riskmanagementapproachpresentation.pdfVIP专享VIP免费原创优质

下载本文档

阅读 107
下载 16
格式 pdf
大小 391.54 KB
约21页
2025-01-31 发布于陕西
收藏
评论
点赞(0)
海报
举报

riskmanagementapproachpresentation.pdf_第1页

riskmanagementapproachpresentation.pdf_第2页

riskmanagementapproachpresentation.pdf_第3页

/21

OPPMPhysicalSecurityOfficeRiskBasedMethodologyForPhysicalSecurityAssessments12RiskBasedMethodologyforPhysicalSecurityAssessmentsRiskBasedMethodologyforPhysicalSecurityAssessmentsWhyconductAssessments?HomelandSecurityPresidentialDirective7requiresFederalDepartmentsandAgenciesidentifyandprioritizecriticalinfrastructureandkeyresourcesandprotectthemfromterroristattacks.HomelandSecurityPresidentialDirective9requiresUSDAexpandandcontinuevulnerabilityassessmentsoftheagricultureandfoodsectorsandupdateassessmentseverytwo(2)years.Notallassetsatalllocationsrequirethesamedegreeofprotection.Protectionofassetsmustbebasedonarealisticassessmentoftherisksassociatedwiththecriminalandterroristthreatslikelytobedirectedattheassetsintheiractuallocations.TheRiskBasedMethodologyforPhysicalSecurityAssessmentsallowsleadershiptoestablishassetprotectionappropriatefortheasset(s)valueandthelikelihoodofanattempttocompromisetheasset(s).Leadershipcanthenprioritizeassetsandapplyphysicalsecurityresourcesinthemostefficientandcosteffectivemannerpossible.3RiskBasedMethodologyforPhysicalSecurityAssessmentsRiskBasedMethodologyforPhysicalSecurityAssessmentsTheModelTheModel--ExampleExampleThereisafacilitythatinvolvesGMOresearch(Asset).HistoryshowsthereisagroupofExtremists–(Threat)thatdonotlikethistypeofresearch.HistoryalsoindicatestheirModusOperandiistodestroy(burn/slash)theunprotectedasset(Vulnerability)thatwouldsetbackresearchandcostthousandsofdollarsandhundredsofman‐hourstorecapturetheresearch(RiskAnalysis).Welookatthemissioncriticalityoftheassetandthemostcriticaltimeofrisk(CriticalityAssessment)whichisduringgrowingseason.Nowwelookatpresentprotectivemeasuresandwhatisneeded(GapAnalysis)toprotecttheasset.Wesetupourconcentricringsofsecurity(Countermeasures)startingfromtheassetworkingouttowardtheperimeter.OncetheCMsareimplemented,aTrainingsessiononeachCMtakesplace.NowTesttheCMs,andwriteanAfterActionreportidentifyinganyVulnerabilitiesintheCMs.Correctthevulnerabilitiesandtestagain,untilyouaresatisfiedtheCMsareadequatetoprotectagainstthethreat.4RiskBasedMethodologyforPhysicalSecurityAssessmentsRiskBasedMethodologyforPhysicalSecurityAssessmentsINTRODUCTIONINTRODUCTIONRiskmanagementisatechnicalprocedureforidentifyingandevaluatingsecuritythreatsandvulnerabilitiesandforprovidingmanagementwithoptionsandresourcerequirementsformitigatingtherisk(s).TheUSDAriskmanagementmethodologyconsistsoftwodistinctphases:•AssessmentphaseIdentifiesassetsandtheircriticalityIdentifiesspecificthreatsandtheprobabilityofoccurrenceIdentifiesvulnerabilitiesIdentifiessecuritycountermeasurestomitigatevulnerabilitiesandprotectassets•Riskevaluationphase–Basedontheseverityandlikelihoodofcriminalandterroristattacksandconsiderationofcountermeasurescurrentlyinplace,thisphaseestimatestheimpactofthelossofacriticalasset.Thesephasesareanalyzedbyateamofmulti-disciplined(subjectmatter)expertswhoutilizeastructuredbrain-stormingtechnique-knownasriskscenarioanalysis-todevelopscenariosandestimateseverityofconsequencesandprobabilityofoccurrence.Onceestimated,theteamusesmatrixestocalculateprobabilitiesandvulnerabilitylevels.Dependingonprojectscope,anassessmentmayrequire2-3daysfordatareviews,structuredinterviews,riskevaluation,andanoutbriefing.5RiskBasedMethodologyforPhysicalSecurityAssessmentsRiskBasedMethodologyforPhysicalSecurityAssessmentsTEAMCOMPOSITIONTE...

1、当您付费下载文档后，您只拥有了使用权限，并不意味着购买了版权，文档只能用于自身使用，不得用于其他商业用途（如 [转卖]进行直接盈利或[编辑后售卖]进行间接盈利）。
2、本站所有内容均由合作方或网友上传，本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺！文档内容仅供研究参考，付费前请自行鉴别。
3、如文档内容存在违规，或者侵犯商业秘密、侵犯著作权等，请点击“违规举报”。

碎片内容