Overview of Three Risk Analyses: MSRAM, OCTAVE, and CRAMM Essay

1901 Words 8 Pages
Introduction
This paper discusses three risk analysis methodologies, specifically, MSRAM, OCTAVE, and CRAMM and provides a detailed description of each and how they incorporate risk into a platform for decision makers to use in their endeavors to prevent, protect, mitigate, respond, and in recovery measures as part of the risk assessment and management processes.
MSRAM
The MSRAM method was established through the U.S. Coast Guard to deliver a uniform and all-inclusive approach for gauging risks and allocating resources throughout all areas of responsibility of the U.S. Coast Guard. It replaced the Port Security Risk Tool and offers a comprehensive, risk-based approach to assessing the nation’s port’s and waterways (Edmonson 2006, 18).
…show more content…
The drawback of the MSRAM approach is the time and expertise required to populate the MSRAM database. Unfortunately, MSRAM is not available outside of the U.S. Coast Guard.
Quality assurance is provided by paralleling new data to averages calculated from the national database for each attack scenario. This is accompanied by an alert, informing the user whenever the new data are outside of recommended ranges. If a user insists on entering data outside of recommended ranges, the software requires the user to enter a detailed explanation and flags any such entries for further review at the local, district, area, and headquarters levels.
MSRAM defines 23 attack modes (methods used by terrorists to cause harm) and 62 target classes (based on specific functionality), which are provided by the tool through selectable drop-down windows. Each target class/attack-mode pair is called a scenario. The possible pairings of target class with attack modes represent a reasonable sampling of plausible event scenarios. However, scenarios are hard-wired into the tool and cannot be changed by users.
Threat numbers for each scenario are determined by subject matter experts at an Intelligence Coordination Center (ICC) and provided through the MSRAM tool. It is important to note that users do not calculate threat probabilities. Instead, they use threat probabilities provided by the MSRAM tool. This is an
Open Document