Introduction to Security Risk Assessment and Management -- Introduction -- Business Definition -- Security versus Risk -- Framework for Risk Management -- Value at Risk -- Calculation of Risk -- Risk Assessment Versus Risk Management -- Risk Management Plans -- Threat Scenarios -- Statistics and Mathematics -- Pairing Vulnerability and Threat Data -- Setting Priorities -- Other Definitions of Risk Assessment -- Business Definition for Risk Assessment -- Broad Definition for Risk Assessment -- Quantitative Risk Assessment -- Qualitative Risk Assessment -- Threats -- Vulnerabilities -- Countermeasures for Vulnerabilities -- The D's of security systems -- Sample Threat Scenario No. 1 -- Background -- Sample Threat Scenario No. 2 -- Background -- Risk Assessment Basics -- Street Calculus and Perceived Risk -- Street Calculus -- Security Risk Assessment Structure -- Value at Risk -- Sandia Laboratory's Risk Assessment Analysis -- Annualized Cost Analysis of Risk -- Scenario-Driven Cost Risk Analysis -- Real-world example -- Model-Based Risk Analysis -- MBRA example case -- Risk Management by Fault Tree Methods and Risk-Informed Decision Management -- Fault tree analysis -- RIDM -- Assessing Types of Attacks and Threats with Data Sources -- Weapons -- AK-47 -- M16 -- Sniper rifles -- Muzzle Energies for Various Cartridges -- Rifle Grenades -- Rocket-Propelled Grenades and Mortars -- Explosive Energies -- Impact of explosives -- Other Types of Incidents and Accidents -- Evaluating a Company's Protective Systems -- Surveys and Assessments -- Site Security Assessments -- Checklists -- Cyber security checklist -- Lighting -- Perimeter Barriers: Design Notes and Comments -- CCTV -- Windows and Doors -- Port Security -- Ranking Threats -- Natural threats -- Man-made/accidental threats -- Intentional acts-delivery vectors -- Weapon threats -- Levels of Port Security -- Security response plans -- Recommended procedures -- Identification Procedures for Personnel Screening -- Employees -- Vendors/contractors/vessel pilots -- Truck drivers/passengers -- Visitors (all personnel not falling into other categories) -- Government employees -- Vessel personnel access through a facility -- Search requirements -- Acceptable identification -- Access control -- Vessel Arrival and Security Procedures While Moored -- Internal Security -- Vehicle control -- Rail security -- Key/ID/access card control -- Computer security -- Security rounds -- Perimeter Security and Restricted Areas -- Barriers -- Fencing -- Lighting -- Security Alarms/Video Surveillance/Communications Systems -- Alarms -- Video surveillance -- Communications systems -- Training and Security Awareness -- Floating Barriers -- Basics of Cyber Security -- Communications Life Cycle -- Some Solutions to the Problem of Cyber crime -- General recommendations -- Communications Security -- Communications as Transactions -- Telephone System Security -- Radio Communications -- Digital Communications -- Cyber security -- Vulnerability assessment -- Unknowns and alternatives -- How to Perform the Vulnerability Assessment -- Critical success factors -- Optimum assessment team size -- Communications Procedure Design: Hints and Helps -- Benefits: Identified -- Example -- Cyber Threat Matrix: Categories of Loss and Frequency -- Setting up Internet Security -- External versus internal testing -- Security focus -- Browser and domain security -- Data encryption -- Cyber security Tools -- Scenario Planning and Analyses -- Introduction -- FTA, Markov Chains, and Monte Carlo Methods -- Fuzzy fault trees -- Markov chains and Bayesian analysis -- Other Complimentary Techniques -- Fishbone (Ishikawa) diagrams -- Pareto charts -- Sample of Initial Analysis -- Failure Modes and Effects Analysis -- DHS Analysis and Plans -- Bow-Tie Analysis -- Example -- Hazops and Process Safety Management -- Process safety information: General -- PHA and HAZOPS -- ALOHA, CAMEO, and Security Planning Tools -- The Colored Books -- Generic Guideline for the Calculation of Risk Inherent in the Carriage of Dangerous Goods by Rail -- The Orange Book: Management of Risk-Principles and Concepts -- The Green Book: Methods for the Determination of Possible Damage to People and Objects Resulting from Release of Hazardous Materials, CPR-16E -- The Yellow Book: Methods for the Calculation of Physical Effects due to the Releases of Hazardous Materials (Liquids and Gases), CPR-14E -- The Red Book: Methods for Determining and Processing Probabilities, CPR-12 -- The Purple Book: Guidelines for Quantitative Risk Assessment, PGS 3 -- Sample outline for emergency response -- Security System Design and Implementation-Practical NOTES -- Security Threat-Level Factors -- Considered Factors -- Vehicle bombs -- Standoff weapons -- Minimum standoff distances -- Security System Design -- Perimeter barriers -- Active vehicle barriers -- Entry roadways -- Entry control stations -- Reinforcement of buildings and infrastructure -- Windows -- Security system lighting -- Lighting system design -- Electronic Security Systems Design -- Alarm configurations and design -- Access control -- Employee screening -- Visitor identification and control -- Packages, personnel, and vehicle control -- Lock and key systems -- Security forces -- Cargo security -- Port security systems -- Review and Assessment of Engineering Design and Implementation -- Auditing and evaluation -- Risk assessment team -- Blank sheet approach to auditing and evaluation -- Business approach to auditing and evaluation -- Benchmarking -- How to evaluate a physical security system? -- Security systems audits -- What to review? -- Implementation of risk assessment -- SQUARE: Prioritizing security requirements -- Security monitoring and enforcement -- Security awareness program -- Proposed future training requirements -- Security management -- The differing roles of the security department -- Stress management techniques -- Security management techniques
0
"Serves as a comprehensive, yet concise, reference guide and discusses a broad range of physical safety, security measures, and risk management"--