Violence, vandalism, and terrorism are prevalent in the world today. Managers and decision-makers must have a reliable way of estimating risk to help them decide how much security is needed at their facility. A risk assessment methodology has been refined by Sandia National Laboratories to assess risk at various types of facilities and critical infrastructures. The methodology is based on the traditional risk equation:
Risk = PA * (1 - PE ) * C,
PA is the likelihood of adversary attack,
PE is security system effectiveness,
1 - PE is adversary success, and
C is consequence of loss of the asset.
The process begins with a characterization of the facility including identification of the undesired events and the respective critical assets. Guidance for defining threats is included, as well as for using the definition of the threat to estimate the likelihood of adversary attack at a specific facility. Relative values of consequence are estimated. Methods are also included for estimating the effectiveness of the security system against the adversary attack. Finally, risk is calculated. In the event that the value of risk is deemed to be unaccepta1ble (too high), the methodology addresses a process for identifying and evaluating security system upgrades in order to reduce risk.
Overview of Sandia RAMs:
Sandia RAM Overview