Question

In: Nursing

Explain Risk management and risk analysis and their relationship to critical infrastructure protection.

Explain Risk management and risk analysis and their relationship to critical infrastructure protection.

Solutions

Expert Solution

Effective risk assessment methodologies are the cornerstone of a successful Critical Infrastructure

Protection programme. The extensive number of risk assessment methodologies for critical infrastruc-

tures clearly supports this argument. Risk assessment is indispensable in order to identify threats, assess

vulnerabilities and evaluate the impact on assets, infrastructures or systems taking into account the prob-

ability of the occurrence of these threats. This is a critical element that differentiates a risk assessment

from a typical impact assessment methodology.

There is a significant number of risk assessment methodologies for critical infrastructures. In gen-

eral the approach that is used is rather common and linear, consisting of some main elements: Identifica-

tion and classification of threats, identification of vulnerabilities and evaluation of impact. This is a well

known and established approach for evaluating risk and it is the backbone of almost all risk assessment

methodologies.

However, there is a huge differentiation of risk assessment methodologies based on the scope of the

methodology, the audience to which it is addressed (policy makers, decision makers, research institutes)

and their domain of applicability (asset level, infrastructure/system level, system of systems level). These

attributes are not mutually exclusive, in the sense that the domain of applicability defines to a certain

extent the target group of the methodology. For example, a risk assessment methodology that is applicable

to system of systems at national or even supranational level is mostly addressed to policy makers and

relevant authorities and less to operators or to asset managers at local level.

Methodologies developed for certain assets are well defined, tested and validated and the vast ma-

jority follows the linear approach already mentioned. However, methodologies that aim at assessing risksat a higher level e.g. networked systems require further refinement. Detailed risk assessment is not ap-

plicable any more and a certain level of abstraction is necessary. Representing all assets of a networked

system at the highest level of detail (mostly an operator’s approach) leads to unprecedented complexity

that is out of the scope for policy and decision makers. This target group requires simplified solutions

that can provide results even in real time.

The second important parameter that is entering the stage for the risk assessment methodologies of

networked infrastructures is the element of interdependencies. According to the work of Rinaldi et al.

[1] four types of interdependencies are identified for critical infrastructures:

• Physical: The operation of one infrastructure depends on the material output of the other.

• Cyber: Dependency on information transmitted through the information infrastructure.

• Geographic: Dependency on local environmental effects that affects simultaneously several infras-

tructures.

• Logical: Any kind of dependency not characterized as Physical, Cyber or Geographic.

Besides cross-sectoral interdependencies (e.g. ICT and Electricity, Satellite navigation and Trans-

port), at European level one can identify intra-sectoral interdependencies of national infrastructures that

form European infrastructures. As a concrete example we can mention the high voltage electricity grid

that is composed by the interconnected national high-voltage electricity grids.

As mentioned before, the domain of applicability of a risk assessment methodology may be the

most important attribute. According to this attribute, CIP risk assessment methodologies can be divided

in two major categories: Sectoral methodologies, when each sector is treated separately with its own risks

and ranking and systems approach that assess the critical infrastructures as an interconnected network.

Methodologies that have been initially conceptualised to fit in the second category are rather limited.

The vast majority of the existing work has been sectoral and mostly at asset level. These methodologieshave been then extended to cope with networked systems. This reflects the natural evolution of risk as-

sessment methodologies existing already at organizational level to address issues at sectoral level. These

methodologies reveal their limitations when cross-sectoral issues have to be addressed.

PLEASE DO LIKE??


Related Solutions

Explain Critical infrastructure vulnerability analysis its relationship to critical infrastructure protection:
Explain Critical infrastructure vulnerability analysis its relationship to critical infrastructure protection:
Explain Vulnerability reduction versus financial risk reduction and their relationship to critical infrastructure protection:
Explain Vulnerability reduction versus financial risk reduction and their relationship to critical infrastructure protection:
When answering the following questions, explain the relationship to critical infrastructure protection. Describe five of the...
When answering the following questions, explain the relationship to critical infrastructure protection. Describe five of the 11 transportation infrastructure in terms of risk and protection - roads, railways, walkways, bridges and tunnels, stations, airports, air routes, waterways, ports, cycling infrastructure, and living streets.
When answering the following questions, explain the relationship to critical infrastructure protection. Define each of the...
When answering the following questions, explain the relationship to critical infrastructure protection. Define each of the following related to information sharing: Need to Know, Sensitive But Unclassified (SBU) safeguards, For Official Use Only (FOUO), Critical Infrastructure Information (CII), Open-source information and intelligence, Clouds and concealed conduits, Freedom of Information Act (FOIA) exemptions, Enforcement of Section 214 of the Homeland Security Act.
Risk analysis is a critical component of risk management what are two components of risk that...
Risk analysis is a critical component of risk management what are two components of risk that must be analyzed. Why are they important
What is the role of Homeland Security in critical infrastructure protection? give an example.
What is the role of Homeland Security in critical infrastructure protection? give an example.
1.In your own words, define critical infrastructure protection (CIP) and the goals of CIP. Provide 3...
1.In your own words, define critical infrastructure protection (CIP) and the goals of CIP. Provide 3 examples. 2. In your own words, define critical infrastructure assessment (CIA) and the goals associated with CIA. Provide 3 examples. 3. Using Chapter 9 of the Brown (2006) text, succinctly explain the primary purpose of Presidential Decision Directive 63 (PDD 63) 4. UsingChapter 10 of the Brown (2006) text, in your opinion, from a business perspective, is the Department of Homeland Security a necessary...
1.In your own words, define critical infrastructure protection (CIP) and the goals of CIP. Provide 3...
1.In your own words, define critical infrastructure protection (CIP) and the goals of CIP. Provide 3 examples. 2. In your own words, define critical infrastructure assessment (CIA) and the goals associated with CIA. Provide 3 examples.
Examine one of the Critical Infrastructure Sector-Specific Plans (Department of energy/defense/ homeland security/environmental protection agency), and...
Examine one of the Critical Infrastructure Sector-Specific Plans (Department of energy/defense/ homeland security/environmental protection agency), and offer a brief analysis of the strategy, strengths, weaknesses, and recommendations for enhancement of the plan.
What is Cybersecurity and Infrastructure Security Agency (CISA) and what is its role in infrastructure protection?
What is Cybersecurity and Infrastructure Security Agency (CISA) and what is its role in infrastructure protection?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT