Security Vulnerability Assessments and Regulations
Prior to beginning work on this discussion read Chapter 7 and Chapter 8 in Radvanovsky (2013) and Chapter 6 in Sylves (2015).
Review the Presidential Policy Directive -- Critical Infrastructure Security and Resilience
The oversight of critical infrastructure protection and assurance has three competing demands:
the public demand for the service or good
the corporate demand for return on investment
the government demand for ensuring that there is a balance between the public and corporate demands.
The government is accountable for regulating the competing demands of the general public's demand for the delivery of services and goods that do not infringe on their safety, security, or economic well-being, while allowing the corporation the ability to make a profit in delivering those goods and services.
A security vulnerability assessment (SVA) is a systematic examination of networks that determines the adequacy of security measures, identifies security deficiencies, provides data to predict the effectiveness of proposed security measures, and confirms the adequacy of the measures after implementation.
SVA is another term for assessing risks and vulnerabilities. Regulations are especially necessary for governance of major relationships among international, national, and industrial standards.
Regulations are often viewed as intrusive and enforcing and thus, regulations are constantly being examined and re-examined by the private sector, special interest groups, and individuals to determine if the regulation or legislation can be used to gain advantage in this competitive environment.
For this discussion, locate regulations and resources of one of the sixteen infrastructure sectors that is a Department of Homeland Security (DHS) sector-specific agency (SSA).
In reviewing the critical infrastructure regulations and resources (available through the DHS website or through links provided therein), address the following elements:
Explain the concepts of risk assessment and risk analysis to your chosen DHS SSA.
Analyze the recognition of real and perceived threats and the management of risk to your chosen DHS SSA.
Examine the types of information for each step a SVA would include on your chosen DHS SSA.
Analyze the competing demands of your chosen DHS SSA.