Module Five - Final Exam

.docx

School

Northern Arizona University *

*We aren’t endorsed by this school

Course

370

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

6

Uploaded by jeannicoleang

INT 370 Final Exam Final Exam INT 370 NAU Final Exam 1. What are the principles of Protective Security? “The easiest battle to win is the one that is never fought.” Protective Security is made up of eight principles: Prevention, Information Collection, Information sharing, Risk Mitigation, Cost-Benefit Analysis, Situational Awareness, Security, and Suspicious Activity. Protection – The best way to respond to a terrorist attack is to prevent it from eve happening. One of the easiest and inexpensive ways to prevent an attack is to raise the level of awareness of all personnel present at a potential target to the threat =an adversary may pose. Training personnel who work at a critical asset about the threats, risks, tactics, and weapons used by adversaries could help to interdict a potential attack while it is still in the planning stages. Information Collection – Criminals and terrorist may take weeks or months to collect the information they need to plan an operation. The use of methods and sources of getting information early in the planning stage helps to minimize the risk of an operation being compromised. If understand how information can be collected by the bad guys and using it against us, we can take steps to protect the information that is determined to be critical. Common ways criminals and terrorist collect intelligence is by: Open Sources Research, Communication, People, and Public Domain Technical Reports. Information Sharing – When information has been analyzed it should be disseminated to all applicable law enforcement and emergency response agencies for appropriate actions. Information should also be shared with the private and public sector critical infrastructure, key resources, key assets, or soft target that may be impacted by terrorist activity. Risk Mitigation – Involves the implementation or installation of security countermeasures intended to sufficiently reduce the identified risks to the critical asset based on the results of the risk assessment process. The goal is to protect the critical asset with cost-effective and practical security countermeasures that are applicable and reasonable to the critical asset being protected. Cost-Benefit Analysis – The purpose of the cost-benefit analysis is to demonstrate that funds spent on implementing the security countermeasures can be justified with a corresponding reduction in risk to the critical asset. Situational Awareness – Is the knowledge of where you are, where other friendly elements are, and identifying potential threats and dangerous situations. Continuously
INT 370 Final Exam being aware of everything that is happening around oneself and the importance of everything observed. Security – Protecting information is the cornerstone of the operational security process. OPSEC coordinates all actions necessary to prevent an adversary from learning about plans or operations. It is a five-step analytic risk management process that can be constantly updated and reviewed based on current threats. Suspicious Activity – It is important that everyone understands that they have a part in preventing an adversary attack from occurring. One way everyone can participate in everyday counterterrorism efforts is to be aware of suspicious attack. If you see something say something. 2. What is Risk Management? Why is it important? Risk is present in everything we do, but risk can be controlled. We can control and minimize the unnecessary risks we faced every day. Risk management is a systematic, analytical process. Risk management involves using all of the information gathered during the risk analysis and assessment process to evaluate security policy options. It is the process involved in the identification, selection, and adoption of security measures justified by the identified risks to a critical asset, and the reduction of these risk to acceptable levels that reflect the best combination of security and cost. The challenge of risk management is to find the balance between protecting critical assets, not interfering with the primary mission of the critical asset and avoiding fiscal collapse in the process of implementing security countermeasures. Risk management is made up of four principles. Accept No Unnecessary Risks - is when all hazard that could have been detected have not been detected, then unnecessary risks are accepted by the critical asset. When new intelligence information is gathered and analyzed, it must be communicated to appropriate levels of personal to ensure appropriate security countermeasures can be implemented. Make Risk Decisions at the Appropriate level – Risk decisions should be made at the lowest possible level in the organization. It allows for the timeliest decision to be made and allow for the quickest response time to implement appropriate security countermeasures. Accept Risks When the Costs Outweigh the Benefits – The fundamental objective of risk management is to minimize and ultimately eliminate risk. Someone will need to make the decision not to implement a particular security countermeasure to address a specific threat. Sometimes, it is more practical to accept the risk based on analysis that an attack is unlikely to occur or will be unsuccessful. Integrate Risk Management into Operations and Planning at All Levels – Risk management must be incorporated at all levels of an organization in everyday planning and security operations.
INT 370 Final Exam Risk management is important because a terrorism risk can be managed in order to minimize the threat and mitigate the potential impacts. In the absence of a loss, insurance provides comfort to a critical asset, it also offers a path to recovery if a terrorist event does occur. Risk-management is a never-ending process, and it is important to continue new tactics as threats continue to evolve. It is important to continue to assess the threat and vulnerabilities and continuing to install new security countermeasures. 3. What Critical Infrastructure/Key Resources/Key Assets would you protect and how? The Critical Infrastructure that I would protect would be a Nuclear Plants. Nuclear Plants are used to produce isotopes for medical uses and to train nuclear engineers. The nuclear industry also includes hundreds of plants that enrich uranium and fabricate fuel for reactors. Some of these facilities contain materials terrorists could use to build a nuclear or dirty bomb. Power plants could be hijacked to create an accident like sending clouds of radioactivity over hundreds of miles. It is important to regulate both safety and security at nuclear power plants. I would protect it by adding multiple layers of protection to the core reactors. My workforce would increase one-third to include security relations. I would conduct regular drills on the nuclear plants and have assistance by well trained former military units to attack the plant with up-to-date materials and techniques. Majority of new reactors come online; I would regulate to ensure cybersecurity on the reactors. I would regulate and enforce new security measures and inspect security at nuclear sites. Most importantly, security forces at nuclear facilities should be required to practice attack scenarios regularly under the gaze of independent observers. The Key Resource that I would protect would be a cruise ship. Cruise ships offer great value to an individual on their vacation, because the fares include nearly everything you’ll need for a fantastic trip. On a cruise you unpack once, and your floating hotel takes you from city to city or from island to island and there’s no need to mess with a train or ferry schedules. Ships are floating cities, which makes them more vulnerable to terrorist attacks. Cruise ships carry under 23 million passengers which can be in harms way for a terrorist attack. I would protect the ship by monitoring the communication connections on the ship, as well as checking the navigation constantly and program cybersecurity measurements to prevent from getting hijacked. I will also provide a prevention plan to the guest on-board to make them aware if an attack were to occur and to be well aware of their surroundings. If they see anything, to say something. The Key Asset that I would protect would be the Washington Monument. The Washington Monument has a lot of history, and it is important to preserve it. -It symbolizes America’s heritage, it’s a high-profile landmark, not well protected, popular, attracts many visitors daily and has open and easy accessibility. The high potential for an unacceptable loss of life and property exists, along with the severe degradation of the public image and confidence in the ability of the United States to protect its people and
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help