SECTION I: RISK ANALYSIS Risk Analysis--The Basis for Appropriate and Economical Countermeasures Critical Thinking Qualitative versus Quantitative Analysis Theory, Practice, and Tools Organization Risk Analysis Basics and the Department of Homeland Security-Approved Risk Analysis Methods Risk Analysis for Facilities and Structures Many Interested Stakeholders and Agendas Commercially Available Software Tools Risk Analysis Basics Risk Assessment Steps Which Methodology to Use? Risk Analysis Skills and Tools Skill #1: Gathering Data Skill #2: Research and Evidence Gathering Skill #3: Critical Thinking in the Risk Analysis Process Skill #4: Quantitative Analysis Skill #5: Qualitative Analysis Skill #6: Countermeasures Selection Skill #7: Report Writing Critical Thinking and the Risk Analysis Process Overview of Critical Thinking The Importance of Critical Thinking Analysis Requires Critical Thinking The Eight Elements that make up the Thinking Process The Concepts, Goals, Principles, and Elements of Critical Thinking Pseudo-Critical Thinking Intellectual Traits The Importance of Integrating Critical Thinking into Everyday Thinking Applying Critical Thinking to Risk Analysis More about Critical Thinking The Root of Problems Asset Characterization and Identification Theory Practice Tools Criticality and Consequence Analysis Twofold Approach Criticality Consequence Analysis Building your Own Criticality/Consequences Matrix Criticality/Consequence Matrix Instructions Threat Analysis Theory Practice Tools Assessing Vulnerability Review of Vulnerability Assessment Model Define Scenarios and Evaluate Specific Consequences Evaluate Vulnerability Estimating Probability Resources for Likelihood Criminal versus Terrorism Likelihood Resources Criminal Incident Likelihood Estimates The Risk Analysis Process Diagram Analysis Asset Target Value Matrices Probability Summary Matrix Vulnerability Components Prioritizing Risk Prioritization Criteria Natural Prioritization (Prioritizing By Formula) Prioritization of Risk Communicating Priorities Effectively Best Practices Ranking Risk Results SECTION II: POLICY DEVELOPMENT BEFORE COUNTERMEASURES Security Policy Introduction The Hierarchy of Security Program Development What are Policies, Standards, Guidelines, and Procedures? Security Policy and Countermeasure Goals Theory The Role of Policies in the Security Program The Role of Countermeasures in the Security Program Why Should Policies Precede Countermeasures? Security Policy Goals Security Countermeasure Goals Policy Support for Countermeasures Key Policies Developing Effective Security Policies Process for Developing and Introducing Security Policies Policy Requirements Basic Security Policies Security Policy Implementation Guidelines Regulatory-Driven Policies Nonregulatory-Driven Policies SECTION III: COUNTERMEASURE SELECTION  Countermeasure Goals and Strategies Countermeasure Objectives, Goals, and Strategies Access Control Deterrence Detection Assessment Response (Including Delay) Evidence Gathering Comply with the Business Culture of the Organization Minimize Impediments to Normal Business Operations Safe and Secure Environment Design Programs to Mitigate possible Harm from Hazards and Threat Actors Types of Countermeasures Baseline Security Program Specific Countermeasures Countermeasures Selection Basics No-Tech Elements Countermeasure Selection and Budgeting Tools The Challenge Countermeasure Effectiveness Functions of Countermeasures Countermeasure Effectiveness Metrics Helping Decision Makers Reach Consensus on Countermeasure Alternatives Helping Decision Makers Reach Consensus on Countermeasure Alternatives Security Effectiveness Metrics Theory Sandia Model A Useful Commercial Model What kind of Information Do We Need to Evaluate to Determine Security Program Effectiveness? What Kind of Metrics Can Help Us Analyze Security Program Effectiveness? Cost-Effectiveness Metrics What Are the Limitations of Cost-Effectiveness Metrics? What Metrics Can Be Used to Determine Cost-Effectiveness? Communicating Priorities Effectively Basis of Argument Complete Cost-Effectiveness Matrix Complete Cost-Effectiveness Matrix Elements Writing Effective Reports The Comprehensive Risk Analysis Report Countermeasures Report Supplements Each chapter begins with an "Introduction"and ends with a "Summary".