Risk analysis and security countermeasure selection / Thomas L. Norman (2025)

Author
Norman, Thomas L.
Published
Boca Raton, FL : CRC Press, [2016]
Edition
Second edition.
Physical Description
xxxiii, 449 pages : illustrations ; 26 cm

Availability

Browse Nearby on Shelf

I Want It

I Want It

Finding items...

Contents
Machine generated contents note: ch. 1 Risk Analysis: The Basis for Appropriate and Economical Countermeasures -- For Students Using This Book in an Academic Environment -- Introduction -- Critical Thinking -- Qualitative versus Quantitative Analysis -- Required Skills -- Tools -- Theory, Practice, and Tools -- Theory -- Practice -- Tools -- Organization -- Summary -- References -- Q&A -- Questions -- Answers -- ch. 2 Risk Analysis Basics and DHS-Approved Risk Analysis Methods -- Introduction -- U.S. Department of Homeland Security Concerns -- Risk Analysis for Facilities and Structures -- Many Interested Stakeholders and Agendas -- Commercially Available Software Tools -- Risk Analysis Basics -- Risk Assessment Steps -- DHS-Approved Risk Assessment Methodologies -- Which Methodology to Use? -- Community versus Facility Methodologies -- Strengths and Weaknesses of Major Methodologies -- CFATS Information -- CSAT Top Screen -- CSAT Security Vulnerability Assessment (SVA) -- Summary -- Introduction -- Risk Analysis for Facilities and Structures -- Many Interested Stakeholders and Agendas -- Commercially Available Software Tools -- Risk Analysis Basics -- Risk Assessment Steps -- Which Methodology to Use? -- Strengths and Weaknesses of Major Methodologies -- References -- Q&A -- Questions -- Answers -- ch. 3 Risk Analysis Skills and Tools -- Introduction -- Security Risk Analysis Skills -- Security Risk Analysis Tools -- Skill #1: Gathering Data -- Interviews -- Types of Data Required -- Get the Organization's Mission Statement -- Understand the Organization's Programs (Business Units) -- Assets by Classification -- Existing Countermeasures -- Skill #2: Research and Evidence Gathering -- Interviews -- Internet Research -- Telephone Research -- Records Research -- Surveys -- Asset Classifications -- Historical Data Relating to Security Events -- Criticalities and Consequences Assessment -- Bibliography Building -- Countermeasures Research -- Skill #3: Critical Thinking in the Risk Analysis Process -- Skill #4: Quantitative Analysis -- Skill #5: Qualitative Analysis -- Converting Quantitative Data into Qualitative Data -- Skill #6: Countermeasure Selection -- Countermeasure Selection -- Cost-Benefit Analysis -- Skill #7: Report Writing -- Tools -- Commercially Available Software Tools -- Lesser Software Tools -- Affordable Tools Examples -- Summary -- Introduction -- Tools -- References -- Q&A -- Questions -- Answers -- ch. 4 Critical Thinking and the Risk Analysis Process -- Introduction -- Overview of Critical Thinking -- Importance of Critical Thinking -- Analysis Requires Critical Thinking -- The Eight Elements That Make Up the Thinking Process -- The Concepts, Goals, Principles, and Elements of Critical Thinking -- Critical Thinking Concepts and Goals -- Principles -- Elements of Critical Thinking -- Purpose -- The Question at Issue: Most Thinking Is about Problem Solving -- Understand Our Own and Others' Points of View -- Gather Assumptions -- Gather Information -- Examine the Implications and Possible Consequences Related to the Issue -- Determine What Concepts, Theories, Definitions, Axioms, Laws, Principles and/or Models Are Applicable to the Issue -- Draw Interpretations, Inferences, and Conclusions from the Data; Validate the Data; and Formulate Recommendations Based on the Results -- Pseudocritical Thinking -- Intellectual Traits -- Importance of Integrating Critical Thinking into Everyday Thinking -- Applying Critical Thinking to Risk Analysis -- Inductive versus Deductive Reasoning -- The Analysis Process -- More about Critical Thinking -- The Root of Problems -- Summary -- References -- Q&A -- Questions -- Answers -- ch. 5 Asset Characterization and Identification -- Introduction -- Theory -- Practice -- Asset List -- Asset Categorization -- People -- Property -- Proprietary Information -- Business Reputation -- Interviews -- Facility and Asset List -- Research -- Surveys -- Tools -- Summary -- Theory -- Practice -- Facility and Asset List -- Tools -- Reference -- Q&A -- Questions -- Answers -- ch. 6 Criticality and Consequence Analysis -- Introduction -- Twofold Approach -- Criticality versus Consequence -- Criticality -- Visualization -- Consequence Analysis -- Building Your Own Criticality/Consequences Matrix -- Criticality/Consequence Matrix Instructions -- Summary -- Criticality -- Consequence Analysis -- Q&A -- Questions -- Answers -- ch. 7 Threat Analysis -- Introduction -- Theory -- Threats versus Hazards -- All-Hazards Risk Analysis -- Terrorists -- Economic Criminals -- Nonterrorist Violent Workplace Criminals -- Subversives -- Petty Criminals -- Design Basis Threat -- Practice -- Tools -- Adversary/Means Matrix -- Purpose -- Functions -- Attributes -- Example -- Predictive Threat Assessment -- Inductive versus Deductive Reasoning -- Deductive Reasoning -- Inductive Reasoning -- Inductive Context -- Predictive Threat Analysis -- Predictive Risk Example -- Summary -- Threats versus Hazards -- Design Basis Threat -- Practice -- Tools -- Predictive Threat Assessment -- References -- Q&A -- Questions -- Answers -- ch. 8 Assessing Vulnerability -- Introduction -- Review of Vulnerability Assessment Model -- Define Scenarios and Evaluate Specific Consequences -- Asset/Attack Matrix -- Threat/Target Nexus Matrix -- Weapons/Target Nexus Matrix -- Adversary Sequence Diagrams (ASD) and Path Analysis -- Surveillance Opportunities Matrix -- Evaluate Vulnerability -- Survey Points -- Quantitative Analysis Matrixes -- Determine Accessibility -- Identify Intrinsic Vulnerabilities -- Natural Countermeasures -- Evaluate Effectiveness of Existing Security Measures -- Physical Countermeasures -- Electronic Countermeasures -- Operational Countermeasures -- Vulnerability Calculation Spreadsheet -- Qualitative Analysis Section -- Vulnerability Detail Spreadsheet -- Vulnerability Detail Matrix -- Summary -- Introduction: Review of Vulnerability Assessment Model -- Define Scenarios and Evaluate Specific Consequences -- Evaluate Vulnerability -- Vulnerability Calculation -- Qualitative Analysis Section -- Vulnerability Listing -- References -- Q&A -- Questions -- Answers -- ch. 9 Estimating Probability -- Introduction -- Basic Risk Formula -- Likelihood -- Terrorism Probability Estimates and Surrogates -- Resources for Likelihood -- Viewing the Range of Possible Threat Actors -- Terrorist Threat Actors -- Criminal Threat Actors -- Criminal versus Terrorism Likelihood Resources -- General Comparison for Resources -- Terrorism Asset Target Value Estimates -- CARVER+Shock -- KSM Asset Target Value Model -- Criminal Incident Likelihood Estimates -- Criminal Statistics -- Economic Crime Asset Target Value Estimate -- Nonterrorism Violent Crime Asset Target Value Estimate -- Petty Crimes Asset Target Value Estimate -- Summary -- Likelihood -- Terrorism Asset Target Value Estimates -- Criminal Incident Likelihood Estimates -- Criminal Statistics -- Economic Crime Asset Target Value Estimate -- Nonterrorism Violent Crime Asset Target Value Estimate -- Petty Crimes Asset Target Value Estimate -- References -- Q&A -- Questions -- Answers -- ch. 10 Risk Analysis Process -- Introduction -- Objective -- Examples -- Displaying Risk Formula Results -- Complete Risk Analysis Process -- Probability (Likelihood) Factors -- Vulnerability Factors -- Consequence Factors -- Risk Analysis Process -- Probability Factors -- AO Information -- Targeteering Information -- Terrorist Group Attack Scenarios -- Diagram Analysis -- Asset Target Value Matrixes -- Probability Summary Matrix -- Vulnerability Components -- Vulnerability Tools -- Consequence Components -- Risk Formulas -- Risk Results (Unranked) -- Summary -- Introduction -- Displaying Risk Formula Results -- Complete Risk Analysis Process -- Probability Factors -- Vulnerability Factors -- Consequence Factors -- Risk Formulas -- Risk Results (Unranked) -- Q&A -- Questions -- Answers -- ch. 11 Prioritizing Risk -- Introduction -- Prioritization Criteria -- Natural Prioritization (Prioritizing by Formula) -- Prioritization of Risk -- Prioritizing by Probability -- Prioritizing by Consequences -- Prioritizing by Criticality -- Prioritizing by Cost -- Simple Cost Prioritization -- Process-Driven Cost Prioritization -- Communicating Priorities Effectively -- Making the Case -- Developing the Arguments -- Best Practices: Ranking Risk Results -- Displaying the Ranked Results as a Visual Graphic -- Summary -- Prioritization Criteria -- Natural Prioritization (Prioritizing by Formula) -- Prioritization of Risk -- Communicating Priorities Effectively -- Making the Case -- Best Practices: Ranking Risk Results -- Displaying the Ranked Results as a Visual Graphic -- Q&A -- Questions -- Answers -- ch. 12 Security Policy Introduction -- Introduction -- Hierarchy of Security Program Development -- What are Policies, Standards, Guidelines, and Procedures? -- Other Key Documents -- Standards -- Guidelines -- Procedures -- Position Paper -- Guiding Principles -- The Key Role of Policies in the Overall Security Program -- Policies Define All Other Countermeasures -- Legal Challenges -- Challenges by Users -- Benefits of Having Proper Policies -- Control Factors -- Summary -- Hierarchy of Security Program Development -- Policies, Standards, Guidelines, and Procedures -- Other Key Documents -- The Key Role of Policies in the Overall Security Program -- Benefits of Having Proper Policies -- Control Factors -- Q&A -- Questions -- Answers -- ch. 13 Security Policy and Countermeasure Goals -- Introduction -- Theory -- Role of Policies in the Security Program -- Role of Countermeasures in the Security Program -- Why Should Policies Precede Countermeasures? -- Security Policy Goals -- Security Countermeasure Goals -- Policy Support for Countermeasures -- Key Policies -- Authorities and Responsibilities -- Protection of Life -- Special Countermeasures Example -- Crime Prevention -- Access Control Program -- and Contents note continued: Asset and Property Protection -- Individual Responsibilities for Security -- Guards -- VIP Protection Program -- Emergency Security Plans -- Summary -- Introduction -- Questions That Policies Answer -- Role of Policies in the Security Program -- Role of Countermeasures in the Security Program -- Q&A -- Questions -- Answers -- ch. 14 Developing Effective Security Policies -- Introduction -- Process for Developing and Introducing Security Policies -- Triggers for Policy Changes -- Policy Request Review -- Policy Impact Statement -- Subject Matter Expert and Management Review Process -- Policy Requirements -- Basic Security Policies -- Security Policy Implementation Guidelines -- Regulation-Driven Policies -- Non-Regulation-Driven Policies -- Summary -- Process for Developing and Introducing Security Policies -- Policy Requirements -- Basic Security Policies -- Security Policy Implementation Guidelines -- Q&A -- Questions -- Answers -- ch. 15 Countermeasure Goals and Strategies -- Introduction -- Countermeasure Objectives, Goals, and Strategies -- Access Control -- Goals -- Modes -- Deterrence -- Goals -- Strategies -- Detection -- Goals -- Strategies -- Surveillance Detection -- Attack Detection -- Assessment -- Goals -- Is the Detection Itself Real, False, or a Nuisance Detection? -- If the Detection Is Real, What Is the Level and Nature of the Threat Actors? -- What Is Their Goal? -- What Weapons Are They Carrying? -- What Are Their Tactics? -- Could Their Intentions Include Violence? -- Are They Employing Countersurveillance Methods? -- How Are They Dressed? How Can Law Enforcement Distinguish the Threat Actors from Ordinary Employees or Customers? -- What Is Their Apparent Exit Strategy? -- Strategies -- Response -- Goals -- Strategies -- Evidence Gathering -- Goals -- Strategies -- Comply with The Business Culture of the Organization -- Goal -- Strategies -- Minimize Impediments to Normal Business Operations -- Goals -- Strategies -- Safe and Secure Environment -- Goals -- Strategies -- Design Programs to Mitigate Possible Harm from Hazards and Threat Actors -- Summary -- Introduction -- Access Control -- Goals -- Strategies -- Deterrence -- Goals -- Strategies -- Detection -- Goals -- Strategies -- Assessment -- Goals -- Strategies -- Response -- Goals -- Strategies -- Evidence Gathering -- Goals -- Strategies -- Comply with the Business Culture of the Organization -- Goal -- Strategies -- Minimize Impediments to Normal Business Operations -- Goals -- Strategies -- Safe and Secure Environment -- Goals -- Strategies -- Design Programs to Mitigate Possible Harm from Hazards and Threat Actors -- Reference -- Q&A -- Questions -- Answers -- ch. 16 Types of Countermeasures -- Introduction -- Baseline Security Program -- Typical Baseline Security Program Elements and Implementation -- Designing Baseline Countermeasures (and Qualifications) -- Qualifications -- Design Process -- Specific Countermeasures -- Countermeasure Selection Basics -- High-Tech Elements -- Access Control Systems -- Detection Systems -- Consoles and Management Offices -- Security System Archiving Technologies -- Security System Archiving Schemes -- Security System Infrastructures -- Low-Tech Elements -- Locks -- Revolving Doors -- Mechanical and Electronic Turnstiles -- Vehicle Gates -- Deployable Barriers -- Lighting -- Signage -- No-Tech Elements -- Define the Deterrence Program -- Define the Response Program -- Define the Evidence Gathering Program -- Summary -- Introduction -- Baseline Security Program (BSP) -- Specific Countermeasures -- Countermeasure Selection Basics -- References -- Q&A -- Questions -- Answers -- ch. 17 Countermeasure Selection and Budgeting Tools -- Introduction -- The Challenge -- Countermeasure Effectiveness -- Functions of Countermeasures -- Examples -- Infiltration Scenarios -- Attack Scenarios -- Attack Objective Parameters -- Specific Targeting Objectives -- Criminal Violent Offender Types -- Mentally Unstable Offenders -- Economic Criminal Types -- Economic Criminal Objectives -- Criminal Offender Countermeasures -- Countermeasure Effectiveness Metrics: Functional Effectiveness -- Helping Decision Makers Reach Consensus on Countermeasure Alternatives -- Summary -- Introduction -- Countermeasure Effectiveness -- Functions of Countermeasures -- Infiltration Scenarios -- Attack Scenarios -- Attack Objective Parameters -- General Objectives of Terrorism -- Specific Targeting Objectives -- Offender Types -- Criminal Violent Offender Types -- Economic Criminal Types -- Economic Criminal Objectives -- Criminal Offender Countermeasures -- Countermeasure Effectiveness Metrics -- Functional Effectiveness -- Helping Decision Makers Reach Consensus on Countermeasure Alternatives -- Q&A -- Questions -- Answers -- ch. 18 Security Effectiveness Metrics -- Introduction -- Theory -- Sandia Model -- A Useful Commercial Model -- What Kind of Information Do We Need to Evaluate to Determine Security Program Effectiveness? -- What Kind of Metrics Can Help Us Analyze Security Program Effectiveness? -- Adversary Sequence Diagrams -- Vulnerability/Countermeasure Matrix -- Security Event Logs -- Patrol Logs (Vulnerabilities Spotting/Violations Spotting) -- Annual Risk Analysis -- Summary -- Introduction -- Sandia Model -- A Useful Commercial Model -- What Kind of Metrics Can Help Us Analyze Security Program Effectiveness? -- Security Event Logs -- Patrol Logs (Vulnerabilities Spotting/Violations Spotting) -- Annual Risk Analysis -- References -- Q&A -- Questions -- Answers -- ch. 19 Cost-Effectiveness Metrics -- Introduction -- What Are the Limitations of Cost-Effectiveness Metrics? -- What Metrics Can Be Used to Determine Cost-Effectiveness? -- Communicating Priorities Effectively -- Making the Case -- Developing the Arguments -- Presenting the Case -- Basis of Argument -- Countering Arguments -- Complete Cost-Effectiveness Matrix -- Complete Cost-Effectiveness Matrix Elements -- Security Program Recommendations Summary Board -- Vertical and Horizontal Elements -- Vertical Elements -- Horizontal Elements -- Risk Descriptions -- Countermeasure Options and Cost Elements -- Countermeasure Mitigation Values -- Risk Rankings and Budgets -- Phase Recommendations and Phasing Budgets -- Budget Breakdowns by Phases and Risks -- Summary -- Introduction -- What Are the Limitations of Cost-Effectiveness Metrics? -- What Metrics Can Be Used to Determine Cost-Effectiveness? -- Communicating Priorities Effectively -- Making the Case -- Q&A -- Questions -- Answers -- ch. 20 Writing Effective Reports -- Introduction -- Presentation -- Graphics -- Preparation for a Successful Presentation -- Comprehensive Risk Analysis Report -- Executive Summary -- Introduction -- Assessment Process -- Facility Characterization -- Threat Assessment -- Vulnerability Assessment -- Asset/Attack Matrix -- Threat/Target Nexus Matrix -- Weapon/Target Nexus Matrix -- Surveillance Opportunities -- Likelihood (Probability) Calculation -- Risk Calculation -- Countermeasures -- Baseline Security Program -- Identifying Key Assets for Special Consideration -- Develop Countermeasure Budgets -- Countermeasure Implementation Recommendations -- Report Supplements -- Risk Register -- Footnotes -- Tables -- Index and Glossary -- Attachments -- Countermeasure Budget Presentation -- Microsoft PowerPoint Presentation -- Handouts for the Presentation -- Summary -- Comprehensive Report -- Countermeasure Budgets -- PowerPoint Presentation -- Handouts for Presentation -- Presentation -- Graphics -- Preparation for a Successful Presentation -- Comprehensive Risk Analysis Report -- Executive Summary -- Introduction -- Assessment Process -- Facility Characterization -- Threat Assessment -- Vulnerability Assessment -- Risk Calculation -- Countermeasures -- Countermeasure Budgets -- Countermeasure Implementation Recommendations -- Report Supplements -- Q&A -- Questions -- Answers.
Subject(s)
  • Security systems
  • Business enterprisesSecurity measures
  • Office buildingsSecurity measures
  • Computer security
  • Risk assessment
ISBN
9781482244199 (hardcover ; alk. paper)
1482244195 (hardcover ; alk. paper)
Bibliography Note
Includes bibliographical references and index.

View MARC record | catkey: 17287673

Risk analysis and security countermeasure selection / Thomas L. Norman (2025)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Geoffrey Lueilwitz

Last Updated:

Views: 5639

Rating: 5 / 5 (80 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Geoffrey Lueilwitz

Birthday: 1997-03-23

Address: 74183 Thomas Course, Port Micheal, OK 55446-1529

Phone: +13408645881558

Job: Global Representative

Hobby: Sailing, Vehicle restoration, Rowing, Ghost hunting, Scrapbooking, Rugby, Board sports

Introduction: My name is Geoffrey Lueilwitz, I am a zealous, encouraging, sparkling, enchanting, graceful, faithful, nice person who loves writing and wants to share my knowledge and understanding with you.