Risk Assessment (Site Security): Difference between revisions
Rmanwaring (talk | contribs) (Created page with "__NOTOC__ ---- <!-- Delete any sections that are not necessary to your topic. Add pictures/sections as needed --> [Paragraph here] ==Other Headings== [Paragraph here] ==Examples== {{Website Icon}} ==Best Practices Resources== {{Document Icon}} ==Trainings== {{Video Icon}} <!-- For information on notation for in text citations visit https://www.mediawiki.org/wiki/Help:Cite Or simply enclose the citation as shown <ref> citation </ref> in the location of the in text men...") |
No edit summary |
||
(7 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
[[Category:Site Security]] | |||
---- | ---- | ||
<!-- Delete any sections that are not necessary to your topic. Add pictures/sections as needed --> | <!-- Delete any sections that are not necessary to your topic. Add pictures/sections as needed --> | ||
[ | "Facility-specific risk assessments explicitly take into account the specific vulnerabilities of each asset and the local and regional consequences of asset failure, while factoring in relevant information about Dams Sector threats from operational experience and intelligence information. The result of risk assessments informs the development of facility-specific security and resilience measures that reduce individual [[owner]] and operator risk and collectively contribute to regional and national resilience. The Dams Sector also assesses sector-level consequences using combined results of individual consequence assessments." <ref name="Dams Sector">[[Dams Sector-Specific Plan | Dams Sector-Specific Plan, U.S. Department of Homeland Security, 2015]]</ref> | ||
= | "Effective crisis management planning depends on understanding the threats and hazards that a particular organization faces. This is typically performed through a threat and hazard identification and [[Risk Assessment|risk assessment]] process that collects information about the natural hazards, technological hazards, and human-caused incidents that challenge the organization’s ability to deliver its purpose or benefit. Through this assessment process, the organization provides context to each threat or hazard by describing the risk and/or assigning values of risk for the purposes of deciding which threats and hazards the plan(s) should prioritize and subsequently address. Evaluating risk involves estimating the probability that the specific threat or hazard will occur and the likely impacts, including the severity, notification timing, and duration. Conducting a [[Risk Assessment|risk assessment]] will ensure organizations understand the threats they face, prioritize their actions, identify and compare options, and effectively allocate their resources."<ref name="CISA">[[Dams Sector Crisis Management Handbook | Dams Sector Crisis Management Handbook, Cybersecurity and Infrastructure Security Agency, 2021]]</ref> | ||
[ | |||
"Potential sources of threat and hazard information can include the following: | |||
*"Expert knowledge about past or potential future threats or hazards | |||
= | *"Existing assessments (e.g., security, risk, and vulnerability) conducted by the organization | ||
*"Records from previous incidents, including historical data | |||
== | *"Forecasts or models of future risks due to changing weather and demographic patterns | ||
*"Input from local law enforcement and/or [[Emergency Management|emergency management]] agency | |||
*"Information and/or intelligence from a state or local fusion center | |||
*"National threat alerts and bulletins such as those issued by Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI)" <ref name="CISA"/> | |||
==Types of Security== | |||
* [[Physical Security]] | |||
* [[Cyber Security]] | |||
<!-- For information on notation for in text citations visit https://www.mediawiki.org/wiki/Help:Cite Or simply enclose the citation as shown <ref> citation </ref> in the location of the in text mention. Citations will automatically populate below--> | <!-- For information on notation for in text citations visit https://www.mediawiki.org/wiki/Help:Cite Or simply enclose the citation as shown <ref> citation </ref> in the location of the in text mention. Citations will automatically populate below--> |
Latest revision as of 17:38, 14 December 2022
"Facility-specific risk assessments explicitly take into account the specific vulnerabilities of each asset and the local and regional consequences of asset failure, while factoring in relevant information about Dams Sector threats from operational experience and intelligence information. The result of risk assessments informs the development of facility-specific security and resilience measures that reduce individual owner and operator risk and collectively contribute to regional and national resilience. The Dams Sector also assesses sector-level consequences using combined results of individual consequence assessments." [1]
"Effective crisis management planning depends on understanding the threats and hazards that a particular organization faces. This is typically performed through a threat and hazard identification and risk assessment process that collects information about the natural hazards, technological hazards, and human-caused incidents that challenge the organization’s ability to deliver its purpose or benefit. Through this assessment process, the organization provides context to each threat or hazard by describing the risk and/or assigning values of risk for the purposes of deciding which threats and hazards the plan(s) should prioritize and subsequently address. Evaluating risk involves estimating the probability that the specific threat or hazard will occur and the likely impacts, including the severity, notification timing, and duration. Conducting a risk assessment will ensure organizations understand the threats they face, prioritize their actions, identify and compare options, and effectively allocate their resources."[2]
"Potential sources of threat and hazard information can include the following:
- "Expert knowledge about past or potential future threats or hazards
- "Existing assessments (e.g., security, risk, and vulnerability) conducted by the organization
- "Records from previous incidents, including historical data
- "Forecasts or models of future risks due to changing weather and demographic patterns
- "Input from local law enforcement and/or emergency management agency
- "Information and/or intelligence from a state or local fusion center
- "National threat alerts and bulletins such as those issued by Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI)" [2]
Types of Security
Citations:
Revision ID: 5687
Revision Date: 12/14/2022