National Infrastructure Protection Plan and Risk Management Framework
D’Juan L. Sanders
Professor Rachelle Howard
SEC 310
February 1, 2013
Protecting the Nations Critical Infrastructure
The National Infrastructure Protection Plan’s risk management framework is a process structured to protect the Nation’s CIKR, DHS, and SSA’s assets, systems, networks, and functions by minimizing potential risks that may compromise integrity of these very important sectors. According to free dictionary.com (2013), a risk is any possibility of incurring misfortune or loss; hazard. The framework of this risk management process consists of following a number of steps, in a strategic order, to best assure optimal security and protection. Though
…show more content…
* identify assets and identify which are most critical * identify, characterize, and assess threats * assess the vulnerability of critical assets to specific threats * determine the risk (i.e. the expected consequences of specific types of attacks on specific assets) * identify ways to reduce those risks * prioritize risk reduction measures based on a strategy
These risk management goals allow for personnel to point out the most critical assets by identifying them. Risk management gives personnel the opportunity to understand where their strengths and weaknesses are with vulnerability and the potential impact of consequence that exposure poses. Last but not least, risk management aids in forming a strategy to maintain vulnerability at minimal levels.
Identifying Assets, Systems, and Networks
Identifying assets, systems, and networks must be the most important within in the RM framework because if you don’t know what to protect, how can you protect it? Assets left unprotected can be very detrimental because it can increase national vulnerability to a terrorist attack, natural disaster, or changes in technology. Therefore it is very important to protect any asset that needs protecting or containing anything essential to our nation’s security. Without this
Risk management is the process of prioritizing various risks to determine a the best course of action to take given set resources, importance, or abilities. Risk is determined by a simple mathematical function.
Risk management is designed to mitigate safety concerns, assure quality and protect patients’ rights. Risk management is both proactive-eliminating risks before they can occur, and reactive-after a risk has occurred, taking steps so if will not occur again. Every
It is essential to understand America’s critical infrastructure and key resources (CIKR) and National Infrastructure Protection Program (NIPP) to ensure survivability of its critical assets, while maintaining security for America. “The plans are carried out in practice by an integrated network of Federal departments and agencies, State and local government agencies, private sector entities, and a growing number of regional consortia (DHS, 2009, p. I).” Several agencies work together to mitigate attacks on CIKR to protect public safety and security of the nation. A terrorist may stop at nothing to carry out an attack on CIKR. If an attack or natural disaster does transpire, each agency working together to restore the damage must be timely. Additionally, NIPP helps to identify hazards associated with the various sectors, and provides necessary security measures to harden resources (DHS,
When it comes to the protection and mitigating of any structure or organization risk analysis and vulnerability assessments must be conducts so as to know what’s to be protected, the threats manmade or natural disaster, ranking the potential of threat as well as the probability. In terms of critical infrastructure the risk analysis and vulnerability assessment has guidelines from Homeland Security Presidential Directive Number 7(HSPD-7).
The Department of Homeland Security is task with a very important job of coming up with a critical infrastructure and key resources sectors in order to properly protect, withstand, and rapidly recover from all hazards whether is natural disasters or from a terrorist attack. Through a critical infrastructure set in place the Department of Homeland Security can provide strategic guidance to the public and private partners, encouraging national unity of effort, as well as coordinating the overall federal effort to promote the safekeeping and spirit of the United States (The Department of Homeland Security, 2015). The department of Homeland Security’s approach to identifying all the Critical Infrastructures and Key Resources Sectors,
Homeland security in United States comprises of complex and competing requirements, incentives, and interests that need to be managed and balanced effectively to achieve the desired national objectives. Security, resilience and safety of the country are endangered by different hazards such as cyberspace attacks, terrorism, manmade accidents, pandemics, natural disasters and transnational crimes which are part of external risks affecting homeland security. Internal risks such as projects costs, workforce management and acquisition operations also affect the security. Internal and external risks impact the country in diverse ways such as human death, environmental degradation, injuries, economic loss, among other negative impacts. Department of Homeland Security and other involved partners should be in a position to manage and understand the different risks to security. The security state current is dynamic and relying on past cannot completely inform decision making (CRS, 2007). Risk management therefore is a process of analyzing, communicating and identifying risk and avoiding, accepting, controlling or transferring the risk to acceptable limits considering benefits and costs of measures taken with the aim of ensuring improving security decisions.
I believe that the uncertainty as to what is critical infrastructure and what do we protect comes with our differences as people and what we as individuals believe is important to support daily living and what isn’t. Is it transportation, if so which mode; air, rail, maritime? I think we can all agree these are critical, and protection of these should be a priority. How important is the power grid? An Electromagnetic Pulse is considered a real threat, but there has been little to no preventive protection measures implemented. Experts say that chances we will experience a devastating solar storm in the next 15 years (Foster, 2008). Another example I can provide of a critical infrastructure there is not agreement on regarding the level of protection
According to Freeney & Murphy ( 2013) risk management is a process of risk identification, response development, risk evaluation, continuous observing and appraisal in order to reduce the risk of injury to patients, staff and visitors. Risk has been defined as “the chance of something happening that will have an impact on the achievement of organisational stated objectives,” HSE (2008) or “the effect of uncertainty on the objectives” ISO 31000 : 2009.
Definition: A Risk is an unwanted situation which might arise in an organization which might lead to negative impact on the desired result. Risk management plans involves the analyzing, managing and evaluating the projects risk and threats. It involves layout of the entire project i.e from the beginning during and after results of the project.
The private sector plays a vital role in carrying out the objectives within all 16 sector specific plans. The Emergency Services Sector includes but is not limited to first responding services such as; public work, fire, medical or police services. The goals and objectives of ESS specific plans are to provide first responder services as one of their main missions is the prevention to life. This sector is extremely important as they are the first responders to any type of incident that may even be impacted to other sectors. The National Infrastructure Protection Plan for this sector describes the tasks, duties and responsibilities that the private sector has in order to effectively and successfully operate this types of critical infrastructures. Just like any other sector, this sector requires the private sector to have a good relationship with state, local, tribal, territorial governments, Federal Government and outside organizations as well. Threats, risks, and vulnerabilities are acknowledged and analyzed in every respective infrastructure as they are all different. All factors are then prioritized in order to prevent the best security and mitigate the possible consequences. Public and private sectors must have the ability to continue their businesses and operations after an event has occurred. When an incident of event occur, operating plans must be created and established in order to prevent stoppages or deterrence to the operations. This helps reduce the
Once there has been a risk management assessment, we can know exactly what to expect and what can be done to prevent any type of risk. We will also know how to deal with any risk while it is happening to contain it.
Risk management is the term applied to a logical and systematic method of establishing the context, identifying, analyzing, evaluating, treating, monitoring and communicating risks associated with any activity, function or process in a way that will enable organizations to minimize losses and maximize opportunities. (Lecture notes)Risk Management is also described as 'all the things you need to do to make the future sufficiently certain'. (The NZ Society for Risk Management, 2001)
Good security management requires risk management to mitigate or reduce risk to an acceptable level within an organization. Security management’s objective is to protect the company and its assets. A proper risk analysis will identify the company’s major assets, threats that put those assets at risk, and estimate the possible damage and loss a company may endure if any of the threats were to become real. With a good risk analysis, management can determine the type of budget they want to set to mitigate threats. Risk analysis justifies the cost of the countermeasures against the threats and determines the benefit or worth of security
One well accepted description of risk management is the following: risk management is a systematic approach to setting the best course of action under uncertainty by identifying, assessing, understanding, acting on and communicating risk issues. In order to apply risk management effectively, it is vital that a risk management culture be developed. The risk management culture supports the overall vision, mission and objectives of an organization. Limits and boundaries are established and communicated concerning what are acceptable risk practices and outcomes. Since risk management is directed at uncertainty related to future events and outcomes, it is
Risk Management—Contributing to frameworks and practices for identifying, measuring, managing and reporting risks to the achievement of the objectives of the organization.