Twelve Steps To Assessing Vulnerability

Feb 1, 2003 12:00 PM


         Subscribe in NewsGator Online   Subscribe in Bloglines

Tom Allen, vice president of security systems for Johnson Controls Inc., Controls Group, Milwaukee, manages a subsidiary focused on large design-build security projects for government agencies and the nation's transportation infrastructure. Allen previously was vice president of Scientech Inc.'s Security Division for seven years. He outlines the following 12-step process to assess security risk.

Step 1

Identify and quantify assets. Assets take the form of facilities, personnel, property and information, and it is essential to estimate their value in terms of dollars. For each type of asset identified, assign a consequence rating (not serious, serious, very serious, catastrophic), depending on the total dollar value lost.

Step 2

Identify threat events and existing protective measures. Determine what events could threaten the assets, and figure out what existing baseline security measures address those events.

Step 3

Evaluate the likelihood of occurrence. Events should be identified as highly probable, probable or improbable.

Step 4

Identify the risk level of each threat event. Using assigned consequence ratings and likelihood ratings, determine the risk rating for each asset/threat combination.

Step 5

List the threat events in descending order by risk. Prioritize the threat events that need to be addressed.

Step 6

Identify measures that could mitigate threat events. This could include increased access control, new surveillance equipment or security procedures. Also identify measures that could lessen consequences of an event (i.e. backup equipment, etc.).

Step 7

Reassess the risks assuming each upgrade is implemented. This will illustrate the effectiveness of security improvements and consequence-reduction measures.

Step 8

List proposed upgrades in descending order. Prioritize which measures are most important.

Step 9

Gather information on the cost of the proposed upgrades. The security professional can greatly assist in this task. Take life cycle costs into account.

Step 10

Perform a cost-benefit analysis. Use a simple ratio, where costs are stated in dollars and benefits are ranked on a scale of 1-5 or 1-10.

Step 11

Rank the upgrades by cost-benefit level. Prioritize the upgrades according to the availability of funds.

Step 12

Compare the prioritized upgrades against the available budget, and proceed with the highest rated upgrades until the budget is exhausted. This completes the process.

For more from Johnson Controls, visit http://www.johnsoncontrols.com/

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

Today's New Product

Product 1 Image

Aimetis Corp. Analog/IP Video Management Software

The Symphony integrated video management and analytics software platform from Aimetis Corp. integrates analog and IP cameras with a minimal learning curve for the user. The software is intuitive and easy to install and deploy, according to the supplier.

To read more...


Govt Security

Cover

SUBSCRIBE

This month in Access Control

Popular Stories

Resources

Webinar

Mass Notification Systems

Join AC&SS and ADT as they discuss the crucial role of mass notification systems before, during, and after emergency situations.
March 26 at 2pm ET

Register Now!

Back to Top