Course Outline

Risk Analysis–Approved Risk Analysis Methods

• Risk Analysis for Facilities and Structures
• Many Interested Stakeholders and Agendas
• Commercially Available Software Tools
• Risk Analysis Basics
• Risk Assessment Steps
• Which Methodology to Use?

Risk Analysis Skills and Tools

• Skill #1: Gathering Data
• Skill #2: Research and Evidence Gathering
• Skill #3: Critical Thinking in the Risk Analysis Process
• Skill #4: Quantitative Analysis
• Skill #5: Qualitative Analysis
• Skill #6: Countermeasure Selection
• Skill #7: Report Writing

Commercially Available Software Tools

• Lesser Software Tools
• Affordable Tool Examples

Critical Thinking and the Risk Analysis Process

• Overview of Critical Thinking
• The Importance of Critical Thinking
• Analysis Requires Critical Thinking
• The Eight Elements That Make Up the Thinking Process
• The Concepts, Goals, Principles, and Elements of Critical Thinking 

Define Scenarios and Evaluate Specific Consequences

• Asset / Attack Matrix
• Threat / Target Nexus Matrix
• Weapons / Target Nexus Matrix
• Adversary Sequence Diagram Path Analysis
• Surveillance Opportunities Matrix
• Evaluate Vulnerability
• Survey Points
• Quantitative Analysis Matrices
• Determine Accessibility
• Identify Intrinsic Vulnerabilities
• Natural Countermeasures

Evaluate Effectiveness of Existing Security Measures

• The Vulnerability Calculation Spread sheet
• Qualitative Analysis Section
• Vulnerability Detail Spread sheet
• Vulnerability Detail Matrix

Resources for Likelihood

• Viewing the Range of Possible Threat Actors
• Criminal versus Terrorism Likelihood Resources
• General Comparison for Resources
• Terrorism Asset Target Value Estimates
• Criminal Incident Likelihood Estimates
• Criminal Statistics
• Economic Crime Asset Target Value Estimate
• Non-terrorism Violent Crime Asset Target Value Estimate
• Petty Crimes Asset Target Value Estimate

The Risk Analysis Process

• The Complete Risk Analysis Process
• The Risk Analysis Process
• Diagram Analysis
• Asset Target Value Matrices
• Probability Summary Matrix
• Vulnerability Components
• Prioritizing Risk
• Prioritization Criteria
• Natural Prioritization (Prioritizing by Formula)
• Prioritization of Risk
• Communicating Priorities Effectively
• Best Practices Ranking Risk Results

Security Policy Introduction

• The Hierarchy of Security Program Development
• What Are Policies, Standards, Guidelines, and Procedures?
• Other Key Documents
• The Key Role in Policies in the Overall Security Program
• Benefits to Having Proper Policies
• Security Policy and Countermeasure Goals
• The Role of Policies in the Security Program 

The Role of Countermeasures in the Security Program

• Why Should Policies Precede Countermeasures?
• Security Policy Goals
• Security Countermeasure Goals
• Policy Support for Countermeasures
• Key Policies

Process for Developing and Introducing Security Policies

• Triggers for Policy Changes
• Policy Request Review
• Policy Impact Statement
• Subject Matter Expert and Management Review Process
• Policy Requirements
• Basic Security Policies
• Security Policy Implementation Guidelines
• Regulatory-Driven Policies
• Non-regulatory-Driven Policies

Countermeasure Goals and Strategies

• Countermeasure Objectives, Goals, and Strategies
• Access Control
• Deterrence
• Detection
• Assessment
• Response (Including Delay)
• Evidence Gathering
• Comply with the Business Culture of the Organization
• Minimize Impediments to Normal Business Operations
• Safe and Secure Environments
• Design Programs to Mitigate Possible Harm from Hazards and Threat Actors

Types of Countermeasures

• Baseline Security Program
• Specific Countermeasures
• Countermeasure Selection Basics
• The Challenge
• Countermeasure Effectiveness
• Functions of Countermeasures
• Countermeasure Effectiveness
• Helping Decision Makers Reach a Consensus on Countermeasure Alternatives 

Security Effectiveness Metrics

• A Useful Commercial Model
• What Kind of Information Do We Need to Evaluate to Determine Security

Program Effectiveness?

• What Kind of Metrics Can Help Us Analyse Security Program Effectiveness?
• Adversary Sequence Diagrams
• Vulnerability / Countermeasure Matrix
• Security Event Logs
• Patrol Logs (Vulnerabilities Spotting / Violations Spotting)
• Annual Risk Analysis

Cost-Effectiveness Metrics

• What Are the Limitations of Cost-Effectiveness Metrics?
• What Metrics Can Be Used to Determine Cost-Effectiveness?
• Communicating Priorities Effectively
• Basis of Argument
• Complete Cost-Effectiveness Matrix
• Complete Cost-Effectiveness Matrix Elements

Writing Effective Reports

• The Comprehensive Risk Analysis Report
• Asset / Attack Matrix
• Threat / Target Nexus Matrix
• Weapon / Target Nexus Matrix
• Surveillance Opportunities
• Risk Calculation
• Baseline Security Program
• Identifying Key Assets for Special Consideration
• Develop Countermeasure Budgets
• Countermeasure Implementation Recommendations
• Report Supplements
• Risk Register