textarchive.ru

Главная > Документ

1

Смотреть полностью

Risk Analysis

Magno, 4 August 2011

Mercyhurst College, Erie PA

Advanced Analytic Techniques Course

Purpose

The purpose of this paper is to assess the value of Risk Analysis as an analytic technique. The method used for the assessment will be a set of evaluation criteria and a Personal Test Case.

The test case will examine risk analysis as a tool to identify terrorist threats to a potential target and to identify the target’s vulnerabilities to an attack. The ultimate goal of the assessment is to give decision-makers the basis to make-cost effective decisions that will ultimately reduce the threat and mitigate its consequences. The four criteria used for the evaluation of the technique are its ability to:

1. Identify credible threats. Has the technique been successful in indentifying groups or entities with the motivation and capacity to do harm to the target?

2. Identify vulnerabilities of the target to attack. Has the technique identified weaknesses in the target that make it vulnerable to attack?

3. Provide information to formulate countermeasures. Has the technique been able to provide the basis to develop countermeasures to the threat?

4. Reduce target vulnerability. Has use of the technique resulted in the reduction of the target’s vulnerability to the threat?

Criteria

Weight

1

Reduction of vulnerability

50

2

Identification of Vulnerability

20

3

Formulation of Countermeasures

20

4

Identification of Credible Threat

10

The analytic question posed for the personal test case is:

What is the likelihood that the joint US - Pakistani Police Intelligence Center at Rawalpindi will be the target of a terrorist attack within the next 6 to 12 months?

Literature Review

A literature review of eight reliable sources gave a comprehensive critique of risk analysis and its value as an analytic technique to support decision-making. All of the sources were peer reviewed or reliable based on academic or professional standing, subject matter expertise, or proximity and appropriateness. On line sources were evaluated using the Trust Scale and Website Evaluation Worksheet by Dax Norman.

All of the authors with the exception of Douglas Hubbard, in his book “The Failure of Risk Management: Why Its Broken and How to Fix it”, believe that the technique of risk assessment is a valuable tool for decision-makers. The sources consider the technique to be an aid in the efficient management of resources in the avoidance or mitigation of the consequences of threat. The authors presented a wide range of methods to conduct and apply risk assessment.

Douglas Hubbard’s dissent regarding the use and value of the technique was his assertion that users of the technique did not use accurate measurements and mathematically sound computations to assess and manage risk. Further, Hubbard believed that risk assessment was a relatively new concept, without sufficient “best practices” and industry wide proven processes to establish its validity.

Each of the sources presented a slightly different methodology and application of the technique. Jean-Paul Chavas’ Risk Analysis in Theory and Practice examined the use of mathematics and probability theory to increase the accuracy of risk assessments rather than focusing on the use of the technique to develop broad-spectrum risk assessments.

Michael Ronczowski, in his book Terrorism and Organized Hate Crime, explored the use of risk and threat assessments as a result of changes in law enforcement in the aftermath of the 9/11 terror attacks. He believes that terrorism is a law enforcement problem and that risk assessment is a factor in the use of intelligence analysis as a means of forecasting and deterring terrorist activities and events.

Thomas Broder presented a very narrow perspective of risk assessment as it relates to physical security; however, his work Risk Analysis and Security Survey provides the reader with detailed instructions about how to identify the vulnerabilities of a potential terrorist target.

Estimating Terrorism Risk is a work sponsored and published by the Rand Corporation. Its authors are expert analysts and specialists in international relations. The article provides the reader with a technique for an assessment of risk and risk management at the strategic level. The source differs greatly from Broder’s Risk Analysis and the Security Survey, which has a very narrow tactical focus, assessing risk to mitigate threat and enhance security for a specific target.

Robert Clark’s, Intelligence Analysis: A Target Centric Approach, Richards Heuers’ and Randolph Pherson’s, Structured Analytic Techniques for Intelligence Analysis, and Heather Wynen’s, Structured Analytic Techniques for Intelligence Analysis, are all “ How to” guides presenting analytic techniques to industry professionals. Each source presents a slightly different approach to risk analysis and taken in total offer a broad view of risk analysis.


In spite of variations in methodology and focus, the sources present systematic approaches to risk analysis. All of those approaches include the identification of a threat or threats, analysis of the vulnerabilities of the object of the threat, and consideration of its consequences or impact.

Description:

Risk Analysis is a technique that seeks to identify a threat or threats to an individual, group, location, or entity, potential vulnerabilities of the object of the threat and the consequences of the threat. Threat for the purposes of this paper is defined as a danger, or potential for loss or harm. Risk analysis is a tool that can be used by decision-makers to identify potential threats and assess the level or degree of the threat so that the user has the ability to avoid the threat or to develop countermeasures to mitigate or neutralize its impact.

Risk analysis is a target centric approach, the target being the object of the threat, that identifies dangers to the target by examining and assessing its strengths and weaknesses. Once a threat is identified, the process seeks to determine the impact of the threat and the "cost" of avoiding the threat or mitigating its impact. The target centric approach gives specific focus to the intelligence process. The user is able to understand the threat in concrete terms allowing for an efficient use of resources in efforts to avoid or reduce the impact of potential threats.

The writer will apply the risk analysis technique to the analytic question about a fictitious potential terrorist target. " What is the likelihood that the joint US - Pakistani Police Intelligence Center at Rawalpindi will be the target of a terrorist attack within the next 6 to 12 months?." The entity and the program described in the question do not exist. Assessments of the strengths and weaknesses of the target will be compared to the strengths and weaknesses of terrorist groups with the capacity and motivation to execute a successful attack against the target. The objective will be to develop measures to deter, or neutralize threats, or reduce the impact of the threat.

Strengths:

Risk Analysis is a technique used by the military, law enforcement, and the private sector to reduce uncertainty in decision-making.

  • Risk analysis gives the user the opportunity to identify specific threats to an entity allowing decision makers an opportunity to deter, avoid, or mitigate the impact of the threats (Broder, J.F., Risk Analysis and the Security Survey).

  • The technique identifies strengths and weaknesses in an entity giving the user an opportunity to devise efficient, effective methods to strengthen weaknesses, adopt countermeasures to the threats, or adopt courses of action to avoid or overcome threats (Chavas, J.P. Risk Analysis in Theory and Practice, Broder, J.F., Risk Analysis and the Security Survey).

  • The technique uses wide varieties of methods to calculate data and quantify risk allowing the decision-maker to develop effective cost efficient options or counter measures (Hubbard, Douglas, W., The Failure of Risk Management: Whay it doesn’t Work and How to Fix It, Chavas, J.P. Risk Analysis in Theory and Practice, Wynen, H., Risk management and intelligence in review Canada, Customs).

Weaknesses:

Risk Analysis as an analytic technique has weaknesses that the user must consider.

  • Risk analysis is a snapshot in time. The evaluation and analysis process must become a constant ongoing process (Broder, J.F., Risk Analysis and the Security Survey).

  • Risk analysis is dependent on the skill, knowledge, experience, and motivation of the user. The most methodical statistic based calculations using mathematically sound methods still rely on the informed assessment of the subject matter expert (Chavas, J.P. Risk Analysis in Theory and Practice).

  • The human mind is limited in its capability and capacity to process information. The process requires specialization and collaboration to be effective (Chavas, J.P. Risk Analysis in Theory and Practice, Heuer, Richards, J., The Psychology of Intelligence Analysis).

How-To:
The process will generate a product that will reduce decision-makers uncertainty about a given requirement or analytic question. The technique considers the basic elements of risk: threat, vulnerability, and consequences, and provides the user with the basis for making an effective and efficient decision to reduce or avoid threat.

1. Formulate a specific analytic question

Analyst(s) work with the decision-maker(s) to develop a clear well defined analytic question so that both the analysts and the decision-maker understand and agree to the objective of the analysis. A specific well-defined analytic question ensures that the analysis meets the needs of the decision-maker(s).

2. Identify the scope of the question and the elements of the problem posed by the question Deconstruct the question or requirement. Identify the critical issue or problem, and any issues or sub-problems that are associated with it and have an affect or impact on it. Identify information needs or gaps. What is the object or target of the risk assessment? What are the specific dangers or threats to the target? What are the vulnerabilities of the target? What are the consequences?

3. Formulate a data collection plan

Plan the collection of data. Identify likely sources for data that will provide the information needed to answer the analytic question or fill the information gaps, and identify the method of collection.

4. Collect and evaluate the data

Collect the data, evaluate it for relevance and reliability.

5. Organize and analyze the data

Organize the relevant reliable data. Categorize the data and organize it so that it is readily retrievable. The analyst reviews the data to identify elements and patterns applicable to the risk assessment.

6. Identify threats and vulnerabilities

Review the data and conduct threat and vulnerability assessments to identify specific threats or vulnerabilities and their consequences.

7. Develop options to mitigate or neutralize risks

Formulate options and measures to avoid, mitigate, or neutralize the risk.

8. Develop recommendations for cost effective methods to mitigate risks

Evaluate the target vulnerabilities, prioritize the threats to the target and their consequences, and develop recommendations to reduce the target's vulnerabilities against the threats making the best use of available resources.

9. Use expert opinion to review validity of analysis: process and recommendations

Conduct a review of the process and product by experienced analysts and subject matter experts to ensure that the process and product is valid and reliable. Conduct additional analyses, revise, and re-work the problem as is necessary.

10. Deliver analytic product to decision maker

The following is diagram is a concept map of the risk analysis process.

For Further Information

1. Broder, J. F. (2006). Risk analysis and the security survey (3rd ed.). Burlington, MA: Butterworth-Heinemann

The analytic question deals with the physical security of a government facility. Broder’s book is very relevant. He provides step-by step procedures to assess facility security and detailed checklists to identify vulnerability.

2. Clark, R. M. (2007). Intelligence analysis: A target-centric approach (2nd ed.). Washington, D.C.: CQ Press

Richard Clark’s book was informative and provided a good insight into the concepts of risk analysis and the relationship of the motivations and capacity of the threat to the vulnerability of the target.


3. Heuer, R. J., Pherson, R. H. (2011). Structured analytic techniques for intelligence analysis.Washington, D.C.: CQ Press.

This source, written by two well know subject matter experts, is an excellent and important guide for intelligence analysts. The source offers a simple and clear explanation of a wide range of important analytic techniques. The chapters, Selecting Structured Techniques,

Decomposition and Visualization, and Evaluation of Techniques were especially helpful in the development of this paper and the ranking and scoring of criteria used in the assessment.

4. Willis, H. H., Morral, A.R., Kelly, T.K. and Medby, J.J. (2011) Estimating Terrorism Risk, Santa Monica, Calif: RAND Corporation.

Estimating Terrorism Risk has minimal application to the personal test case but it gives an excellent explanation of the use of risk analysis in assessing and managing risk at the strategic level. It is worthwhile and informative reading.

Personal Test Case

This paper examines a personal test case to evaluate the effectiveness of risk analysis as an analytic technique. The personal test case was formulated to answer an analytic question using risk analysis.

The exercise was an excellent learning experience. It gave the writer the opportunity for hands on practice conducting risk, threat and vulnerability assessments. It was also an opportunity to select and develop measurement methods to support the assessments.

The following steps were used to conduct the risk assessment and to answer the analytic question: What is the likelihood that the joint US - Pakistani Police Intelligence Center at Rawalpindi will be the target of a terrorist attack within the next 6 to 12 months?

  1. Formulate a specific analytic question.
    The analyst or the head of the analytic unit working with the decision-maker identified a specific issue of concern: What is the likelihood that the joint United States (US) - Pakistani Police Intelligence Center at Rawalpindi (UPIC) will be the target of a terrorist attack within the next 6 to 12 months? The product of risk analysis is time sensitive. The pilot project has the potential to be an effective tool in combating terrorism in the region and therefore it is likely to be seen as a symbolic target and draw the attention of terrorist groups. James Brorder ( Risk Analysis and the Security Survey) makes the point that threats, vulnerabilities, and consequences change over time. Risk analyses should be conducted periodically. Therefore, the focus of the analysis a period of 6 to 12 months.

  2. Identify the scope of the question and the elements of the problem posed by the question.

The analytic question deals with the security of the UPIC facility. Sub-problems are the physical security of the UPIC facility, its personnel its operations, and information. The consequences of a successful attack may include the loss of life and resources, political, and strategic impact.

  1. Formulate a data collection plan.
    The process required that data be collected to identify credible threats and vulnerabilities of the subject target. Collection was restricted to open source data. Data was collected from reliable sources about the most prominent and capable terrorist groups with the ability and desire to conduct a successful attack at the site. Information about the latest trends in terrorist tactics, as well as historic information to identify patterns of behavior of groups identified as credible threats was collected from reliable internet sources. Information about target security and vulnerability was collected using security site surveys obtained from subject matter experts in physical security. In this case, security check lists furnished in Risk Analysis and the Security Survey by James Broder were used to identify target vulnerabilities.

  2. Collect and evaluate the data
    Information was collected from internet open sources. The information was evaluated for its relevance and application to the analytic question posed. The relevant data was then evaluated for reliability using the Dax Norman Trust Scale and Web Site Evaluation Worksheet (Appendix A).

  3. Organize and analyze the data
    Reliable relevant datawas categorized and organized by type, date, source, and reliability, and entered into a Microsoft Excel spreadsheet for easy retrieval and manipulation.

  4. Identify threats and vulnerabilities
    In the personal test case, the threat is the possibility of a terrorist attack on the US-Pakistani Joint Intelligence Center at Rawalpindi (UPIC). The intelligence center and the program are fictitious entities. The model for the physical layout of the center and its security profile (fig.1) is the Starfighter base from the 1984 film, The Last Starfighter, produced by Universal Pictures (/title/tt0087597/).

    Figure 1

























    Information gathered from the latest report of terrorist activity by the US National Counterterrorism Center (NCTC)1 and the Council for Foreign Relations (CFR) 2 identified the Tehrik-i-Taliban Pakistan (TTP), commonly known as the Pakistani Taliban, as the primary threat to US assets in Pakistan. Other terrorist groups which are active and have the capacity to threaten US targets in Pakistan are the Baluch Liberation Army (BLA), Baluchistan Republican Army (BRA), are insurgent groups whose motivation is to seek independence from Pakistan and create an independent state. A statistical report published by the Center for Strategic and International Studies (CSIS) 3 found that from 2007 to 2010 the TTP was responsible for 773 terrorist attacks in Pakistan, the BLA, 126, the BRA 42 and the LEI for 31. The Lashcar i Jhangvi although only responsible for 17 attacks has engaged hard targets with complex tactics6, the BLUF was responsible for only nine successful attacks. During the same period Al-Qaida, which has been perceived as the greatest threat to US, was only responsible for three attacks (

    * Note: Sources for footnotes 1-6 are found in Appendix B

    Fig.2).

    The Al-Qaida attacks were bombings of soft targets and relatively unsophisticated as opposed to the wide variety of attacks of varied sophistication that were successfully carried out by the TTP. An example of the high level of capability of TTP operations was the May attack at a Pakistani naval base4.

    The Taliban terrorists were able to penetrate a high security Pakistani naval installation, destroy two fighter aircraft, recently purchased from the US government, and hold their position for 17 hours before Pakistani forces were able to overcome them. The frequency and severity of TTP attacks have increased significantly since the May 1 US strike against Al-Qaida which took the life of Osama Bin-Laden5.
    Other terrorist groups identified in reporting of terrorist events are smaller, less active and are insurgent or sectarian groups with little motivation to threaten US targets and minimal capacity3.

    The TTP is highly likely to be the greatest threat to the UPIC. It is, by far, the most active group operating in the region. Assessments and rankings of the most active Pakistani terror groups found the TTP to be the most capable and motivated to strike at a US target with Al-Qaida a close second. The criteria used for determining capability were frequency of operations, coordination, operational capability, expertise of personnel, and target selection (fig. 3-4).



    Figure 3

Criteria Evaluation Scale for Capability

 

Frequency of Operations (F)

Coordination ( C )

Operational Capability (OC)

Personnel Expertise (E)

Target Selection (T)

 

Capability= ( F + C + OC + E + T) / 5

High 7-10

Consistent successful operations over 48 months or more

Coordinated execution of Multiple personnel ( 8 or more) or units (2 or more) or more in simultaneous operations

Sophisticated and high quality weapons and large support base in a variety of geographic areas and successful complex attack scenarios

Dedicated personnel with specialized expertise and training

Successful attacks against hard and soft targets

 

 

 

 

 

 

Medium 4-7

Consistent successful operations over 24 to 48 months

Coordination of multiple personnel (6 or more) or units (2 or more) in a single operation

High quality weapons strong base of support in limited area successful attack scenarios

Well trained personnel with limited expertise in specialties - Use of Ad Hoc personnel for specialized operations

Limited success against hard targets high number of successes (12 or more) against soft targets

 

 

 

 

 

 

Low 2-3

Sporadic successful operations over 24 to 48 months

Coordination of small unit 2-4 in a single operation

Poor quality and improvised weapons weak or limited support base in a wide geographic area

Dedicated personnel with minimal specialty expertise

Successful against soft targets only

 

 

 

 

 

 

Poor 1

More unsuccessful than successful operations over 24 to 48 months

Small unit 1-2 personnel in single operation

Poorly armed with low quality weaponry, weak support base in a limited area

Limited personnel with general experience and knowledge

Sporadic success against soft targets

Figure 4

Group

Frequency of Operations

Coordination

Operational Capability

Personnel Expertise

Target Selection

Capability Score

TTP

10

8

10

7

10

8

BLA

5

4

4

2

5

4

BRA

5

3

3

5

2

3.6

LEI

3

3

2

3

2

2.6

Lashkar I Jhangvi

5

5

6

3

7

5.2

BLUF

1

1

1

1

1

1

Al-Qaida

4

6

7

8

3

5.6

Motivation is defined as a reason and desire to act. The criteria used for measuring the reason for a terrorist groups’ selection of the object of their attack and their desire to act are described in the matrices labeled Figures 5 and 6.

Figure 5

Evaluation Scale for Motivation

Score

Reason

Desire

High = 7-10

Target entity is perceived as a threat to existence

Responsible for successful or failed terror acts

Medium = 3-6

Target entity is perceived as being a destructive force to religious, political, financial or social well being

Reliable information or documentation of actual planning or attempts to execute terrorist acts against an entity or potential target.

Low = 1-2

Target entity is perceived as an impediment to religious, political, financial, or social goals or advancement

Demonstrations or rhetoric threatening the use of terrorism to achieve a goal

Figure 6

Motivation Score Against US Target

Group

Reason

Desire

Total Score ( R + D / 2)

TTP

10

10

Very High 10

BLA

5

8

High 6.5

BRA

5

8

High 6.5

LEI

3

7

Medium 5

Lashkar I Jhangvi

8

9

High 8.5

BLUF

2

7

Medium 4.5

Al-Qaida

10

10

Very High 10


Based on the criteria used to determine capacity and motivation the TTP, Lashkar-i-Jhangvi, and Al-Qaida are identified as credible threats to the US Pakistani Joint Intelligence Center.

A vulnerability assessment of the UPIC facility was conducted using a standard security checklist (Appendix B) found significant gaps in physical security vulnerable to the high level threats identified in the threat assessment. Those vulnerabilities were noted as:

a) Insufficient CCT surveillance capability.

b) Insufficient setback for military headquarters building

c) Jersey Barriers are not sufficient to repel large vehicle born improvised explosive device (VBIED)

d) Communications mismatch. Military guard does not have communication compatibility with US communication network

  1. Develop options to mitigate or neutralize risks
    Options were identified toresolve the vulnerabilities:
    a) Add 2 CCT cameras to resolve blind spots at a cost of $2500

    b) Add outer perimeter chain link to increase setbacks and protect against large VBIED at a cost of $3000

    c) Add automated pop up vehicle barriers to increase security against VBIED at a cost of $10,000

    d) Purchase communication base station and portable handsets with common frequencies with military units at $7,000

  2. Evaluate and prioritize threats, vulnerabilities and consequences to identify cost effective options to avoid or mitigate risks
    Terrorist groups were identified as credible threats based on the capabilities and motivations of those groups. Information collection and analysis found increased activity during the last 3 months.

    Indications are that there is a little more than 50 50 likelihood that the US Pakistani Joint Intelligence Center (UPIC) will be a potential target for the groups presenting the threat. The center is a potential threat to the groups and is a symbol of cooperation between the US and Pakistani Governments. A successful strike against the target would gain international attention and provide those responsible increased stature nationally and internationally.

    Security enhancements to resolve security issues will cost $22,500 and increase security by 60%. Considering the potential consequences for loss of life and resources, and the tactical, political and international impact of an attack the expenditures are reasonable and cost effective.


  3. Use expert opinion to review validity of analysis: process and recommendations
    Subject matter experts and experienced analysts will review the process and answer the questions:

Was the risk assessment conducted using a valid, accurate, systematic process?

Were the threat and vulnerability assessments the result of the analysis of reliable information and sources?

Were countermeasures relevant to the analytic question, clearly stated and cost effective?

  1. Deliver analytic product to the decision-maker
    Once the process and the product has been reviewed and the value and validity of assessment has been determined, the end product will be generated according to the form and format agreed upon by the decision-maker and the head of the analytic project. The product will be delivered to the decision maker.

Four criteria were selected to evaluate the effectiveness of the risk analysis technique: The ability to identify a credible threat, identification the vulnerability of a target to the threat, formation of countermeasures to avoid or mitigate the threat and the reduction of vulnerability.

Using information gathered from open sources using the internet the project manager was able to identify active terrorist groups with the capability and motivation to attack the US Pakistani Joint Intelligence Center at Rawalpindi. The past patterns and motivations of these groups indicate that there is a greater than 50 50 likelihood that one of these groups will attempt to attack the intelligence center. Measurements of elements of capability and motivation for each of the groups supported the assessment and identified the groups most likely to perpetrate and attack.

Credible threats were identified and a vulnerability assessment of the subject target was conducted. Weaknesses were found that made the target vulnerable to the threats. Once identified, resolutions and countermeasures to the vulnerabilities were formulated considering efficiency as well as effectiveness. The implementation of the simple and relatively inexpensive resolutions to the vulnerabilities reduced the vulnerability of the target to the threat.

The analytic technique was found to be moderately successfully addressing the analytic question. The rating scale in figure 7 was used to score the effectiveness of the analytic technique in addressing the analytic question.

Figure 7

Criteria

Results of process

Score

Weight

Total Score

1

Reduction of vulnerability

Overall vulnerability was reduced by 60%

.6

50

30

2

Identification of Vulnerability

Vulnerabilities were found in key areas of perimeter security, communication, surveillance and detection, blast deterrence

.8

20

16

3

Formulation of Countermeasures

Simple cost effective measures were formulated to overcome major vulnerabilities

.8

20

16

4

Identification of Credible Threat

The most active dangerous and credible threats were identified

.9

10

9

Evaluation of Scoring

Highly Effective

76 - 100

Moderately Effective

51 - 75

Minimally Effective

26 - 50

Ineffective

0 - 25

Analytic Question Data

The table below represents the collection of data that used in conducting the risk assessment for the personal test case. The relevance of data to the analytic question and its ability to provide accurate information to conduct a valid assessment was the basis for its selection. The evaluation rating scale created by Dax Norman found in Appendix A was the basis for evaluating source and data reliability.

Analytic Question: What is the likelihood that the joint US - Pakistani Police Intelligence Center at Rawalpindi will be the target of a terrorist attack within the next 6 to 12 months?

Data

Data Date

Source Name or Location

Estimated Reliability of Data/Source

Other Comments

Level of sophistication of Pakistani Taliban and motivation for attacks against US targets

13 May 2011

Birsel, Robert, Reuters News Service. /article/2011/05/13/us-pakistan-taliban-qa-idUSTRE74C21620110513

High Credibility

44.75

Documents sophistication of TTP US targets have

Increased vulnerability analysis of motivation

Increases in terrorist activity by Pakistani Taliban

28 July 2011

Sandani, M.Center for Strategic and International Studies (CSIS)

/blog/increased-taliban-activity-pakistan

High Credibility

45.32

Increase in frequency of attacks

Background, facts and events identifying issues and trends in counterinsurgency in Pakistan

2010

Jones, Seth G. and C. Christine Fair. Counterinsurgency in Pakistan. Santa Monica, CA: RAND Corporation, 2010.

High Credibility 45.32

Trend data

Police establishment is best tool to combat terrorism / insurgency

2010

Jones, Seth G. and C. Christine Fair. Counterinsurgency in Pakistan. Santa Monica, CA: RAND Corporation, 2010.

High Credibility 40.15

Estimate by credible analytic source

Pakistan's NW Border is most active location and focus of most of terrorist/insurgency activity

2010

Jones, Seth G. and C. Christine Fair. Counterinsurgency in Pakistan. Santa Monica, CA: RAND Corporation, 2010.

High Credibility 45.32

Trend data

Terrorist events worldwide for 2011 / Types of attacks/location/ groups responsible

January-July 2011

United States Government Counterterrorism Center http://www.nctc.gov/site/index.html

High Credibility 45.32

Trend data

Terrorist events worldwide for 2010 / Types of attacks/location/ groups responsible

2010

United States Government Counterterrorism Center http://www.nctc.gov/docs/ct_calendar_2010.pdf

High Credibility 45.32

Trend data

Terrorist events worldwide for 2009 / Types of attacks/location/ groups responsible

2009

United States Government Counterterrorism Center http://www.nctc.gov/witsbanner/docs/2009_report_on_terrorism.pdf

High Credibility 45.32

Trend data

Source identifies the five major / most active terrorist groups operating in Pakistan

13-May-11

Bajoria, J., Pakistan’s new generation of terrorists. Council on Foreign Relations. /pakistan/pakistans-new-generation-terrorists/p15422

Very High Credibility 49.1

Trend data and estimate by recognized SME

Patterns of terrorism in South Asia

29-Jun-11

Gagel, A.C., Cordesman, A.H.(2011) Patterns in terrorism in North Africa, the Middle East, Central Asia and South Asia: 2007-2010. Washington, D.C. Center for Strategic and International Studies. /files/publication/110629_MENA_Central_Asia_China_Terrorism_2007_2010.pdf

Very High Credibility 49.1

Trend data and estimate by recognized SME

Report of attack: Taliban attack on police station Northwest Border Area Pakistan

25-Jun-11

Naples, Florida Daily News-June 26, 2011, Associated Press by Ishtiaq Mahsud

High Credibility 45.32

Report of terrorist attack - trend data for June 2011

Report of terrorist attack: Taliban executes 16 police officers in Northwest territories as traitors to God and Muslim religion

18-Jul-11

Maqbool, Aleen, BBC, http://www.bbc.co.uk/news/world-south-asia-14181938

High Credibility 45.32

Report of terrorist attack - trend data for July 2011

Report of terrorist attack: 2 Taliban suicide bombers attack police training facility in NW Pakistan at bus stop 98 killed

13-May-11

BBC May 25, 2011 .pk/story/175661/timeline-terrorist-attacks-in-pakistan-in-may-2011/

High Credibility 45.32

Report of terrorist attack - trend data for May 2011

Report of terrorist attack: Gunmen on motorcycles kill Saudi Diplomat, Karachi Group responsible unk

16-May-11

BBC May 25, 2011 .pk/story/175661/timeline-terrorist-attacks-in-pakistan-in-may-2011/

High Credibility 45.32

Report of terrorist attack - trend data for May 2011

Report of terrorist attack:Gunmen on motorcycles kill Saudi Diplomat, Karachi Group responsible unk

18-May-11

BBC May 25, 2011 .pk/story/175661/timeline-terrorist-attacks-in-pakistan-in-may-2011/

High Credibility 45.32

Report of terrorist attack - trend data for May 2011

Report of terrorist attack: 4 Shi''ite Muslums killed by Sunni gunmen in Quette sectarian issue

18-May-11

BBC May 25, 2011 .pk/story/175661/timeline-terrorist-attacks-in-pakistan-in-may-2011/

High Credibility 45.32

Report of terrorist attack - trend data for May 2011

Report of terrorist attack:Taliban armed attack on US Consulate convoy Peshawar 1 Pakistani killed 2 US wounded

20-May-11

BBC May 25, 2011 .pk/story/175661/timeline-terrorist-attacks-in-pakistan-in-may-2011/

High Credibility 45.32

Report of terrorist attack - trend data for May 2011

Report of terrorist attack: 17 fuel trucks destroyed in attacks on NATO convoys to Afghanistan by Taliban (IED) 16 Pakistani's killed

21-May-11

BBC May 25, 2011 .pk/story/175661/timeline-terrorist-attacks-in-pakistan-in-may-2011/

High Credibility 45.32

Report of terrorist attack - trend data for May 2011

Report of terrorist attack: Highly trained well equiped Taliban insurgent team attacked a Pakistani Naval facility destroyed aircraft and equipment furnished by US

22-May-11

BBC May 25, 2011 .pk/story/173888/blast-on-dalmia-road/

High Credibility 45.32

Report of terrorist attack - trend data for May 2011

Report of terrorist attack: Suicide bomb attack outside shrine in Punjab 50 killed Sectarian issue

3-Apr-11

Pakistan Express: Tribune .pk/story/157073/timeline-pakistan-tainted-with-attacks-in-2011/

High Credibility 44.75

Report of terrorist attack - trend data for April 2011

Report of terrorist attack: Bombing of gambling club 19 killed sectarian violence or gang violence

21-Apr-11

Pakistan Express: Tribune
.pk/story/154468/blast-at-a-gambling-den/

High Credibility 44.75

Report of terrorist attack - trend data for April 2011

Report of terrorist attack: Taliban attacks of security forces 14 killed Northwest Territories

22-Apr-11

Pakistan Express: Tribune.pk/story/154250/cross-border-militants-swoop-on-security-post-in-lower-dir

High Credibility 44.75

Report of terrorist attack - trend data for April 2011

Report of terrorist attack: Armed attack and firebombing by gunmen 15 killed motive and group unknown

26-Apr-11

Pakistan Express: Tribune.pk/story/156878/12-killed-as-gunmen-torch-bus-in-sibbi/

High Credibility 44.75

Report of terrorist attack - trend data for April 2011

Evaluation of activities of

Lashkar I Jhangvi

Apr 2009

Abbas, Hassan. Council for Foreign Relations /pakistan/ctc-sentinel-defining-punjabi-taliban-network/p20409

High Credibility

45.44

Report of activities and level of sophistication of Lashkar I Jhangvi

 Annex 1. Detailed Literature Review

The literature review identified eight sources with various perspectives and applications of risk analysis. The sources presented applications of risk analysis for government and the private sector. The analytic question is related to risk analysis of a terrorist threat against a government facility but the test case benefited from the perspectives of both the government and non-government applications of the technique.

Source 1, The Failure of Risk Management: Why It’s Broken and How to Fix it

Hubbard, D. W. (2009). The failure of risk management: Why it’s broken and how to fix it (2nd ed.). Hoboken, New Jersey: John Wiley & Sons.

Analytic Method Discussed: Risk Analysis

Purpose of the book:

The primary purpose of this book is commercial gain. The book is designed to persuade and inform its readers focusing on the premise that Risk Management and Risk Analysis as a technique in the form and format it is currently presented is a failure. The underlying message is that the author is one of the preeminent experts in the field, with solutions to risk analysis and management problems and the readers should buy his books, attend his seminars, and contract him as a consultant. The author addresses risk analysis as a critical element within the larger context of risk management.

Content:

Hubbard has an extremely negative view of Risk Management. He believes that the technique of risk management and risk analysis is a new and rapidly developing trend. Further, there is not enough of a field of experience to make an adequate assessment of its effectiveness.

Hubbard begins his book by asking three questions about risk analysis and management. Do the methods work? Would anyone in the organization know if they did not work? If they did not work what would be the consequences? His opinion is that the answer to these questions in the majority of cases is no, no, and none!

Hubbard believes that there is no “real scientific evidence” that can be used to support the effectiveness of Risk Management. In Chapter 3 on pages 40-41, Hubbard examines a number of common risk analysis and management methods and the reasons they are flawed:

  • A Formal Internal Survey but “studies show, self-assessments are not reliable.”

  • A structured method but “there are a lot of structured methods that are proven not to work. (Astrology, for example, is structured).”

  • A change in culture but “This, by itself, is not an objective of risk management”

  • The underlying theory is mathematically proven but “I find that most of the time when this claim is used, the person claiming this cannot actually produce or explain the mathematical proof, nor can the person they heard it from. In many cases, it appears to be something passed on without question.”

  • Testimonial proof but “if the previous users of the method evaluated it using criteria no better than those listed above, then the testimonial is not evidence of effectiveness. “

Hubbard offers a number of methods for achieving effectiveness in risk analysis and risk management methods (p.42).

  • Statistical inferences based on large samples, direct evidence of cause and effect supported by statistical verification,

  • “Component testing of risk management: This allows us to use existing research on parts of the risk management method, some of which have been thoroughly tested for decades. This is especially effective in reducing analysis errors caused by Common Mode Failure.

  • Comparing the items evaluated in a risk management system against a list of known risks for a company.

  • Direct evidence cause and effect.

Hubbard uses Monte Carlo Simulations as an example of the broad based statistic method that can be used in risk analysis to make it effective. He also relies heavily on calibrated estimators to quantify qualitative factors that then can be used as a basis for statistical analysis.

Application of Method:
  • The methods that Hubbard presents are valid and applicable to risk analysis efforts. His technique of using calibrated estimators and statistical inferences using large samples, much of which are provided by calibrated estimators are good methods to increase the accuracy and likelihood of success in risk analysis.

Strengths:

Hubbard is critical of the technique of Risk Analysis as it is currently being applied however be believes the technique is valid and valuable. He has identified a number of strengths of the technique:

  • Risk analysis and management identifies weaknesses and problem areas in the target entity.
  • Risk analysis can be used to provide reasonably accurate data to identify risks and formulate viable countermeasures and responses to those risks.
  • An accurate properly managed risk analysis can save and protect important and  significant assets
 Weaknesses:

The basis of Hubbard’s strong negative attitude toward Risk Analysis is that:

  • Risk Management analysis is a relatively new field without proven methodologies or best practices
  • Most organizations and managers using risk analysis do not use accurate statistically valid computations to identify risk and formulate effective avoidance and mitigation measures.

Steps

Hubbard primary focus is primarily ensuring accuracy and consistency of the measurement and calculation of risk than with providing a structured step by step method for the technique.

Purpose of the Technique

Hubbard believes that risk assessment conducted using effective accurate measurement tools will support decision-makers to make cost effective choices and avoid the damage caused by uninformed decisions.

 Most informative:

The most informative points of this book are that the field of Risk Analysis is relatively new and best practices and an evaluation of the effectiveness of the technique has yet to be established and measured.

About the Author:  

The author is a recognized source and subject matter expert in the field of measurement and analytical methodology. His primary experience is as a computer engineer and software specialist with a degree in Business Information Systems.

Education and certifications:

California State Teaching Credential June 2001 (Expired)
Bachelors Degree, Business Information Systems, - June 2001
Associate in Science, Computer Information Systems, Southwestern College - May 86
Apple System Engineer, Apple Education Sales Consultant (AESC) - 85- 93
Apple Computer Network Administration and Desktop Communications 85 - 86

Micro-Technician Certificates: Programmer, Operator, and Bookkeeper 84 - 85
Training Workshops, Cisco Router, Windows NT, Fiber Optic Installation,
Follett Library Database Software

Source Reliability

The source is a text rather than an internet source. The author and his work are reliable. The author has a background and experience in the subject matter. He is recognized by his industry as a subject matter expert.

Source Critiqued by

Edward N. Magno

emagno@

Mercyhurst College, Erie, PA

Advanced Analytic Techniques Course

June 2011

Sources Cited:

Hubbard relies heavily on his own web site and writings to support his premises but he cites a number of academic and business sources throughout the book.  

Haynes, A.C. “United 232: Coping With the ‘One-in-a-Billion’ Loss of All Flight Controls,” Accident Prevention Volume 48, June 1991.

N. Nohria, W. Joyce, and B. Roberson, “What Really Works,” Harvard Business Review, July 2003.

E. Zuckerman and J. Jost, “What Makes You Think You’re So Popular? Self-Evaluation Maintenance and the Subjective Side of the ‘Friendship Paradox,”’ Social Psychology Quarterly 64(3), 2001, 207-223.

D.M. Messick, S. Bloom, J.P. Boldizar, and C.D. Samuelson, “Why We Are Fairer Than Others,” Journal of Experimental Social Psychology 21, 1985, 480-500.

N.D. Weinstein, “Unrealistic Optimism About Future Life Events,” Journal of Personality and Social Psychology 39, 1980, 806-820.

O. Svenson, “Are We All Less Risky and More Skillful Than Our Fellow Drivers?,” Acta Psychologica 47, 1981, 143-148.

Source 2, Risk Analysis and the Security Survey

Broder, J. F. (2006). Risk analysis and the security survey (3rd ed.). Burlington, MA: Butterworth-Heinemann

Analytic Technique: Risk Analysis

.

Purpose of the Source

This book is a “how to do” book on physical security and risk analysis. The author, James Broder has a very narrow focus, risk analysis as a security management tool to safeguard specific assets and targets.

Content

The author has a very unique view of risk analysis for security, especially given his law enforcement background, and in light of the change in law enforcement and security since the 9/11 terror attacks. Broder separates security and law enforcement into two very distinct categories. His opinion is that the job of security is to prevent or deter and law enforcement has the responsibility to arrest and take action after the fact. This seems to be the exact opposite of the contemporary thinking in the law enforcement community. Since the 9/11 attacks US law enforcement has recognized and embraced the need and responsibility to forecast and deter.

Broder ‘s definition of risk for the purposes of his book is that risk is “the possibility of suffering harm or loss and danger or probability of loss occurring to ones insured assets (p.xv).” Broder’s view of Risk Analysis is that risk analysis is a management tool, which provides managers with information on which to base decisions. Broder believes that Risk Analysis is not a onetime event but rather an ongoing process subject to periodic review and oversight.

Broder’s method of Risk Analysis contradicts Douglas Hubbard’s contention that business professionals do not use valid statistic based methods in their risk assessments. Broder offers a number of methods which are statistic based. An example is his use of the formula to calculate Annual Loss Expectancy (ALE) (p.21).

First, the analyst considers the cost of loss (impact) in ranges of dollar amounts of 10. As an example, $10 let i = 1, $100, let i = 2, $1,000 let i = 3, $10,000 let i = 4, $100,000 let i = 5, $1,000,000 let i = 6, $10,000,000 let i = 7, $100,000,000 let i = 8.

Next, he or she examines the frequency (f) of the event: Once in 100 years let f= 1, once in 10 years let f = 2, once a year let f= 3, every six months let f= 4, once a month let f= 5, once a week let f= 6, every day let f= 7. The approximate value of ALE is equal to ALE = 10(f+i-3)/3.

Broder addresses criticisms of the use of order of magnitude expressions such as High, Medium, and Low. He states, “defining risks by using highly specific numbers has not always been validated by experience” (p.31). Further, that the use of terms like High, Medium, and Low roughly equate to probability ranges of 7-10, 4-6, and 1-3 respectively, indicating relative degrees of risk are more than adequate for most risk analysis scenarios.

Strengths

James Broder is a very strong proponent of risk analysis and identifies its most important strengths.

  • Risk analysis provides security managers with the means to identify risk and offer cost effective methods to deter and mitigate impact.

  • Current risk analysis methods offer the user a detailed step by step process to conduct effective, thorough, experienced based assessments.

Weaknesses of the Technique

Broder understands that the technique has certain weaknesses that need to be considered.

  • Risk analysis is a snapshot in time and must become a constant ongoing process.

  • Risk analysis is dependent on the skill, knowledge, experience, and motivation of the user. The most methodical statistic based calculations using mathematically sound methods still rely on the informed assessment of the subject matter expert.

Steps

The steps that Broder takes in conducting a risk analysis are:

  • Conduct a detailed site survey. Determine the assets of the entity or target.

  • Determine exposure. What are the possible sources of loss for the target or entity? What elements is the entity or target exposed to that could cause potential loss?

  • Establish a benchmark. What data is available to establish the frequency, magnitude, and range of past losses?

  • Measure Risk. Broder uses a cost evaluation and frequency of occurrence calculation and determines an Annual Loss Expectance (ALE).

  • Prioritize risk in terms of loss potential. Broder uses a Decision Matrix Using Severity of Loss and Frequency of loss quantifying these factors in terms of High, Medium, and Low.

  • Conduct a cost benefit analysis.

  • Recommend countermeasures and solutions to avoid or mitigate impact of risks.

  • Conduct a management audit of the process and recommendations.

  • Finalize the report in light of the audit..

Purpose of the Technique

Broder’s purpose in using risk analysis is to provide security for corporate and business entities. He seeks to protect the assets of his corporate clients

Comparison

Broder’s work is a how to book presenting his techniques for risk analysis in corporate security. Hubbards work is a how to measure and calculate risk. Broder’s method of Risk Analysis contradicts Douglas Hubbard’s contention that business professionals do not use valid statistic based methods in their risk assessments. Broder offers a number of methods which are statistic based. An example is his use of the formula to calculate Annual Loss Expectancy (ALE) (p.21).

Broder addresses Hubbard’s criticisms of the use of order of magnitude expressions such as High, Medium, and Low. He states, “Defining risks by using highly specific numbers has not always been validated by experience” (p.31). Further, that the use of terms like High, Medium, and Low roughly equate to probability ranges of 7-10, 4-6, and 1-3 respectively, indicating relative degrees of risk are more than adequate for most risk analysis scenarios.

Most Informative

Risk analysis is an ongoing process.It is important to frame risk assessments in respect to segments in time. It is important to conduct periodic reviews or at the very least identify milestones as a means of monitoring changes and critical issues that have impact on the analysis. 

About the Source Author

James F. Broder is a former FBI Agent. He has a Bachelor’s Degree in Criminology from the University of California at Berkeley. He has is an industry certified security specialist (CPP) with experience as a consultant for the US Department of State.

Source Reliability

This source is considered a reliable source based on the author’s background, education and experience as a subject matter expert in the field of security.

Source Critiqued By

Edward N Magno

emagno@

Mercyhurst College, Erie, PA

Advanced Analytic Techniques Course

23 June 2011

Sources Cited by This Source

Laplace, S.P.(1820). Analytic theory of probabilities. Paris, French Academy of Science

Source 3, Risk Analysis in Theory and Practice

Chavas, J. (2004). Risk analysis in theory and practice. London: Butterworth Heineman.

Analytic Technique: Risk Analysis
Purpose of the Source
This book is an academic work intended to present to professionals in the field of agriculture risk analysis, as an analytic framework for decision making under risk and its application to evaluate “economic behavior under uncertainty (p.1).” The author believes probability theory is the essential element in his framework for risk analysis.

Content

Chavas presents material intended for experienced statisticians or those with an intermediate or advanced understanding of mathematics. The author’s focus is decision-making in economics related to agriculture.

Although, Chavas presents methodologies that are very technical and based on complex mathematics, he makes a number of important and interesting points that anyone working with Risk Analysis can appreciate and understand. Unlike Hubbard or Broder, Chavas examines the understanding of human decision making in relation to the capacity and limitation of the human mind to evaluate and process information. Chavas believes that our understanding of how the human mind works is vital to our understanding of the processes we use to assess risk and the role and the value of information in risk management and decision-making.

His thinking is similar to that of Richards Heuer in Heuer’s treatment of the psychology of analysis. Chavas points out that the analyst has only a limited capacity to understand and process information no matter how much information is available. Therefore, no matter the validity of the formulas, calculations, and methods used the subjectivity of the human mind has an overwhelming impact on the process. He suggests that specialization and collaboration in risk analysis and the management of risk is vital in evaluating and processing the large amounts information we need to reduce uncertainty in decision-making.

Strengths of the Technique

Chavas believes that Risk Analysis is an important technique to overcome uncertainty in making critical economic decisions.

  • Risk analysis provides a refined framework to analyze decision-making under risk.

  • Probability Theory provides valid and accurate measures of risk for use by decision makers.

Weaknesses of the Technique

Chavas points out that risk analysis has weaknesses that need to be considered.

  • Collection and evaluation of information is subjective.

  • Information needs to be evaluated before subjecting it to the risk analysis process.

  • The human mind has a limited capacity to process information. Specialization and collaboration are needed for an effective application of the technique.

Steps

Chavas approach to risk analysis involves probability theory and complex mathematical computations.

  • Obtain data about repeatable events obtained through experimentation.

  • Use the sample information obtained during experimentation to identify “specific risky events (p.13).

  • Apply probability theory to describe and represent risky events.

  • Apply random variables into the equations.

  • Assess potential frequency of occurrence of risky events to reduce uncertainty.

Purpose of the Technique

Chavas uses risk analysis to reduce the level of uncertainty of those making economic decisions in the field of agriculture.

Comparison

Hubbard criticized risk analysis for a failure to use meaningful measurements and scientific, mathematically sound methods. Hubbard believes that modern risk analysis techniques do not have a proven history of success and have not developed a set of reliable best practice methods. Broder’s use of risk analysis has a very narrow scope, corporate security. However, he uses valid mathematical formulas to analyze collected data. Broder uses the severity of threats and their frequency of occurrence to support threat assessments.

Hubbard believes that the use of order of magnitude expressions such as high, medium, and low are examples of inaccurate measurements of threats and factors affecting the analysis of risk. Broder differs with Hubbard He states, “Defining risks by using highly specific numbers has not always been validated by experience” (p.31). Further, Broder believes the use of terms like High, Medium, and Low roughly equate to probability ranges of 7-10, 4-6, and 1-3 respectively, indicating relative degrees of risk are more than adequate for most risk analysis scenarios.

and threats.

Chavas’ methods and application of risk analysis use complex mathematics. However, Chavas acknowledges and accepts that the collection and processing of information is subjective. Unlike Hubbard he believes that risk analysis techniques present reliable methods to reduce uncertainty in decision making. He suggests specialization and collaboration to reduce the margin of error caused by the inability of the human mind to process large amounts of information.

Most Informative

The most important elements of Chavas’ work were his insights about the limitations of the human mind to process information and its impact on the process of risk analysis. His thinking and comments highlight the need for specialization and a collaborative effort in analysis in order to produce an effective product that will reduce uncertainty for the decision-maker

About the Source Author

Jean-Paul Chavas is an Assistant Professor of Agriculture and Economics at the University of Wisconsin. He has a PHD in Agricultural & Resources Economics from the University of California at Berkeley and a Masters Degree in Community Development and Applied Economics from the University of Vermont.

Source Reliability

The source is a book written by a reputable, recognized subject matter expert, associated with a reputable institution of higher learning.

Source Critiqued By

Edward N Magno

emagno@

Mercyhurst College, Erie, PA

Advanced Analytic Techniques Course

23 June 2011

Sources Cited by This Source

Allais, M. "Le Comportement de 1'Homme Rationnel Devant le Risque, Critique des Postulats et Axiomes de 1'Ecole Americaine" Econometrica 21(1953): 503-546.

Becker, Robert A., and John H. Boyd III. Capital Theory, Equilibrium Analysis and Recursive Utility. Blackwell Pub., 1997.

Campbell, John Y., A.W. Lo, and A.C. MacKinlay. The Econometrics of Financial Markets. Princeton University Press, Princeton, NJ, 1997.

Debreu, Gerard. Theory of Value. Cowles Foundation Monograph #17. Yale University Press, New Haven, 1959.

DeGroot, Morris H. Optimal Statistical Decisions. McGraw-Hill, New York, 1970.

Macho-Stadler, I, Pérez-Castrillo, J.D. (1997). Optimal auditing policy with heterogeneous incomes sources International Economic Review 38 (4), 951- 968.

Source 4, Terrorism and Organized Hate Crime

Ronczkowski, M. R. (2007). Terrorism and organized hate crime: Intelligence gathering analysis and investigations (2nd ed.). Boca Raton, FL: CRC Press.

Analytic Technique: Risk Analysis
Purpose of the Source

The first edition of Terrorism and Organized Hate Crime was written in 2006 as law enforcement intelligence was undergoing a major transition due mainly to the lessons learned from the terrorist attacks of September 11,2001. The book and its second edition was written to explain the shortcomings of law enforcement and its emerging role in the detection and prevention of terrorism and organized hate crimes.

Content

The author explains that terrorists choose targets for their attacks “based on the weaknesses they see in the victim’s defenses and preparedness (p. 148).” They look for the “soft targets.” The International Association of Chiefs of Police developed a four tier system to rank potential targets in terms of potential vulnerability. The book offers a process for risk analysis based on threat and vulnerability assessments and suggests the use of some effective information sources that support those processes.

Strengths of the Technique

The author identifies a number of important positive elements of risk analysis. He uses the word target to identify an entity that is at risk from attack or harm by a terrorist or organized hate crime group.

  • Threat analysis helps develop a prioritized list of potential targets

  • Threat analysis assists in forecasting the likelihood of an attack on priority targets.

Weaknesses of the Technique

The author points out that although risk analysis is a valuable tool in counterterrorism it has its weaknesses.

  • The accuracy of threat analysis is subject to the skill, knowledge and experience of the analyst or analysts that prepare it.

  • Threat analysis is dependent on the availability and reliability of the information available to the analyst or user.

Steps

The source provides the reader with a simple process for performing a risk analysis and developing a threat assessment.

  • Identify potential terrorist targets

  • Prioritize the target list

  • Identify terrorist groups that present a danger to the target by assessing their capabilities, motivation and past history

  • Conduct a vulnerability assessment of the target

  • Provide the decision-maker with an analysis to assist in applying resources to reduce target vulnerability to threats

Purpose of the Technique

The technique of risk analysis can be applied to identify weaknesses in security and the capabilities of groups that may present a danger to the safety and welfare of the public. The technique can provide decision-makers with intelligence that will allow them to make cost effective decisions to enhance the security of the public and private sectors of society against the threat of terrorist attacks and the losses resulting from those attacks.

Comparison

Douglas Hubbard in his work, The Failure of Threat Analysis believes that the methods used in threat analysis have not attained an acceptable level of accuracy and uniformity industry wide. He identifies some of the changes that need to be made. The focus of his criticism is in the use of threat analysis in business to identify and reduce uncertainty in decisions with financial impact.

James Broder’s book Risk Analysis and the Security Survey has a very narrow focus. His writing is a “how to” book for corporate security. Broder believes that the use of threat analysis is an effective means to protect corporate assets and entities, specifically buildings, locations, and people.

Jean-Paul Chavas’ Risk Analysis in Theory and Practice is meant for readers with advanced capabilities in mathematics. Chavas believes that risk analysis is an effective tool in helping reduce uncertainty for decision-makers encountering threats in the field of agriculture. Chavas is primarily interested in the use of risk analysis in the economics of agriculture; however, he makes some interesting and astute observations about the technique. He points out that risk analysis depends on the limited capacity of the human mind to process information. Although this is a weakness in the technique he believes that specialization and collaborative efforts of subject matter experts can overcome the weakness.

Ronczowski presents the use of risk analysis as an essential and emerging technique used by law enforcement to protect the public and private sector against attacks from terrorists and other hate crime groups. In this sense Ronczowski disagrees with Broder’s view that law enforcement’s role is to respond rather than forecast and deter.

Most Informative

Most informative was the significant attention of law enforcement to develop its intelligence capability and the changes being made to its approach to intelligence as a tool to forecast terrorist events, as well as its role in supporting investigative efforts. This has been a slow change on the part of law enforcement. It requires that law enforcement managers learn and understand the techniques of the intelligence community and develop working relationships to achieve maximum impact.

About the Source Author

Michael R Ronczowski has 27 years’ experience in law enforcement. He served as the manager of an analytical intelligence unit and Deputy Director of the Miami-Dade Police Department. He also served as the Chief of Police of the Tampa Florida Police Department and Director of the US Marshal’s Service. Ronczowski has a Master’s Degree in Police Administration.

Source Reliability

The source is a book written by a recognized subject matter expert in the field of police science and intelligence analysis.

Source Critiqued By Edward N. Magno

emagno@

Mercyhurst College, Erie PA,

Advanced Analytic Techniques Course

3 July 2011 .

Sources Cited by This Source

Office of Homeland Security. (2001, October 12). Homeland security key elements of a risk management approach (White Paper). Washington, D.C.: General Accounting Office.

Heymann, P.B. (1998). Terrorism and America: A common sense strategy for a democratic society. Cambridge, MA. MIT Press

Gottlieb, S., Arenberg, S., Singh, R.(1994). Crime analysis: From first report to final analysis. Montclair, CA : Alpha Publishing

Heuer, R.J. (1999). The psychology of intelligence analysis. Washington, D.C. The Center for the Study of Intelligence.

Source 5, Intelligence Analysis: A Target Centric Approach, Robert M. Clark

Clark, R. M. (2007). Intelligence analysis: A target centric approach (2nd ed.). Washington, D.C.: CQ Press.

Analytic Technique: Risk Analysis

Purpose of the Source

The purpose of Robert M. Clark’s book is to discuss changes in the intelligence process in light of the intelligence failures examined in the 9/11and the Iraqi Weapons of Mass Destruction Commission Reports. Clark reviews the value and role of Risk analysis, management, and assessment as a part of the discussion.

Content

The author offers risk analysis as a means of assessing the potential success of a program or project and outlines the steps to be taken in the risk analysis process. He identifies four categories of risk, programmatic, technical, production, and engineering and uses those categories to identify risks. Clark discusses risk assessment and management as elements of the process.

Strengths of the Technique

The author believes that risk analysis is an important tool in evaluating the success of a program or activity.

  • Estimates the success potential of a program

  • Assesses cost to benefit of the outcome of a program

Weaknesses of the Technique

The source points out that the technique has negative as well as positive aspects.

  • Difficult to do

  • Difficult to get the customer to accept

Steps

The author describes the steps used in threat analysis.

  • Identify and prioritize risks associated with a program

  • Assess impact

  • Identify actions to reduce risk

Purpose of the Technique

The author believes that risk analysis is an important technique to evaluate the probability that a process or program will achieve its desired outcome and the cost / benefit value of the program.

Comparison

Douglas Hubbard in, The Failure of Threat Analysis, is focused on the use of threat analysis in making decisions about financial aspects of business and industry. He offers methods to allow users of threat analysis to attain acceptable levels of accuracy and uniformity industry wide.

James Broder’s book Risk Analysis and the Security Survey uses risk analysis in the narrow to providing security of corporate assets and reducing the risk of damage or loss. He uses detailed security surveys and simple mathematic formulas to achieve his goals.

Jean-Paul Chavas’ Risk Analysis in Theory and Practice uses advanced mathematics and probability theory to assess risk and loss in the economics of agriculture.

Robert M. Clark is the first of the sources to apply risk analysis, assessment and management to the field of intelligence and national security.

Most Informative

Most informative was the author’s identification of categories for the assessment of risk. “Programmatic: funding, schedule, contract, relationships, political issues, Technical: feasibility, survivability, system performance, Production: manufacturability, lead times, packaging, equipment, Engineering: reliability, maintainability, training, operations.”

About the Source Author

The source is a book written by Robert M. Clark, a recognized expert in threat analysis. Clark spent 14 years as an analyst and group chief for the Central Intelligence Agency. He is currently a consultant to the National Reconnaissance Office (NRO) and the CIA on systems threat analysis.

Source Reliability

The source is a book written by a recognized expert in the field of intelligence analysis. The source is highly reliable based on the knowledge, experience and training of the author.

Source Critiqued By

Edward N. Magno

emagno@

Mercyhurst College, Erie PA

Advanced Analytic Techniques Course

July 5, 2011

Sources Cited by This Source

9/11 Commission Report. (2004). www.gpoaccess.gov/911/pdf/fullreport.pdf Brooks, F.P. (1975). The mythical man-month. Reading, MA: Addison-Wesley

Report of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. (2005). www.wmd.gov/report/wmd_report.pdf

Source 6, Risk Management and Intelligence in Review: Canada, Customs

Wynen, H. (1999). Risk management and intelligence in review: Canada, Customs. In V. Zicko & K. Slater (Eds.), Intelligence models and best practices (pp. 9-13). Retrieved from /files/other/Intelligence%20Models%20and%20Best%20Practices.pdf

Analytic Technique: Risk Analysis

Purpose of the Source

The purpose of the source is to provide professionals in law enforcement intelligence with a menu of proven analytic options.

Content

The source is a book that provides a brief but informative explanation of standard analytic techniques and their application in law enforcement. The chapter on risk management and analysis provides the reader with the basic steps in the process, the rationale for its use, and guidelines for application.

Strengths of the Technique

The author discusses the positive outcomes of the technique its strengths.

  • Provides focus for law enforcement operations

  • Promotes efficient use of resources

Weaknesses of the Technique

The author believes that the technique has been of great value to the Canadian Border Services Agency but its negative aspect.

  • The process requires continual updates and reassessment to be effective over time.

Steps

The author uses a five-step process for risk analysis.

  1. Identify the risk

  2. Assess the risk, the likelihood of occurrence

  3. Develop solutions

  4. Measure performance

  5. Evaluate the process

Purpose of the Technique

Risk analysis and management provides managers with concrete information about existing and emerging threats as a basis for decision-making.

Comparison

Douglas Hubbard in, The Failure of Threat Analysis, is focused on the use of threat analysis in making decisions about financial aspects of business and industry. He offers methods to allow users of threat analysis to attain acceptable levels of accuracy and uniformity industry wide.

James Broder’s book Risk Analysis and the Security Survey uses risk analysis with a limited focus the narrow to providing security of corporate assets and reducing the risk of damage or loss.

Jean-Paul Chavas’ Risk Analysis in Theory and Practice uses advanced mathematics and probability theory to assess risk and loss in the economics of agriculture.

Ronczowski’s book discusses changes in the processes and techniques used in law enforcement in intelligence and analysis as a means of forecasting and deterring threats rather than investigating and responding.

Robert M. Clark is the first of the sources to apply risk analysis, assessment, and management to the field of intelligence and national security.

The publication of the International Association of Law Enforcement Intelligence Analysts (IALEIA) is a menu of proven intelligence techniques used by law enforcement. The description and explanation of the use of risk analysis and management was brief, informative and presented with case studies to show its application.

Most Informative

Most informative was Canadian Customs recognition of the value of threat analysis and their analysis and management techniques that were successful in streamlining their operations while maintaining increased focus on the highest-level threats. Customs analysts conduct periodic reviews of their threat analysis and use post seizure analyses to ensure their validity.

About the Source Author

The book, Intelligence Models and Best Practices is a book written and published by the International Association of Law Enforcement Intelligence Analysts (IALEIA). The IALEIA is an internationally recognized professional organization that is a forum for discussion for law enforcement professional working in intelligence. The organization promotes professional standards for intelligence analysts and supports the profession with educational materials, opportunities, and training. Heather Wynen, a Senior Intelligence Analyst for Canadian Customs (reorganized in 2003 to become Canadian Border Services Agency) wrote the chapter of the book about threat analysis and management.

Source Reliability

The source was retrieved from the website of the IALEIA and has a very high credibility rating (49.82). The author of the material reviewed is a documented professional in intelligence employed by the Canadian Border Services Agency.

Source Critiqued By

Edward N. Magno

emagno@

Mercyhurst College, Erie PA

Advanced Analytic Techniques Course

July 5, 2011

Sources Cited by This Source

The author did not cite any sources for this chapter. The work was an explanatory piece about the process of threat analysis used by Canadian Customs and case studies of its application.

Source 7, Structured Analytic Techniques for Intelligence Analysis

Heuer, R. J., Pherson, R. H. (2011). Structured analytic techniques for intelligence analysis. Washington, D.C.: CQ Press.

Analytic Technique: Risk Analysis

Purpose of the Source

The intent of the authors is to provide intelligence analysts and members of the intelligence community a wide range of reliable, proven analytic techniques and methods.

Content

The source presents a menu of more than 50 of the latest analytic techniques and a process to choose one or more of these techniques to apply to the needs or analytic problem faced by the reader or analyst. The explanations and step by step “how to” for each of these techniques are not as detailed as those offered by other authors or sources but they are concise and effective. The source does not specifically address Risk Analysis but one or more of the techniques presented in the book can be used to support a threat analysis and address the writer’s analytic question. An example of the techniques presented by the authors is Weighted Ranking as a method for ranking, scoring, and prioritizing. A weighted ranking can be used in a threat or vulnerability assessment during the conduct of a risk assessment.

Strengths of the Techniques

The process and matrices provided by the source are useful to the user to support a threat analysis.

  • Provide an analytic framework to understand a problem

  • A structured process to rank and score data and options

  • Provide a visual representation of complex data

Weaknesses of the Technique

The authors recognize that a weighted ranking has weaknesses that need to be considered.

  • Subject to the skill, knowledge and experience of the individual or group members conducting the activity

  • In a group setting the ranking does not show the range of opinions of the members of the group

Steps

The authors of the source material offer a step by step method for producing a weighted ranking.

  1. Calibrated experts select data or items used in the analysis

  2. A set of criteria are selected for ranking

  3. A table is created with the items to be ranked listed across the top row and

  4. Criteria for ranking are listed in the far left column and the weight given to the criteria in the next column to the right totals ,ust add up to 100%

  5. Work across the rows multiplying the criteria weight by the a value (1-10) of each Item to satisfy each of the the selected criteria

  6. Add the values down the column for each item

  7. The resultant scores represent the ranking of the items against one another

Purpose of the Technique

The technique can be used to identify priorities or rank potential threats to a target

Comparison

Douglas Hubbard in, The Failure of Threat Analysis, is focused on the use of threat analysis in making decisions about financial aspects of business and industry. He offers methods to allow users of threat analysis to attain acceptable levels of accuracy and uniformity industry wide.

James Broder’s book Risk Analysis and the Security Survey uses risk analysis with a limited focus the narrow to providing security of corporate assets and reducing the risk of damage or loss.

Jean-Paul Chavas’ Risk Analysis in Theory and Practice uses advanced mathematics and probability theory to assess risk and loss in the economics of agriculture.

Ronczowski’s book discusses changes in the processes and techniques used in law enforcement in intelligence and analysis as a means of forecasting and deterring threats rather than investigating and responding.

Robert M. Clark is the first of the sources to apply risk analysis, assessment, and management to the field of intelligence and national security.

The publication of the International Association of Law Enforcement Intelligence Analysts (IALEIA) is a menu of proven intelligence techniques used by law enforcement. The description and explanation of the use of risk analysis and management was brief, informative and presented with case studies to show its application.

Structured Analytic Techniques for Intelligence Analysis is a hands on source for analysts. It presents a much wider range and scope of techniques than is presented by the publication of the IALEIA which is limited and dated. Although the source does not have the specific focus of Clark’s work on risk analysis, the techniques presented are more effective applications simply explained.

In this same way the source surpasses Ronczowski’s book in application and focus on specific useful methods. Structured Analytic Techniques does not present the mathematic basis for threat analysis as does Chavas’ work but the techniques presented give accuate, valid, processes that are appropriate for intelligence analysts working in law enforcement and national security. The source has a wider more appropriate scope than Broder’s book and better overall application than that of Hubbard who presents us with valuable snippets of information and techniques of value.

Most Informative

Identifying the most informative aspects of this book is difficult. The source is a wealth of knowledge, filled with important effective techniques and methods that can be used by the reader in the field of intelligence analysis. The section of the book on Weighted Ranking is an example. The explanation and discussion was a simple, easy to understand treatment of an important analytic technique.

About the Source Author

The source is a book written by Richards J. Heuer Jr. and Randolph H. Pherson both of whom are retired from the Central Intelligence Agency and are recognized experts in the field of intelligence analysis. Although Heuer is retired from the CIA, he has had a continuing relationship with the agency for about 50 years as an analyst, an innovator of intelligence techniques, and an instructor. He has an AB in Philosophy from Williams College and an MA in International Relations from the University of Souhern California.

Pherson retired with 28 years of experience with the U.S. Intelligence Community. He served in various posts including National Intelligence Officer for Latin America. He collaborated with Heuer in the development of the Analysis of Competing Hypothesis (ACH) software tool. He has an AB from Dartmouth College and an M.A. in international relations from Yale.

Source Reliability

The source is a book written by Richards J. Heuer Jr. and Randolph H. Pherson. It is not an internet source. The source is highly reliable based on the background, knowledge and experience of its authors. Richards J. Heuer Jr. and Randolph H. Pherson are both recognized and highly regarded experts in the field of intelligence analysis.

Source Critiqued By

Edward N. Magno

emagno@

Mercyhurst College, Erie PA

Advanced Analytic Techniques Course

July 5, 2011

Sources Cited by This Source

Gawade, A. (2007). The checklist. New Yorker. /magazine/bios/atul_gawande/search?contributorName=atul%20gawande

Goldsmith, M. (2008). Preparing your professional checklist. Business Week. /managing/content/jan2008/ca20080115_768325.htm

Source 8, Estimating Terrorism Risk

Willis, H. H., Morral, A.R., Kelly, T.K. and Medby, J.J. (2011) Estimating Terrorism Risk, Santa Monica, Calif: RAND Corporation. /pubs/monographs/MG388

Analytic Technique: Risk Analysis

Purpose of the Source

The source provides is an informative article that offers a method of conducting a risk analysis “designed to perform well across a wide range of threat scenarios and risk types.”

Content

The authors offer the formula Risk = Threat x Vulnerability x Probability. They point out that the two primary reasons for uncertainty in estimating risk when it comes to terrorism is “variability and error in estimates of threats, vulnerabilities, and consequences” and the differences in values that are placed on different consequences. Therefore analysis often relies on best estimates “even when they have a low probability of being correct—and a high probability of being wrong.” An alternative approach offered by the source is to define multiple sets of measures for threats, vulnerabilities and consequences and use the multiple estimates and generate a single estimate from the multiple sets.

Strengths of the Technique

The authors believe that although risk analysis has negative aspects it is a valuable analytic tool.

  • Provides assessment to direct resources to meet threats at strategic level

Weaknesses of the Technique

The authors identify the weaknesses and shortfalls of the technique.

  • Does not produce the most accurate assessment

  • Does not allow adjustment assessment for localized changes in threat or vulnerability

Steps

The authors describe a systematic process to apply the technique.

1.Define multiple sets of threats, vulnerabilities and consequence measures

Examine the probabilities of attacks against specific targets

Consider different types of attacks against those targets

Consequences of the attacks

2. Generate multiple risk estimates

Use the values generated in the threat, vulnerability, and consequence sets to produce multiple estimates

Identify broad categories of risk based on the estimates

3. Using the multiple estimates formulate a single description of risk across multiple perspectives

4. Generate strategies effective against broad categories of risk

Purpose of the Technique

Risk Analysis is presented as a means for the Department of Homeland Security (DHS) to allocate their security resources in the most efficient manner to enact programs to prevent, prepare for, and respond to, terrorist activities and attacks. The problem faced by DHS is the magnitude of the problem and its range of responsibility and authority. The source attempts to provide a method to accomplish an assessment that can enable as efficient a response as possible in given the scope of authority and responsibility of the DHS.

Comparison

Estimating Terrorism Risk is written to provide a technique for an assessment of risk and to support risk management at the strategic level. The sources differs greatly from Broder’s Risk Analysis and the Security Survey which has a very narrow tactical focus, assessing risk to mitigate threat and enhance security for a specific target.

Estimating Terrorism Risk also differs from the works by Clark, Intelligence Analysis: A Target Centric Approach, Heuers and Pherson, Structured Analytic Techniques for Intelligence Analysis, and Heather Wynen, Structured Analytic Techniques for Intelligence Analysis, that were all treatments of techniques to be used to asses specific threats.

Douglas Hubbard’s, The Failure of Threat Analysis, and Jean-Paul Chavas’ Risk Analysis in Theory and Practice examine the use of mathematics and probability theory to increase the accuracy of risk assessments rather than focusing on the use of the technique to develop broad spectrum risk assessments.

Michael Ronczowski’s book Terrorism and Organized Hate Crime has the most common ground with this source because it discusses changes in the processes and techniques used in law enforcement in intelligence and analysis as a means of forecasting and deterring threats but it does not address wide scope risk assessment for strategic planning.

Most Informative

The most informative aspect of this source was the clear and succinct explanation of the elements of risk assessment, the means to conduct an effective assessment, and their application which is relevant to the personal test case.

About the Source Authors

Henry H. Willis is the Associate Director of the Homeland Security and Defense Center of the Rand Corportation. Willis has a Ph.D. in engineering and public policy, Carnegie Mellon University; M.A. in environmental engineering and science, University of Cincinnati; B.A. in chemistry and environmental sciences, University of Pennsylvania.

Andrew R. Morral is a senior behavioral scientist at the RAND Corporation, and director of the RAND Homeland Security and Defense Center. Morral has a PHD in Psychology from New School University .

Terrance K. Kelly is a Senior Researcher for the Rand Corporation he has a Ph.D. in mathematics, M.S. in computer and systems engineering, Rensselaer Polytechnic Institute; M.A. in strategic studies, U.S. Army War College; B.S. in strategic studies, United States Military Academy, West Point.

Jamison Jo Medbly is a Senior Researcher for the Rand Corporation. She has a Master’s Degree in Political Science from California State University and a Bachelor’s Degree in International Economics from the University of California at Los Angeles.

Source Reliability

The source is highly reliable, it was produced by the Rand Corporation, an independent and highly regarded organization that is used by the United States government and military, as well as non-government organizations, for intelligence estimates and research. The company is recognized internationally as a reliable and innovative source for research in foreign policy and national security. The authors of the source are qualified, experienced and recognized subject matter experts in their respective fields.

The Rand Corporation web site, has very high credibility, a score of 49.64 on the Trust and Website Reliability Scale (© Dax R. Norman, 2001. Unlimited personal, or education use authorized with this statement.).

Source Critiqued By

Edward N. Magno

emagno@

Mercyhurst College, Erie PA

Advanced Analytic Techniques Course

July 5, 2011

Sources Cited by This Source

Bozzette, S.A., Boer, R., Bhatnagar, A., Brower, J.L. Keeler, E.B., Morton, S.E., Stoto, M.A.,(2003). A model for a smallpox-vaccination Policy, The New England Journal of Medicine, 348,(5), 416–425.

Abt, C. C. (2003) The economic impact of nuclear terrorist attacks on freight transport systems in the age of seaport vulnerability , prepared for the U.S. Department of Transportation, Cambridge, Mass.: Abt Associates, 2003. /reports/ES-Economic _Impact_of_Nuclear_Terrorist_Attacks.pdf as of June 28, 2005.

Ayyub, B.M.(2005). Risk analysis for critical infrastructure and key asset protection: methods and challenges c.edu/dept/create/events/2004_11_18/Risk_Analysis_for_Critical_Infrastructure_and_Key _Asset_Protection.pdf as of June 28, 2005.

Canada, Ben, State Homeland Security Grant Program: Hypothetical Distribution Patterns of a Risk-Based Formula, Washington, D.C.: Congressional Research Service, 2003.

Chankong, Vira, and Yacov Y. Haimes, Multiobjective Decisionmaking: Theory and Methodology, New York: North Holland, 1983.

Clemen, Robert T., “Combining Economic Forecasts: A Review and Annotated Bibliography,” International Journal of Forecasting, Vol. 5, No. 4, 1989, pp. 559–583.

Davis, Paul K., “Institutionalizing Planning for Adaptiveness,” in Paul K. Davis, ed., New Challenges for Defense Planning: Rethinking How Much Is Enough, Santa Monica, Calif.: RAND Corporation, MR-400-RC, 1994, pp. 73–100. Online at /publications/MR/MR400 as of June 27, 2005.

Davis, Paul K., Analytic Architecture for Capabilities-Based Planning, Mission-System Analysis, and Transformation, Santa Monica, Calif.: RAND Corporation, MR-1513-OSD, 2002. Online at http:// /publications/MR/MR1513 as of June 27, 2005.

Haimes, Yacov Y., Risk Modeling, Assessment, and Management, Hoboken, N.J.: Wiley-Interscience, 2004.

Hammond, John S., Ralph L. Keeney, and Howard Raiffa, Smart Choices: A Practical Guide to Making Better Decisions, Boston: Harvard Business School Press, 1999.

Howard, Ronald A., James E. Matheson, and Katherine L., Readings in Decision Analysis, 2nd ed., Menlo Park, Calif.: Decision Analysis Group, Stanford Research Institute, 1977.

Keeney, Ralph L., Value-Focused Thinking: A Path to Creative Decisionmaking, Cambridge, Mass.: Harvard University Press, 1992.

Lakdawalla, Darius, and George Zanjani, Insurance, Self-Protection, and the Economics of Terrorism, Santa Monica, Calif.: RAND Corporation, 2004. Online at /publications/WR/WR171 as of June 28, 2005.

Lempert, Robert J., Steven W. Popper, and Steven C. Bankes, Shaping the Next One Hundred Years: New Methods for Quantitative, Long-Term Policy Analysis, Santa Monica, Calif.: RAND Corporation, MR-1626- CR, 2003. Online at /publications/MR/MR1626 as of June 27, 2005.

Morgan, M. Granger, Max Henrion, and Mitchell Small, Uncertainty: A Guide to Dealing with Uncertainty in Quantitative Risk and Policy Analysis, Cambridge: Cambridge University Press, 1990. Bibliography 65

Morgan, M. Granger, and David W. Keith, “Subjective Judgments by Climate Experts,” Environmental Science and Technology, Vol. 29, No. 10, 1995, pp. 468A–476A. Online at http://www.ucalgary.ca/~keith/ bjectiveJudgmentsByClimate%20Experts.s. pdf as of July 16, 2005.

Paté-Cornell, M. Elizabeth, Risks of Terrorist Attacks: Probabilistic Assessment and Use of Intelligence Information, presented at Symposium on Terrorism Risk Analysis, University of Southern California, Los Angeles, Calif., January 15, 2005. Online at c.edu/dept/create/ events/2005_02_01/Risks_of_Terrorist_Attacks_Probabilistic_ Assessment_and_use_of_Intelligence_Information.pdf as of June 28, 2005.

Ransdell, Tim, and Shervin Boloorian, Federal Formula Grants and California, Washington, D.C.: California Institute for Federal Policy Research, 2004.

Rinaldi, Steven M., James P. Peerenboom, and Terrence K. Kelly, “Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies,” IEEE Control Systems Magazine, Vol. 21, No. 6, 2001, pp. 11–25. Risk Management Solutions, Managing Terrorism Risk, Newark, Calif.: Risk Management Solutions, 2003. Online at / publications/terrorism_risk_modeling.pdf as of June 28, 2005. RMS. See Risk Management Solutions.

Savage, L. J., “The Theory of Statistical Decision,” Journal of the American Statistical Association, Vol 46, No. 253, 1951, pp. 55–67. Stern, Paul C., and Harvey V. Fineberg, Understanding Risk: Informing Decisions in a Democratic Society, Washington, D.C.: National Academy Press, 1996.

U.S. Census Bureau, United States Census 2000, Washington, D.C.: U.S. Census Bureau, 2000. Online at http://www.census.gov/main/www/ cen2000.html as of June 28, 2005.

U.S. Department of Homeland Security, Office for Domestic Preparedness, Fiscal Year 2004 Urban Areas Security Initiative Grant Program: Program Guidelines and Application Kit, Washington, D.C.: U.S. Department of Homeland Security, 2004. Online at http://www.dhs.gov/interweb/ assetlibrary/grants_audit_fy04uasi.pdf as of June 27, 2005. 66 Estimating Terrorism Risk.

U.S. House of Representatives, Homeland Security: The Balance Between Crisis and consequence Management Through Training and Assistance: Hearing Before the Subcommittee on Crime, Terrorism, and Homeland Security of the Committee on the Judiciary, Washington, D.C.: U.S. Government Printing Office, 2003. Online at http://frwebgate .access.gpo.gov/cgi-bin/getdoc.cgi?dbname=108_house_hearings&docid =f:90547.wais.pdf as of June 28, 2005.

von Winterfeldt, Detlof, and Heather Rosoff, Using Project Risk Analysis to Counter Terrorism, presented at Symposium on Terrorism Risk Analysis, University of Southern California, Los Angeles, Calif., January 13–14, 2005. Online at c.edu/dept/create/events/2005_01_31/ Using_Project_Risk_Analysis_to_Counter_Terrorism.pdf as of June 28, 2005.

Woo, Gordon, Quantifying Insurance Terrorism Risk, Newark, Calif.: Risk Management Solutions, 2002a. Online at / NewsPress/Quantifying_Insurance_Terrorism_Risk.pdf as of June 28, 2005. ———, Understanding Terrorism Risk, Newark, Calif.: Risk Management Solutions, 2002b. Online at /Publications/ UnderstandTerRisk_Woo_RiskReport04.pdf as of June 28, 2005

Appendix A

Appendix B

Personal Test Case

Reference notes

1. United States National Counterterrorism Center 2011 Counter Terrorism Calendar http://www.nctc.gov/site/index.html

2. Bajoria, J., Pakistan’s new generation of terrorists. Council on Foreign Relations /pakistan/pakistans-new-generation-terrorists/p15422

3. Gagel, A.C., Cordesman, A.H.(2011) Patterns in terrorism in North Africa, the Middle East, Central Asia and South Asia: 2007-2010. Washington, D.C. Center for Strategic and International Studies. /files/publication/110629_MENA_Central_Asia_China_Terrorism_2007_2010.pdf

4. Jung, A., Khan, F., Haque, J. (2011) Navy says PNS base under control after attack. BBC News: .pk/story/173888/blast-on-dalmia-road/

5. BBC May 25, 2011 .pk/story/175661/timeline-terrorist-attacks-in-pakistan-in-may-2011/

6. Abbas, Hassan. Council for Foreign Relations /pakistan/ctc-sentinel-defining-punjabi-taliban-network/p20409

Appendix C

Perimeter Security

Are there exterior barriers extending the physical perimeter (i.e., concrete barriers, planters, bollards, boulders, fences, vehicle gate controls, etc.) of the facility? Yes ____ No ____

Are there parking barriers separating the parking/drop-off area from the facility?

Yes ____ No ____

Comment:

________________________________________________________________

________________________________________________________________

Distance in meters from the building to the nearest public street: ____________

Distance in meters from the building to the nearest public on-street parking: _______

Distance in meters from the building to the nearest public parking lot: __________

Are there parks, plazas, or other public areas immediately adjacent to the building? Yes _____ No _____

Exterior

Item

Yes

No

Description/comments

Outer Perimeter General

Property is fenced or walled

Blast walls present

Anti-ram material in effective locations

Nearest street within 10 meters of the facility structure

Access driveways are straight

Access driveways are curved

CCTV cameras monitoring outer perimeter areas

Back-up power located on outer perimeter

Outer perimeter is lit

Main floor windows/glass doors glazed to resist blasts

Second floor windows/glass doors glazed to resist blasts

Do blast walls protect the facility?

Gas/fuel storage areas are protected

Exterior

Item

Yes

No

Description/comments

Perimeter

Adequate general lighting

Entrance well lit

Walkways adequately lit

Stairs or ramps well lit

Building façade lit

Adequate entry/exit signage

Security signage

CCTV cameras present

CCTV cameras work

Adequate CCTV image at night

CCTV camera coverage adequate

Anti-ram barriers

Adequate stand off distance

Vehicle search area

Guest baggage search area

Controlled vehicle approach

Security personnel visible

Alternate guest entry/exit doors well marked

Alternate guest entry/exit doors controlled

Non-guest entry doors locked

Façade thickness

Façade material (cement, wood, etc.)

On-Site Parking

Underground parking: Yes_____ No_____

If yes, how is parking controlled? How is public parking controlled?

________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

Outside parking area: Yes _____ No _____

If yes, how is parking controlled? How is public parking controlled?

________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

Is employee parking separated from public parking? Yes ____ No ____

If no, please explain.

________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

Are all vehicles set back at least 30 meters from the facility? Yes ____ No ____

If no, are the vehicles within 30 meters of the facility screened by a guard?

Yes ____ No ____

Are procedures established and implemented to alert the public to towing policies and the removal of unauthorized vehicles? Yes ____ No ____

Are procedures established for identifying vehicles and corresponding parking spaces (placard, decal, card key, etc.)? Yes _____ No _____

Exterior

Item

Yes

No

Description/Comments

Vehicle Parking Area

Adequate general lighting

Walkways adequately lit

Stairs or ramps well lit

Adequate entry/exit signage

Security signage

Anti-ram barriers

Adequate stand off distance

CCTV cameras present

CCTV cameras work

Adequate CCTV image at night

CCTV camera coverage adequate

Controlled vehicle approach

Security personnel visible

Vehicles go through search before entering

Building Heating, Ventilating, and Air Conditioning (HVAC) System

Has the HVAC system been assessed and steps taken to decrease its vulnerability to a chemical, biological, and radiological (CBR) threat? Yes _____ No_____

Explain:_________________________________________________________________________________________________________________________

Is there the ability and are procedures established to close the air intake system? Yes ____ No____

Are there dedicated HVAC systems for lobbies, mailrooms, and loading docks?

Yes____ No ____

Closed-Circuit Television (CCTV) Monitoring

CCTV surveillance? Yes ______ No _____

If yes, what is the CCTV coverage? Is there 360-degree coverage?

________________________________________________________________

________________________________________________________________

________________________________________________________________

Are the surveillance and recording by the CCTV 24-hour? Yes _____ No _____

Is there a pan, tilt, and zoom capability along with a still picture capability?

Yes ____ No ____

Are the video recordings time-lapsed? Yes ____ No ____

Is there a security room with two officers monitoring the CCTV system on a 24-hour basis? Yes ____ No ____

If no, please explain._______________________________________________

________________________________________________________________

________________________________________________________________

Is there one monitor for every eight cameras? Yes ____ No ____

Is there a back-up power supply? Yes ____ No ____

Are the recordings maintained for at least 30 days? Yes ______ No ______

Are warning signs posted advising of 24-hour video surveillance?

Yes ______ No _______

General Lighting

Is there standard safety-code emergency lighting in all areas to provide for safe evacuation of buildings in case of natural disaster, power outage, or criminal/ terrorist activity? Yes ______ No______

Is there exterior lighting with 360-degree coverage around the exterior of the facility? Yes ____ No ____

Is there at least 30-minute battery back-up power of this emergency lighting?

Yes _____No ______

Is there adequate lighting for the parking areas? Yes _____ No _____

Are the minimum lighting requirements for the CCTV system met? Yes ____ No ____

If no to any of the questions above under “Lighting,” please explain:

________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

Receiving/Shipping/Deliveries

Is access to the receiving/shipping/deliveries area restricted to authorized personnel and vehicles? Yes ____ No ____

Is the receiving/shipping/deliveries area monitored or secured?

Yes ____ No ____

Is there a fixed guard or employee at the receiving/shipping/deliveries area?

Yes ____ No ____

Controlled vehicle approach? Yes ____ No ____

Security personnel visible? Yes ____ No ____

Delivery bays well lit? Yes ____ No ____

Delivery doors locked when not attended? Yes ____ No ____

Deliveries made at controlled times? Yes ____ No ____

Are all mail and packages subject to screening and/or visual inspection before entering the facility? Yes ____ No ____

If yes, explain the process used, type of equipment, and location:

________________________________________________________________

________________________________________________________________

________________________________________________________________

Is periodic security training for letter bombs/suspicious packages provided to appropriate personnel? Yes ____ No ____

Are dumpsters in a secured area? Yes _____ No _____

Security Force

Is there a security force? Yes_____ No _____

Security force: Armed ______ or Unarmed ______

If the facility has magnetometer screening checkpoints, are personnel manning these checkpoints armed? Yes ____ No ____

Security roving patrols: Yes _____ No _____ Hours of patrols and locations:

________________________________________________________________

________________________________________________________________

24-hour security service on site: Yes ______ No ______

Is there a dedicated, trained on-site security manager? Yes ____ No ____

Are there security personnel at all accessible entrances/exits? Yes ____ No ____

Are the security personnel at these open access points checking identification? Yes ____No ____

If no, explain what security procedures are established for your open access points. Is a receptionist or other individual checking identification at these open access points?

________________________________________________________________

________________________________________________________________

________________________________________________________________

Is there a reliable 24-hour communications system for all security personnel? Yes ____ No ____

Control Procedures for Service Contract Personnel

Are procedures established to ensure security for private contractors or maintenance personnel who are on site? Yes ______ No ______

Explain:

________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

Are photo IDs required to be worn and displayed at all times by personnel and cleared contractors? Yes _____ No _____

Interior Security

Do all exterior entrances have appropriate high security locks?

Yes _____ No _____

Is there a central database containing the location and serial number of all keys?

Yes ____ No ____

Is there key control for perimeter doors? Yes _____ No _____

Are hinges on the inside of exterior doors? Yes _____ No _____

Are guard plates on all exterior locks? Yes _____ No _____

Are exterior first floor windows lockable? Yes _____ No _____ If no, explain:

________________________________________________________________

________________________________________________________________

Is there an intrusion detection system (IDS – alarm system) with 24-hour central monitoring capability? Yes _____ No _____

If yes, are all access points, such as exterior doors and loading dock doors, alarmed? Yes ____ No ____

If yes, are all windows alarmed? Yes _____ No _____

What other areas within the facility are alarmed?

________________________________________________________________

If there is an IDS system, is the monitoring done on site by the security service, by local alarm monitoring company, or by a local police department?

________________________________________________________________

________________________________________________________________

________________________________________________________________

Are all alarms set up properly during secure hours? Yes ____ No ____

Are the alarms tested periodically? Yes _____ No _____

Is the IDS system utilizing line supervision and back-up power?

Yes ____ No ____

Are there magnetometers (walk-throughs) at the public entrances with trained operators? Yes ____ No _____

Are there additional security screening devices in use? Yes ____ No ____

If yes, please explain:

________________________________________________________________

________________________________________________________________

________________________________________________________________

Access Control

Visitor/guest/occupant identification

Is there a visitor/guest/occupant control screening system in place for visitors? Yes ____ No _____

Explain the visitor/guest/occupant control screening system:

________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

Interior

Item

Yes

No

Description/comments

Customer Service/Front Desk/Reception Area

Well lit

Emergency lighting present

Physical barrier between guest and attendant

Emergency call or duress system

Public address system

Additional staff consistently near

CCTV cameras present

CCTV cameras work

CCTV camera coverage good

Adequate CCTV image in low light

Smoke detectors present

Automatic fire sprinkler system

Interior

Item

Yes

No

Description/Comments

Lobby Area or Foyer

Adequate lighting

Emergency lights present

Smoke detectors present

Security officer present

CCTV cameras present

CCTV cameras work

Adequate CCTV image in low light

CCTV camera coverage adequate

Exit signage

Emergency exits marked clearly

Fire alarm annunciators

Directional signage

Public address system

Personal search occurs on entry (metal, X-ray, etc)

Interior

Item

Yes

No

Description/Comments

Public Toilets

Patrolled by security or staff on a random frequency

Emergency lighting present

Exit signage

Fire alarm annunciators

PA system

Elevators and Stairs

Well lit

Emergency lighting present

Stairwell exits clearing marked

Access to guest floors controlled with access control technology

CCTV cameras present

CCTV cameras work

CCTV camera coverage adequate

Public address system

Fire alarm annunciators

Signage not to use elevator during a fire

Elevator has fire department over-ride key

Interior

Item

Yes

No

Description/Comments

Conference Rooms

Separate from the main facility

One wall is a building façade wall

One or more walls containing large amounts of glass

Conference room is isolated from facility façade walls

Well lit

Emergency lighting present

Fire alarm annunciators

Automated fire sprinkler system

Emergency exit doors well marked

Public address system

Access controlled

Interior

Item

Yes

No

Description/Comments

Restaurants/ Cafes Associated with Facility

Adequate lighting

Emergency lights present

Emergency exits well marked

Cashier area monitored by CCTV

Smoke detectors present

Fire alarm annunciators

Kitchen has automatic fire suppression

Delivery doors to the kitchen are access controlled

Public address system

Separate entrance from main facility?

If so, separate access control system?

Guest Rooms

Access controlled doors

Deadbolt lock on door

Door security chain

Door peephole

Telephone

Smoke alarm present

Fire alarm annunciators

Automatic fire alarm sprinkler

Emergency evacuation guide or map

Interior

Item

Yes

No

Description/Comments

Guest security lock box in room

Guest Corridors

Well lit

Emergency lighting present

Emergency exits or stairwells clearly marked

Smoke detectors

Fire alarm annunciators

Automatic fire sprinkler system

CCTV monitoring

In-house emergency phone

Random patrol by security or staff

Recreation Areas

Well lit

Emergency lighting present

Emergency in-house phone

Emergency exits marked

Smoke detectors present

Fire alarm annunciators

Automatic fire sprinkler system

Staff signage

Access controlled

Monitored by CCTV

Safety and Security Planning

Does the facility have an emergency operations or crisis management plan? Yes _____ No _____

Occupant/guest/employee emergency evacuation plan: Yes _____ No _____

Bomb threat procedure plan: Yes _____ No _____

Is there a “shelter in place” plan? Yes ____ No ____

Is there a facility emergency public address system? Yes ___ No ___

Is there an identified emergency relocation site for occupants/employees/guests? Yes____No___

Is the designated emergency relocation site sufficiently distant from the facility to provide safety from secondary IEDs or other secondary hazards?

Yes____ No____

Response to offenses/incidents:

Contract security: Yes _____ No _____

Typical emergency response time: ______________

Local police: Yes _____ No _____

Typical emergency response time: _______________

Command Post or Emergency Operations Center

Is there a facility command post or emergency operations center? Yes___No___

If yes, address the following items:

Security Command Center

Item

Yes

No

Description/Comment

Environment

Adequately lit

Emergency lighting present

Access controlled

Security equipment room separate from control room

Adequate and independent ventilation of equipment room

Adequate and independent ventilation of control room

Smoke detectors present

Fire alarm annunciators

Automatic fire suppression system non-water based

Telephone

Cell phone

Alternate power source automatically available

Location of security command center hardened

Wall thickness

Type of entry door (wood, metal, etc.)

Security Command Center

Item

Yes

No

Description/Comment

Technology

Computer-based technologies

Computers password protected

CCTV monitors functioning

Number of CCTV monitors

How many images per monitor?

CCTV system displays images via a switcher

Frequency of image rotation

CCTV system displays images via a multiplexer

All images permit identification of people and activities

Radio communication with security officers

Situation boards for emergency operations

Documentation

Management contact list

Emergency services contact list

Contact list for other building security command centers

Building blueprints available

Emergency procedures checklist

General security orders and procedures

Building standard operating procedures

Documentation of maintenance logs and test results

Security Command Center

Item

Yes

No

Description/Comment

Facility Recovery Preparations

All important information is backed up and stored in an alternate location

Alternate location identified to operate from

Option plans for catastrophic damage

Mutual assistance agreements with other local buildings

Cooperative meetings to share information affecting security

Staff and family assistance procedures

Guest assistance and support procedures

List of staff and employee home contact information

Other Security

Active surveillance detection

Request threat updates from embassies

Request threat updates from local government

Security Training and Intelligence Sharing

Is security awareness training for all employees conducted?

Yes ______ No ______

Explain: _________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

Has the principal security manager established procedures to ensure timely delivery of critical intelligence and threat alerts provided by law enforcement to the appropriate individuals? Yes ______ No ______

Explain: _________________________________________________________

________________________________________________________________

________________________________________________________________

Does the facility have security procedures established to respond to incoming threat alerts? Yes ______ No ______

Explain: _________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

________________________________________________________________

Is there a facility incident reporting system? Yes ____ No ___

To whom is this information reported?

________________________________________________________________________________________________________________________________

1

Смотреть полностью


Скачать документ

Похожие документы:

  1. Gce psychology

    Документ
    ... an evaluation of research in witness appeal – particularly issues over gender, race ... and cover revision techniques A3 paper Past exam ... points of Sutherland’s theory. Thisis fed back tothe group ... as a child. Why did you like them? What was thepurpose ...
  2. Bachelor of technology (mechanical & automation engineering)

    Документ
    ... ofthepaper what its purposeis. You may follow the following: statement ofpurpose/objectives main body ofthepaper ... : The objective ofthis course isto give students an in-depth exposure to methods in optimization technique. This ...
  3. Abstract To test the hypothesis that nitroglycerin (NTG) may have a harmful effect on cardiac output (CO) in pts with CHF in whom previous treatment with diuretics and vasodilators considerably reduced left ventricular filling pressure (LVFP)

    Документ
    ... isthe standard procedure, thepurposeofthispaperisto describe a new surgical technique and indicate its role in the ... /REGRESSION-ANALYSIS/RISK FACTORS/STROKE Cacciatore, A. and Russo, L.S. (1991), Lacunar Infarction AsAn Embolic Complication of ...
  4. Block 9 - stage 2 – schedules 1 and 4 navajo indian irrigation project new mexico foreword

    Документ
    ... occurring asan indentation tothe surface is measured by placing the straightedge across the indentation, as shown ... wire is required. (c) Cathodic protection cable. - Paragraph 11.1.1. (2) Definitions. ‑ For thepurposesofthis paragraph, the ...
  5. The Roles of Aid in Politics

    Документ
    ... is worthwhile for purposesof causal analysisto distinguish ideas that develop or justify value commitments ... , pp. 1167-1184. The aim ofthispaperistoassessthe inter-country allocation of foreign aid by ...

Другие похожие документы..