Module Five - Final Exam
docx
keyboard_arrow_up
School
Northern Arizona University *
*We aren’t endorsed by this school
Course
370
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
6
Uploaded by jeannicoleang
INT 370 Final Exam
Final Exam
INT 370
NAU
Final Exam
1.
What are the principles of Protective Security?
“The easiest battle to win is the one that is never fought.” Protective Security is made up of eight principles: Prevention, Information Collection, Information sharing, Risk Mitigation, Cost-Benefit Analysis, Situational Awareness, Security, and Suspicious Activity. Protection – The best way to respond to a terrorist attack is to prevent it from eve happening. One of the easiest and inexpensive ways to prevent an attack is to raise the level of awareness of all personnel present at a potential target to the threat =an adversary
may pose. Training personnel who work at a critical asset about the threats, risks, tactics, and weapons used by adversaries could help to interdict a potential attack while it is still in the planning stages. Information Collection – Criminals and terrorist may take weeks or months to collect the information they need to plan an operation. The use of methods and sources of getting information early in the planning stage helps to minimize the risk of an operation being compromised. If understand how information can be collected by the bad guys and using it against us, we can take steps to protect the information that is determined to be critical. Common ways criminals and terrorist collect intelligence is by: Open Sources Research, Communication, People, and Public Domain Technical Reports. Information Sharing – When information has been analyzed it should be disseminated to all applicable law enforcement and emergency response agencies for appropriate actions. Information should also be shared with the private and public sector critical infrastructure, key resources, key assets, or soft target that may be impacted by terrorist activity. Risk Mitigation – Involves the implementation or installation of security countermeasures
intended to sufficiently reduce the identified risks to the critical asset based on the results of the risk assessment process. The goal is to protect the critical asset with cost-effective and practical security countermeasures that are applicable and reasonable to the critical asset being protected.
Cost-Benefit Analysis – The purpose of the cost-benefit analysis is to demonstrate that funds spent on implementing the security countermeasures can be justified with a corresponding reduction in risk to the critical asset.
Situational Awareness – Is the knowledge of where you are, where other friendly elements are, and identifying potential threats and dangerous situations. Continuously
INT 370 Final Exam
being aware of everything that is happening around oneself and the importance of everything observed.
Security – Protecting information is the cornerstone of the operational security process. OPSEC coordinates all actions necessary to prevent an adversary from learning about plans or operations. It is a five-step analytic risk management process that can be constantly updated and reviewed based on current threats. Suspicious Activity – It is important that everyone understands that they have a part in preventing an adversary attack from occurring. One way everyone can participate in everyday counterterrorism efforts is to be aware of suspicious attack. If you see something say something. 2.
What is Risk Management? Why is it important?
Risk is present in everything we do, but risk can be controlled. We can control and minimize the unnecessary risks we faced every day. Risk management is a systematic, analytical process. Risk management involves using all of the information gathered during the risk analysis and assessment process to evaluate security policy options. It is the process involved in the identification, selection, and adoption of security measures justified by the identified risks to a critical asset, and the reduction of these risk to acceptable levels that reflect the best combination of security and cost. The challenge of risk management is to find the balance between protecting critical assets, not interfering with the primary mission of the critical asset and avoiding fiscal collapse in the process of implementing security countermeasures. Risk management is made up of four principles. Accept No Unnecessary Risks - is when all hazard that could have been detected have not
been detected, then unnecessary risks are accepted by the critical asset. When new intelligence information is gathered and analyzed, it must be communicated to appropriate levels of personal to ensure appropriate security countermeasures can be implemented.
Make Risk Decisions at the Appropriate level – Risk decisions should be made at the lowest possible level in the organization. It allows for the timeliest decision to be made and allow for the quickest response time to implement appropriate security countermeasures. Accept Risks When the Costs Outweigh the Benefits – The fundamental objective of risk management is to minimize and ultimately eliminate risk. Someone will need to make the
decision not to implement a particular security countermeasure to address a specific threat. Sometimes, it is more practical to accept the risk based on analysis that an attack is
unlikely to occur or will be unsuccessful.
Integrate Risk Management into Operations and Planning at All Levels – Risk management must be incorporated at all levels of an organization in everyday planning and security operations.
INT 370 Final Exam
Risk management is important because a terrorism risk can be managed in order to minimize the threat and mitigate the potential impacts. In the absence of a loss, insurance provides comfort to a critical asset, it also offers a path to recovery if a terrorist event does occur. Risk-management is a never-ending process, and it is important to continue new tactics as threats continue to evolve. It is important to continue to assess the threat and vulnerabilities and continuing to install new security countermeasures.
3.
What Critical Infrastructure/Key Resources/Key Assets would you protect and how?
The Critical Infrastructure that I would protect would be a Nuclear Plants. Nuclear Plants are used to produce isotopes for medical uses and to train nuclear engineers. The nuclear industry also includes hundreds of plants that enrich uranium and fabricate fuel for reactors. Some of these facilities contain materials terrorists could use to build a nuclear or dirty bomb. Power plants could be hijacked to create an accident like sending clouds of
radioactivity over hundreds of miles. It is important to regulate both safety and security at
nuclear power plants. I would protect it by adding multiple layers of protection to the core reactors. My workforce would increase one-third to include security relations. I would conduct regular drills on the nuclear plants and have assistance by well trained former military units to attack the plant with up-to-date materials and techniques. Majority of new reactors come online; I would regulate to ensure cybersecurity on the reactors. I would regulate and enforce new security measures and inspect security at nuclear sites. Most importantly, security forces at nuclear facilities should be required to practice attack scenarios regularly under the gaze of independent observers. The Key Resource that I would protect would be a cruise ship. Cruise ships offer great value to an individual on their vacation, because the fares include nearly everything you’ll need for a fantastic trip. On a cruise you unpack once, and your floating hotel takes
you from city to city or from island to island and there’s no need to mess with a train or ferry schedules. Ships are floating cities, which makes them more vulnerable to terrorist attacks. Cruise ships carry under 23 million passengers which can be in harms way for a terrorist attack. I would protect the ship by monitoring the communication connections on
the ship, as well as checking the navigation constantly and program cybersecurity measurements to prevent from getting hijacked. I will also provide a prevention plan to the guest on-board to make them aware if an attack were to occur and to be well aware of
their surroundings. If they see anything, to say something. The Key Asset that I would protect would be the Washington Monument. The Washington Monument has a lot of history, and it is important to preserve it. -It symbolizes America’s heritage, it’s a high-profile landmark, not well protected, popular, attracts many visitors daily and has open and easy accessibility. The high potential for an unacceptable loss of life and property exists, along with the severe degradation of the public image and confidence in the ability of the United States to protect its people and
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
INT 370 Final Exam
its treasures. In order to protect this monument, I would ask for an increase in park police. I would create an analysis of the monument to determine its weak spots and come up with a protection plan to prevent excruciating damage from occurring. Since spending $3 million in restoring it is not an option. I would also update the communication system for our park police to prevent lack of back-up if an incident were to occur. 4.
What are the key national emergency response considerations?
Emergencies and disasters can strike anywhere and at any time bringing workplace injuries and illnesses with them. Employers and workers may be required to deal with an emergency when it is least expected and proper planning before, and emergency is necessary to respond effectively. The first step when developing an emergency response plan is to conduct a risk assessment to identify potential emergency scenarios. An understanding of what can happen will enable to determine resource requirements and to develop plans and procedures to properly prepare for emergencies. Written emergency response plans are the blueprint that employees and emergency responders will follow in the event of an emergency. The key national emergency response consideration is either to shelter-in-place or evacuate. Shelter in place is a viable protective option, especially when a large number of
people might have to be protected. It is sometimes safer to leave people where they are than to move them into a dangerous place. Evacuation is more appropriate whenever people are in more danger remaining in their present location than if they were to move. It’s important to identify potential evacuation areas and how personnel will get to the evacuation area. The written emergency response plan should cover all potential natural, accidental, and intentional emergencies that may arise. The emergency response plan should include: alarm systems, Shelter in Place, Evacuation, Medical Emergencies, Fire, Rescue, Hazardous Materials, Incident Command System, Responsibilities, Emergency Communication, Account for People, Communicate with Personnel, Designated Facilities, and Training. 5.
Describe Weapon of Mass Destruction (WMD) attack protocol.
Effective response to WMB incidents requires comprehensive standard operating procedures, highly effective personal protective equipment, and hundreds of hours of specialized training. If a terrorist were to deploy a WMB, the area would become a crime scene. Although the first priority of emergency responders would be to save lives and minimize property damage, and effort must be made to preserve the scene and its evidence as much as possible by proper handling of the scene and accompanying evidence in order to identify and apprehend the perpetrator(s).
The Incident Commander at a terrorist incident has a responsibility regarding evidence preservation. Those responsibilities include developing a management system to coordinate the evidence preservation and chain of custody procedures with all responders.
INT 370 Final Exam
First responders should establish perimeter around the scene to protect potential evidence.
The perimeter should be sized appropriately such that it encompasses the area in which the physical evidence is located. The first instinct when a threat has been received or an attack executed against a target is to evacuate personnel from the “danger area” to a perceived “safe area.” However, there are times when evacuation is not the best option to protect people. Typically, an evacuation results in a large number of people grouped together. An adversary may use the tactic of calling in a bomb threat or activating the fire alarm system to cause an evacuation. The adversary may use this tactic in a hardened facility, when access to people would normally not be present in the critical asset. The adversary could deploy a chemical, biological,
Sheltering in Place means personnel are told to stay where they are when an emergency occurs. Sometimes sheltering in place provides a better option to protect personnel rather than evacuation. This especially helps when there is a large number of people. When a threat has been received, a decision must be made concerning what to do with the
personnel who are in the potentially affected are. There are three choices available:
Do Nothing - These is typically utilized when there is a high probability that the threat is a hoax. When the threat appears to be a hoax, oftentimes the best option is to do nothing rather than disrupt the normal operations at the critical asset, especially when there are large number of people or people with special needs involved
Partial Evacuation - Can be used if there is some credibility to the threat. A partial evacuation is used to move people from a potentially affected area of the critical asset but
leaves the remainder of the personnel in place. It may also be used if there are sensitive populations, such as small children, who will require additional time to evacuate the area.
A plan must be in place to inform the balance of the population who remain in place why they are not being evacuated and what actions, if any, they should take. Full Evacuation - Full evacuation of a critical asset is a major undertaking and should only be done when the credibility of a threat is high. There should be a plan in place to evacuate personnel in a prearranged, staged, and orderly manner so that the evacuation can be accomplished efficiently and safely. The plan must also address the issue of where
the evacuated personnel will go, who will perform a headcount to make sure everyone has evacuated, and how to handle personnel who are reported missing.
Reference
Assessing and Managing the Terrorism Threat, U.S. Department of Justice, Bureau of Justice Assistance, September 2005.
INT 370 Final Exam
Bennett, Brian T.. Understanding, Assessing, and Responding to Terrorism (Kindle Locations 11640-11641). Wiley. Kindle Edition.
Department of Homeland Security, September 2012.
Executive Order 13010, “Critical Infrastructure Protection,” Federal Register, July 17, 1996, vol.
61, no. 138, p. 37347. Homeland Security Exercise and Evaluation Program, US Department of Homeland Security, May 2004. Homeland Security Exercise and Evaluation Program, US Department of Homeland Security, April 2013.
National Strategy for Homeland Security, July 16, 2002.
OPSEC for Public Agencies Training Manual, US Department of Homeland Security. https:// www.dhs.gov/ topic/ information-sharing
“Threat and Hazard Identification and Risk Assessment Guide,” Comprehensive Preparedness Guide (CPG) 201, Second Edition, US DHS, August 2013.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help