NCJ Number
210613
Journal
FBI Law Enforcement Bulletin Volume: 14 Issue: 7 Dated: July 2005 Pages: 1-13
Date Published
July 2005
Length
13 pages
Annotation
This article explains the characteristics and implementation of a risk-assessment and management program in order to develop countermeasures that can prevent, mitigate, or eliminate security vulnerabilities.
Abstract
The analytical risk management (ARM) process is a systematic and interactive approach for identifying and evaluating assets, potential threats, and existing vulnerability, along with calculating risks and determining requisite countermeasures. The ARM process can be viewed as three interacting spheres of assets, threats, and vulnerabilities. Where these three areas merge or overlap constitutes the calculated risks. Once a department's risk managers determine the risks, they can select appropriate countermeasures to mitigate them. ARM can serve both security and operation assessments. For the ARM process, assets are resources that a department must protect in order to perform its essential public safety and law enforcement responsibilities. Assets include people, information, operations, equipment, facilities, and social-psychological resources. Threats are general situations that have the potential to cause loss or harm to essential assets; and adversaries constitute specific hostile individuals or groups with the intention, capabilities, and histories to conduct detrimental activities against law enforcement agencies and public safety. Vulnerabilities are identified weaknesses that can be exploited by an adversary to gain access to an asset, and risk calculation is the likelihood that an undesirable event will occur. Countermeasures are developed in accordance with risk calculations and the resources available to address vulnerabilities. 5 charts and 1 note