The Risk Assessment Methodology for Critical Infrastructures (RAM-CI) has a basic security risk assessment framework common to all critical infrastructures and it can be adapted to any critical infrastructure/key resource (CI/KR) sector. This allows RAM-CI to be quickly and easily extended to address new or additional infrastructure areas. SNL’s RAM tools have been used to estimate security risk for various types of facilities within the different CI/KR sectors. The basic methodology for all of the RAMs is very similar. Security risk is a function of T (threat), V (vulnerability)and C (consequences) RAM-CI tool is designed to evaluate and estimate T, V, and C for any given asset and threat.
The RAM-CI tool supports the goal of the National Infrastructure Protection Plan (NIPP) to “build a safer, more secure, and resilient America by enhancing protection of the Nation’s CI/KR to prevent, deter, neutralize, or mitigate the effects of deliberate efforts by terrorist to destroy, incapacitate, or exploit them …”.
In particular, it provides processes for combining consequence, vulnerability and threat information for a comprehensive and systematic risk assessment and management capability that can be applied to all CI/KR sectors. It meets the requirements for risk assessment methodologies outlined in the NIPP and supports national objectives identified by DHS and other federal agencies. It will provide an enhanced capability to address the determination of risk in the different CI/KR sectors.
Security RAM Fact Sheet