Critical Infrastructure Risk Assessment

Critical Infrastructure Risk Assessment
Автор книги: id книги: 1937354     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 8380,61 руб.     (83,24$) Читать книгу Купить и скачать книгу Купить бумажную книгу Электронная книга Жанр: Техническая литература Правообладатель и/или издательство: Ingram Дата добавления в каталог КнигаЛит: ISBN: 9781944480721 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

As a manager or engineer have you ever been assigned a task to perform a risk assessment of one of your facilities or plant systems? What if you are an insurance inspector or corporate auditor? Do you know how to prepare yourself for the inspection, decided what to look for, and how to write your report? This is a handbook for junior and senior personnel alike on what constitutes critical infrastructure and risk and offers guides to the risk assessor on preparation, performance, and documentation of a risk assessment of a complex facility. This is a definite “must read” for consultants, plant managers, corporate risk managers, junior and senior engineers, and university students before they jump into their first technical assignment.

Оглавление

Ernie Hayden MIPM CISSP CEH GICSP(Gold) PSP. Critical Infrastructure Risk Assessment

Critical Infrastructure. Risk Assessment

COPYRIGHT ©2020, Ernie Hayden

WHAT YOUR COLLEAGUES ARE. SAYING ABOUT CRITICAL INFRASTRUCTURE RISK ASSESSMENT

DEDICATION AND. ACKNOWLEDGEMENTS. The Genesis

Dedications

Acknowledgements

Foreword. by Kirk Bailey

Foreword. by Peter Gregory

Introduction

“Oh, Crap!”

In this chapter you will discover:

Who Should Read This Book?

What Risk?

What is a Risk Assessment?

The Risk Assessment Flow Chart

Your Job

REFERENCES

PART I. FOUNDATIONS

Chapter 1. Just What is. Critical Infrastructure?

1.1 What is Critical Infrastructure?

1.2 Critical Infrastructure Conceptual Development — United States

1.2.1 Mid-1990’s — Executive Order 13010

1.2.2 1998 — Presidential Decision Directive (PDD) 63

1.2.3 2001 (Post 9/11) Executive Order 132 2823

1.2.4 2001 (Post 9/11) USA PATRIOT Act24

1.2.5 2002 National Strategy for Homeland Security26

1.2.6 2003 National Strategy for Physical Infrastructure Protection

1.2.7 2003 Homeland Security Presidential Directive (HSPD-7)

1.2.8 2013 Presidential Policy Directive 21 — Critical Infrastructure Security and Resilience (PPD-21)

1.3 International Perspectives on Critical Infrastructure

1.3.1 United Kingdom

1.3.2 Canada

1.3.3 Australia

1.3.4 New Zealand

1.3.5 European Union

1.3.6 Germany

1.3.7 Netherlands

1.3.8 Japan

1.4 Critical Infrastructure — A Missing Sector

1.5 Critical Infrastructure Interdependencies

1.5.1 Seattle Tacoma Airport Oil Pipeline Interdependencies

1.5.2 Critical Infrastructure Interdependencies with Orbiting Satellites

1.5.3 The Expansive Nature of Interdependencies and Critical Infrastructure

1.6 Conclusion

1.7 Questions for Further Thought and Discussion

REFERENCES

Chapter 2. Risk and Risk Management

2.1 What is Risk?

2.1.1 Threat

2.1.2 Vulnerability

2.1.3 Probability

2.1.4 Consequences or Impact

2.1.5 Nuances of Risk

2.1.6 Risk Appetite and Tolerance

2.1.7 Risk Velocity

2.2 Risk Management

2.2.1 Risk Management Principles

2.2.2 Addressing Risk

2.2.3 Risk Management Process

2.2.4 Risk Management Focus — Component or System

2.2.5 Risk Management Focus — Defensive and Offensive

2.2.6 Risk Management Focus — Checklist Approach

2.2.7 Risk Management — Convenience vs Liability or Risk

2.2.8 Risk Management — Summary Guidance

2.3 The Next Chapter — Risk Assessment

2.4 Questions for Further Thought and Discussion

REFERENCES

Chapter 3. Risk Assessment

In this chapter you will:

3.1 Definitions of Risk Assessment

3.2 Assessment Foundational Principles, Scope, and Applicability

3.3 Application of Risk Assessments

3.4 Risk Assessment Techniques

3.4.1 Ad-hoc Risk Assessment

3.4.2 Deductive Risk Assessment

3.4.3 Inductive Risk Assessment

3.4.4 Targeted Risk Assessment

3.5 Assessment Approaches — Qualitative vs Quantitative

3.6 Dynamic Risk Assessment

3.7 Difference Between Assessment and Audit57

3.8 Assessment Models

3.8.1 ISO 31000

3.8.2 NIST SP 800-30, R1 — Guide for Conducting Risk Assessments

3.8.3 NIST SP 800-30, R0 — Risk Management Guide for Information Technology Systems

3.8.4 Cyber Security Assessments of Industrial Control Systems — Good Practice Guide

3.8.5 Hybrid Risk Assessment Flow Chart

3.9 Assessment Process

3.9.1 Pre-assessment/Planning

3.9.2 Conducting the Assessment

3.9.3 Reporting

3.10 Questions for Further Thought and Discussion

REFERENCES

PART II. HANDBOOK

Chapter 4. Pre-Assessment

In this chapter you will discover:

4.1 Planning

4.2 Identify Team Members

4.3 Identify Assessment Goals

4.4 Collect Artifacts, Templates, Preliminary Documentation

4.5 Define the Assessment Plan

4.6 Hold the Initial Team Meeting

4.7 Client Kick Off Call

4.8 Data Requests to Client

4.9 Packing & Travel Planning

4.10 Devising the Work Plan

4.10.1 Example Site Risk Assessment Visit Plan

4.10.2 Preparing Your Steno Pad

4.10.3 Pre-Checking Control System Assets for Vulnerabilities

4.11 Excited to Start the Assessment

REFERENCES

Chapter 5. The Power of the Observation

In this chapter you will discover:

5.1 An Introduction to the History of Observations

5.2 Just What is an “Observation?”

5.3 Observation Format

5.4 Critical Thinking

5.4.1 Asking “Why?”

5.4.2 Communicating Your Observations

5.4.3 Raising Issues

5.5 Unintended Influence of the Observation on Performance of Work

5.6 Writing the Observation

5.7 The Power of the Observation

REFERENCES

Chapter 6. On Site

In this chapter you will discover:

6.1 On Site Arrival — Entrance Meeting

6.2 Example Site Schedule and Activities

6.3 Conducting Interviews

6.4 Photographs

6.5 Site Facility Inspections

6.5.1 Tools of the Inspection Trade

6.5.2 Inspection Data Collection

6.5.3 Tour Planning

6.5.4 “Working a Room”

6.6 Technical Reviews

6.7 Daily Team Meetings

6.8 Development of Strengths & Weaknesses

6.9 Site Exit Meeting

Questions to Consider

REFERENCES

Chapter 7. The Final Report

In this chapter you will discover:

7.1 Back in the Home Office — Compiling the Information

7.2 Important Terms of Art

7.2.1 Weakness

7.2.2 Strengths

7.2.3 Findings

7.2.4 Informational Observations

7.2.5 Good Practice

7.2.6 More About Findings

7.3 Identifying the Risk Level of Findings

7.3.1 Impact

7.3.2 Probability or Likelihood

7.3.3 Risk Assessment Matrix Development

7.4 Preparing the Draft Report

7.5 Report Review Process

7.6 The Future of the Report

REFERENCES

Chapter 8. Remediation

In this chapter you will discover:

8.1 Rule #1 — Don’t Shelve the Report and Findings!

8.2 Remember Your Objective

8.3 Assign a Professional Project Manager

8.4 Review the Entire Risk Assessment Report

8.4.1 Recognize the Strengths!

8.4.2 Assign Unique Numbers to Each Finding

8.5 Build the Remediation Team

8.6 Kick Off Meeting

8.7 Monthly Meetings (or More Frequent)

8.8 Addressing the Findings

8.9 Costs and Budgeting

8.10 Postmortem/After-Action Review

8.11 Questions for Consideration

REFERENCES

Chapter 9. Continuing the Journey

“Hey Boss, I know how to do a Risk Assessment!”

Your Job

Thank You!

APPENDIX A. EXAMPLE RISK ASSESSMENT REPORT

INDEX

ABOUT THE AUTHOR

Отрывок из книги

“Critical Infrastructure Risk Assessment is an invaluable reference for assessors, business managers, operators, and planners. And given a rapidly evolving geopolitical situation with nations and other actors motivated to compete and fight across multiple domains, the book could not come at a better time.”

Chuck Benson

.....

What is the risk — besides messing up your trousers? The threat is the truck barreling at your truck. The vulnerability is your truck wasn’t designed to be hit at 35 miles per hour by a large vehicle — even with side and front air bags. The consequence could range from death or serious injury to you, death/injury to adjacent cars and pedestrians, death/injury to the truck driver, citations from the police, years of lawsuits, etc.

That is pretty obvious example. What about something more subtle?

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу Critical Infrastructure Risk Assessment
Подняться наверх