|
Front Cover |
1 |
|
|
Metrics and Methods for Security Risk Management |
4 |
|
|
Copyright Page |
5 |
|
|
Dedication |
6 |
|
|
Table of Contents |
8 |
|
|
About the Author |
12 |
|
|
Foreword |
14 |
|
|
Preface |
16 |
|
|
Acknowledgments |
20 |
|
|
Part 1: The Structure of Security Risk |
22 |
|
|
Chapter 1: Security Threats and Risk |
24 |
|
|
1.1. Introduction to Security Risk Or Tales Of The Psychotic Squirrel and the Sociable Shark |
24 |
|
|
1.2. The Fundamental Expression of Security Risk |
30 |
|
|
1.3. Introduction to Security Risk Models And Security Risk Mitigation |
35 |
|
|
1.4. Summary |
38 |
|
|
References |
39 |
|
|
Chapter 2: The Fundamentals of Security Risk Measurements |
40 |
|
|
2.1. Introduction |
40 |
|
|
2.2. Linearity and Nonlinearity |
40 |
|
|
2.3. Exponents, Logarithms, and Sensitivity To Change |
46 |
|
|
2.4. The Exponential Function ex |
48 |
|
|
2.5. The Decibel |
49 |
|
|
2.6. Security Risk and the Concept of Scale |
52 |
|
|
2.7. Some Common Physical Models In Security Risk |
54 |
|
|
2.8. Visualizing Security Risk |
58 |
|
|
2.9. An Example: Guarding Costs |
63 |
|
|
2.10. Summary |
64 |
|
|
Chapter 3: Security Risk Measurements And security programs |
66 |
|
|
3.1. Introduction |
66 |
|
|
3.2. The Security Risk Assessment Process |
68 |
|
|
3.2.1 Unique threats |
68 |
|
|
3.2.2 Motivating security risk mitigation: The five commandments of corporate security |
69 |
|
|
3.2.3 Security risk models |
70 |
|
|
3.3. Managing Security Risk |
75 |
|
|
3.3.1 The security risk mitigation process |
75 |
|
|
3.3.2 Security risk standards |
79 |
|
|
3.4. Security Risk Audits |
91 |
|
|
3.5. Security Risk Program Frameworks |
94 |
|
|
3.6. Summary |
94 |
|
|
Part 2: Measuring and Mitigating Security Risk |
100 |
|
|
Chapter 4: Measuring the Likelihood Component Of security Risk |
102 |
|
|
4.1. Introduction |
102 |
|
|
4.2. Likelihood Or Potential for Risk? |
103 |
|
|
4.3. Estimating the Likelihood of Randomly Occurring Security Incidents |
106 |
|
|
4.4. Estimating the Potential for Biased Security Incidents |
109 |
|
|
4.5. Averages and Deviations |
112 |
|
|
4.6. Actuarial Approaches to Security Risk |
118 |
|
|
4.7. Randomness, Loss, and Expectation Value |
120 |
|
|
4.8. Financial Risk |
127 |
|
|
4.9. Summary |
128 |
|
|
References |
129 |
|
|
Chapter 5: Measuring the Vulnerability Component of Security Risk |
130 |
|
|
5.1. Introduction |
130 |
|
|
5.2. Vulnerability to Information Loss Through Unauthorized Signal Detection |
131 |
|
|
5.2.1. Energy, Waves, and Information* |
132 |
|
|
5.2.2 Introduction to acoustic energy and audible information |
136 |
|
|
5.2.3 Transmission of audible information and vulnerability to conversation-level overhears |
138 |
|
|
5.2.4 Audible information and the effects of intervening structures |
141 |
|
|
5.2.5 Introduction to electromagnetic energy and vulnerability to signal detection |
147 |
|
|
5.2.6 Electromagnetic energy and the effects of intervening material |
153 |
|
|
5.2.7 Vulnerability to information loss through unauthorized signal detection: A checklist |
156 |
|
|
5.3. Vulnerability to Explosive Threats |
157 |
|
|
5.3.1 Explosive parameters |
157 |
|
|
5.3.2 Confidence limits and explosive vulnerability |
163 |
|
|
5.4. A Theory of Vulnerability to Computer Network Infections |
167 |
|
|
5.5. Biological, Chemical, and Radiological Weapons |
172 |
|
|
5.5.1 Introduction |
172 |
|
|
5.5.2 Vulnerability to radiological dispersion devices |
173 |
|
|
5.5.3 Vulnerability to biological threats |
183 |
|
|
5.5.4 Vulnerability to external contaminants |
189 |
|
|
5.5.5 Vulnerability to chemical threats |
193 |
|
|
5.6. The Visual Compromise of Information |
194 |
|
|
5.7. Summary |
196 |
|
|
References |
197 |
|
|
Chapter 6: Mitigating Security Risk: reducing vulnerability |
200 |
|
|
6.1. Introduction |
200 |
|
|
6.2. Audible Signals |
201 |
|
|
6.2.1 Acoustic barriers |
203 |
|
|
6.2.2 Sound reflection |
205 |
|
|
6.2.3 Sound absorption |
206 |
|
|
6.3. Electromagnetic Signals |
208 |
|
|
6.3.1 Electromagnetic shielding |
208 |
|
|
6.3.2 Intra-building electromagnetic signal propagation |
212 |
|
|
6.3.3 Inter-building electromagnetic signal propagation |
215 |
|
|
6.3.4 Non-point source electromagnetic radiation |
216 |
|
|
6.4. Vehicle-borne Explosive Threats: Barriers and Bollards |
219 |
|
|
6.5. Explosive Threats |
224 |
|
|
6.6. Radiological Threats |
227 |
|
|
6.7. Biological Threats |
231 |
|
|
6.7.1 Particulate filtering |
231 |
|
|
6.7.2 Ultraviolet germicidal irradiation |
233 |
|
|
6.7.3 Combining UVGI and particulate filtering |
235 |
|
|
6.7.4 More risk mitigation for biological threats |
237 |
|
|
6.7.5 Relative effectiveness of influenza mitigation |
238 |
|
|
6.8. Mitigating the Risk of Chemical Threats (Briefly Noted) |
243 |
|
|
6.9. Guidelines for Reducing the Vulnerability to Non-Traditional Threats in Commercial Facilities |
245 |
|
|
6.10. Commercial Technical Surveillance Countermeasures |
246 |
|
|
6.10.1 Questionnaire for prospective commercial TSCM vendors |
254 |
|
|
6.11. Electromagnetic Pulse Weapons |
255 |
|
|
6.11.1 The EPFCG threat |
256 |
|
|
6.11.2 EMP generated in proximity to unshielded facilities |
256 |
|
|
6.11.3 EMP generated in proximity to shielded facilities |
258 |
|
|
6.12. Summary |
259 |
|
|
References |
260 |
|
|
Epilogue |
264 |
|
|
Appendix A: Scientific prefixes |
266 |
|
|
Appendix B: Sound levels and intensities |
268 |
|
|
Appendix C: The speed of sound in common materials |
270 |
|
|
Appendix D: Closed circuit television (CCTV) performance criteria and technical specifications |
272 |
|
|
Performance Criteria |
272 |
|
|
Operational Modes |
272 |
|
|
Image Data and Transmission Requirements |
272 |
|
|
Camera/System Management |
272 |
|
|
Image Resolution |
272 |
|
|
Record Frame Rate |
273 |
|
|
Image Storage |
273 |
|
|
Ambient Lighting |
273 |
|
|
Power and Resilience |
273 |
|
|
Field of View |
273 |
|
|
Information Security Restrictions |
273 |
|
|
Appendix E: Physical access authorization system performance criteria |
274 |
|
|
High-Level System Architecture |
274 |
|
|
Physical Access Authorization |
274 |
|
|
Physical Access Authorization Conditions and Signaling |
274 |
|
|
Physical Access Authorization Information Transmission |
275 |
|
|
Physical Access Authorization History And Reporting |
275 |
|
|
Physical Access Authorization Equipment Security |
275 |
|
|
Appendix F: Exterior barrier performance criteria and technical specifications |
276 |
|
|
Appendix G: Window anti-blast methods technical specifications* |
278 |
|
|
Appendix H: Qualitative interpretation of Rw values |
280 |
|
|
Index |
282 |
|