The requirement for this assignment is to conduct a risk assessment of a real or fictional facility or building. by using the process,in the FEMA model outlined in the FEMA publication, Risk Assessment, Risk Assessment: A How-to Guide to Mitigate Potential Terrorist Attacks Against Buildings. Your paper will consist of an explanation of each step of the process as it relates to the facility of your choice. The process consists of the following steps:
threat identification and rating
asset value assessment
vulnerability assessment
risk assessment
consider mitigation optionsIn addition to the above rubric, I will be using the following questions as a guide to determine if the major concepts of a basic risk assessment were comprehended.
Was the assignment turned in ontime?
Was the FEMA Risk Assessment Process utilitized?
Was the assignment professionally formatted? (Spelling, Grammer, Cover Page, Acronym Page, Definitions, Proper citation, etc)Threat Identification and Rating (or Ranking)
Were all (or the majority) threats identified and rated?
Was the methodology on how the information was collected discussed?
Were the primary threats discussed and scored?
Was the threat rating determined for each of the threats and rank?
Was a Risk Assessment Matrix included?
Did they define what acceptable risk was?
Did they use the FEMA provided Worksheet?Asset Value Assessment:
Did they ID the layers of the facilities defense? (the 3 layers)
Did they ID the critical assets? Did they group them by defense layers?
Did they ID the buildings core functions and infrastructure? Did they represent it with a chart by layers v. threats?
Did they determine the asset value rating?
Did they discuss what level of protection their facility fell into?
Did they look at the probability and severity of each threat as it relates to their facility? How did they achieve this? (SMEs, History, Modeling, etc)
Did they define the methodology used to place a value on the facilities assets.Vulnerability Assessment:
Did they discuss organizing resources to prepare for the assessment? (Assessment Team Members, Assessment Detail Tier)
Did they evaluate the site and building? What methodology did they use? (Meetings, Tours, Document Review, Procedure Review, Tiered Assessment, Data Gap Analysis, etc)
Did they prepare a vulnerability portfolio? (Assessment Checklist, Assessment Database)
Did they determine the vulnerability rating? (Redundancy, Vulnerability Definition and Rating, Was provided worksheet used?)Risk Assessment:
Did they prepare the Risk Assessment Matrices? ID and Determine the Threat Rating, Rate the Asset Value, Critial Functions Asset Value, Critical Function Threat Ratings, Critical Functions Vulnerability Rating,
Did they determine the Risk Ratings? (Risk= AssetValuexThreat RatingxVuln. Rating, How did they determine Low Risk v. High Risk)
Did they prioritize observations in the Building Vulnerability Assessment Checklist?Consider Mitigation Options:
Did they Identify the preliminary mitigation options? (Regulatory Measures, Strengthen Existing Structures, Protective and Control Measures, Preventing/Delaying/Lowering affects of an attack, Deter/Detect/Deny/Devalue, etc)
Did they Review mitigation options? (Political Support, Acceptance, Cost, Benefit, Authority, Impact, Ease of Implementation, Funding to Maintain, Short-term/Long-term Benefits)
Did they estimate the cost of implmenting the mitigation options? (Life cycle costs, setting priorities, Benefit/Cost Ratio, etc.). Did they show how the mitigation options lowered the risk to the facility (probability or severity)? Did they look at the probability and severity of each threat as it relates to their facility? How did they achieve this? (SMEs, History, Modeling, a Combination, etc)
Did they review mitigation, cost, and the layers of defense?