Vulnerability

It is important to notice the interpenetration of building, equipment, personnel, and activity in the foregoing list, thus linking the human factor to the physical facilities. To identify a weakness in a building, then, may also mean identifying a human weakness in respect of building and/or operational use. That is how Roper gets from consideration of physical characteristics of an organization's premises to categories of vulnerability that may appeal to an adversary.

Bearing in mind that Roper envisions a technology-driven, state-of-the-art physical plant that is guarded with government-level security personnel or physical protections, it is possible nevertheless to recognize that within each category of vulnerability, specific evaluations of the current strength position of any facility are required. The first category consists of physical vulnerabilities, which relate to such issues as the perimeters and security features thereof, such as alarms, cameras, ingress and egress sites such as docks, parking, fences, and the like. Technical vulnerabilities refer to high-end operational technology; Roper cites acoustic equipment, secure phones, and radio equipment.
In the matrix, the far right column, "overall risk," represents the final determination of risk based on the ratings compiled on each category of critical assets in an organization. Based on the overall risk assessment, the risk manager can then proceed to assess whether the risk that has been identified is "acceptable," given the level of security-related mitigation already in place and the priority that may be assigned of the process of further mitigation of the threats and vulnerabilities. Where the greatest overall risk has been identified is where the most important countermeasures and the most extensive resources will be deployed. Further, it is important to estimate how much impact an attack may have, how high-level a threat is, and how a vulnerability to an asset can be rated in terms of the interplay of impact, threat, and vulnerability, not in terms of each element individually. For only by collapsing or as it were factoring the discrete elements of risk into each other can a true "big-picture" estimate of risk be established. And only when one has the big picture can it be determined whether the organization is able to bear the risks so identified.

Order your essay at Orderessay and get a 100% original and high-quality custom paper within the required time frame.