Title Details

David L Russell, PE is an Environmental Engineer with a background in consulting and in the Chemical Industry. He has over 40 years of experience including 9 years in the chemical industry for Hooker, IMC Chemical and Allied Chemicals. He was an instructor through the American Institute of Chemical Engineers where he taught courses in Practical Wastewater Treatment and Hazardous Materials and Hazardous Wastes. Russell has lectured on security topics to the NATO Advanced Scientific Institute, and has lectured on the responses to terrorism for the Dubai Water and Power Utility, Dubai, UAE, and  taught  plant security to the Security force for Saudi Aramco,  and  General Industries Petroleum Corporation, in Bahrain, Security Force.

Lieutenant Colonel  Pieter Arlow is a Senior  Officer within the South African National Defense Force (SANDF), and has over 30 years of experience.  He is also an instructor and Senior Security Officer, and has organized  and managed many security projects.  As an Officer of the SANDF, Lt.Col. Arlow has expertise in risk analysis management, risk assessment, military operations management, intelligence and counter-intelligence, terrorism and counter insurgency, force employment and operations and security management. Additionally he had been appointed as the Joint Commander for national events such as the Commonwealth Heads of Government Meetings and the World Economic Forums and has organized security for events such as the 2010 FIFA World Cup.

Chapter 1 Introduction to Security Risk Assessment and Management 1

Introduction 1

Business Definition 1

Security Versus Risk 2

Framework for Risk Management 2

Value at Risk 5

Calculation of Risk 6

Risk Assessment Versus Risk Management 6

Risk Management Plans 8

Threat Scenarios 9

Statistics and Mathematics 10

Pairing Vulnerability and Threat Data 11

Setting Priorities 13

Other Definitions of Risk Assessment 14

Business Definition for Risk Assessment 14

Broad Definition for Risk Assessment 15

Quantitative Risk Assessment 15

Qualitative Risk Assessment 15

Threats 15

Vulnerabilities 15

Countermeasures for Vulnerabilities 16

The D’s of security systems 16

Sample Threat Scenario No. 1 18

Background 18

Sample Threat Scenario No. 2 23

Background 23

Chapter 2 Risk Assessment Basics 29

Street Calculus and Perceived Risk 29

Street Calculus 29

Security Risk Assessment Structure 32

Value at Risk 32

Sandia Laboratory’s Risk Assessment Analysis 33

Annualized Cost Analysis of Risk 34

Scenario?]Driven Cost Risk Analysis 36

Real?]world example 37

Model?]Based Risk Analysis 37

MBRA example case 38

Risk Management by Fault Tree Methods and Risk?]Informed Decision Management 39

Fault tree analysis 39

RIDM 42

Chapter 3 Assessing Types of Attacks and Threats with Da ta Sources 62

Weapons 62

AK?]47 62

M16 62

Sniper rifles 63

Muzzle Energies for Various Cartridges 63

Rifle Grenades 63

Rocket?]Propelled Grenades and Mortars 64

Explosive Energies 65

Impact of explosives 66

Other Types of Incidents and Accidents 68

Chapter 4 Evaluating a Company’s Protective Systems 70

Surveys and Assessments 70

Site Security Assessments 71

Checklists 71

Cyber security checklist 71

Lighting 72

Perimeter Barriers: Design Notes and Comments 74

CCTV 79

Windows and Doors 81

Chapter 5 Port Security 82

Ranking Threats 82

Natural threats 82

Man?]made/accidental threats 82

Intentional acts—delivery vectors 83

Weapon threats 83

Levels of Port Security 83

Security response plans 84

Recommended procedures 84

Identification Procedures for Personnel Screening 85

Employees 85

Vendors/contractors/vessel pilots 85

Truck drivers/passengers 85

Visitors (all personnel not falling into other categories) 86

Government employees 86

Vessel personnel access through a facility 86

Search requirements 86

Acceptable identification 87

Access control 87

Vessel Arrival and Security Procedures While Moored 87

Internal Security 88

Vehicle control 88

Rail security 88

Key/ID/access card control 88

Computer security 89

Security rounds 89

Perimeter Security and Restricted Areas 89

Barriers 89

Fencing 89

Lighting 90

Security Alarms/Video Surveillance/Communications Systems 90

Alarms 90

Video surveillance 90

Communications systems 91

Training and Security Awareness 91

Floating Barriers 91

Chapter 6 Basics of Cyber security 93

Communications Life Cycle 93

Some Solutions to the Problem of Cyber crime 94

General recommendations 94

Communications Security 96

Communications as Transactions 96

Telephone System Security 96

Radio Communications 97

Digital Communications 97

Cyber security 98

Vulnerability assessment 98

Unknowns and alternatives 99

How to Perform the Vulnerability Assessment 99

Critical success factors 99

Optimum assessment team size 101

Communications Procedure Design: Hints and Helps 101

Benefits: Identified 102

Example 102

Cyber Threat Matrix: Categories of Loss and Frequency 103

Setting up Internet Security 104

External versus internal testing 105

Security focus 105

Browser and domain security 105

Data encryption 106

Cyber security Tools 107

Chapter 7 Scenario Planning and Analyses 109

Introduction 109

Fta, Markov Chains, and Monte Carlo Methods 110

Fuzzy fault trees 111

Markov chains and Bayesian analysis 111

Other Complimentary Techniques 112

Fishbone (Ishikawa) diagrams 112

Pareto charts 114

Sample of Initial Analysis 114

Failure Modes and Effects Analysis 119

Dhs Analysis and Plans 120

Bow?]Tie Analysis 124

Example 125

Hazops and Process Safety Management 127

Process safety information: General 127

PHA and HAZOPS 128

Aloha, Cameo, and Security Planning Tools 129

The Colored Books 133

Generic Guideline for the Calculation of Risk Inherent in the Carriage of Dangerous Goods by Rail 133

The Orange Book: Management of Risk—Principles and Concepts 133

The Green Book: Methods for the Determination of Possible Damage to People and Objects Resulting from Release of Hazardous Materials, CPR?]16E 135

The Yellow Book: Methods for the Calculation of Physical Effects due to the Releases of Hazardous Materials (Liquids and Gases), CPR?]14E 137

The Red Book: Methods for Determining and Processing Probabilities, CPR?]12 137

The Purple Book: Guidelines for Quantitative Risk Assessment, PGS 3 137

Sample outline for emergency response 141

Chapter 8 Security System Design and Implementation: Practical Notes 148

Security Threat?]Level Factors 148

Considered Factors 148

Vehicle bombs 149

Standoff weapons 151

Minimum standoff distances 151

Security System Design 153

Perimeter barriers 154

Active vehicle barriers 154

Entry roadways 155

Entry control stations 156

Reinforcement of buildings and infrastructure 156

Windows 156

Security system lighting 157

Lighting system design 157

Electronic Security Systems Design 157

Alarm configurations and design 158

Access control 159

Employee screening 160

Visitor identification and control 160

Packages, personnel, and vehicle control 161

Lock and key systems 161

Security forces 162

Cargo security 162

Port security systems 163

Review and Assessment of Engineering Design and Implementation 163

Auditing and evaluation 163

Risk assessment team 164

Blank sheet approach to auditing and evaluation 165

Business approach to auditing and evaluation 165

Benchmarking 166

How to evaluate a physical security system? 167

Security systems audits 167

What to review? 168

Implementation of risk assessment 174

SQUARE: Prioritizing security requirements 177

Security monitoring and enforcement 179

Security awareness program 180

Proposed future training requirements 180

Security management 180

The differing roles of the security department 181

Stress management techniques 181

Security management techniques 184

Conclusion 186

Appendix I 187

Appendix II 196

Index 204