connection between vulnerability assessments and the analysis of the risk
The article discusses the connection between vulnerability assessments and the analysis of the risk. From the article, the first step in a risk management program is threat assessment. The assessment should examine supporting information to evaluate the relative likelihood of occurrence for each threat. The authors of this article mention that facility owners, especially owners of public facilities, should develop and implement a security risk management methodology which adheres to the Interagency Security Committee — standard while also supporting the security needs of the organization. It also points out that for criminal threats, the crime rates in the surrounding area provide a good indicator of the type of illegal activity that may threaten the facility.
Also, the type of terrorist act may vary about the potential adversary and the method of attack most likely to be successful for a given scenario. For instance, terrorists wishing to strike against the federal government may be more possible to attack a large federal building than to attack a multi-tenant. The various examples of assessments are, defined: human-made, Credible: human-made, potential: human-made and minimal: human-made. The article shares about the vulnerability assessment that must be performed on plausible threats. The vulnerability assessment may also involve detailed analysis of the potential impact of loss from explosive, chemical or biological attacks. The authors discuss risks analysis explains on a combination of the outcome of loss rating, and the vulnerability rating that can be utilized to assess the potential risks to the facility from a given threat. On upgrade recommendation, based on the fining from the analysis of the risk, the next step in the process is to find out the countermeasures upgrades that will lower the different levels of risks. The articles also discuss the re-evaluation of risks and application of the concepts. The most crucial software tool linked with implementation of FSRM is entitled FSR-manager. The FSR-manager uses such information in determining the risks level from each threat and classifies the risk level as high, medium, or low.