32–36
major event incidents in order of probability,
123–127
physical security risk assessments,
27–28
quantitative risk model,
26
risk assessment method,
28–30
security assessments, benefits of,
31–32
Risk Analysis and Management for Critical Asset Protection (RAMCAP),
4–6
Risk assessment, ,
11,
56,
56,
56–57,
58,
60,
97,
120–121,
134,
134
consequences, considering,
98–100
government capability, impact on,
100
public confidence, impact on,
100
departments involved in,
57
vulnerability assessment,
60–61
Risk identification,
29,
55
countermeasure options, determination of,
11
vulnerabilities assessment,
11
Risk management model,
121t
Risk Management Process for Federal Facilities,
41
Risk management program,
56
Risk management techniques,
18
S
information security,
19,
20,
20
and intelligence organizations,
41
physical and environmental,
21
physical security systems,
84–88
Security assessments, benefits of,
31–32
Security officers, use of,
88–90
Security threat assessment,
12–13
Security vulnerability,
72,
72,
72
Sign-in sheet, for visitors,
137
Six ranking level
for potential target site population,
78
for potential target threat of hazard,
77–78
Staff, alerting
Staff and visitors, alerting,
137
System development and maintenance,
22
T
Target site
criticality of, to jurisdiction,
74–75
potential target site population,
78
Terrorist attack, possible,
77,
79,
79
Terrorist mitigation,
118
Terrorist Threat Integration Center (TTIC),
42
characterization,
Threat Factor Rating Worksheet,
44
Threat identification and rating,
37,
41–42
all-hazards approach versus design-basis threat,
38–41
human-made hazards,
49–54
identifying hazards,
45–46
information gathering,
41–42
jurisdictional threat,
42–44
Total consequence score,
102
Training
Transportation Security Administration (TSA),
U
U.S. Department of Justice,
131
V
Visitors, alerting
Voice-activated fire alarms,
137
emergency action plans (EAP) for,
90–95
employee background checks,
88
physical security systems,
84–88
security officers, use of,
88–90
collateral mass casualties, potential for,
78–79
criticality of target site to jurisdiction,
74–75
impact outside of the jurisdiction,
75–76
potential target site population,
78
potential target threat of hazard,
77–78
worksheet
human-made (accidental),
81t
human-made (terrorist),
80t
Vulnerability hazards,
45
W
WMD-CST (weapons of mass destruction, civil support team),
131–132
World Trade Center bombing (1993),
2–3