Risk Analysis
- The main purpose of this chapter is to present the content of the book, in terms of risk analysis process by guiding the readers from the fundamental principles to the complex processes and by evaluating the approved methods of risk assessments. The chapter highlights various technical tools of risk assessment, the risk analysis elements, the skills required for risk analysis and the selection of countermeasures in terms of theory and practice (Norman, 3).
- The key question addressed in this chapter regards the basis for the appropriate countermeasures or economic counter measures in the process of risk analysis. The question relates to the security programs that should be employed by organizations after the establishment of reliable methods of risk assessment and security policies that can support the programs so as to attain coordinated countermeasures (Norman, 4).
- The context of this chapter is the economic, social and political background which the author uses to explore the issue of risk analysis, evaluation and countermeasures. The chapter compares the risk analysis process adopted by the non-governmental organizations and militaries and those adopted by the profit oriented organizations in an increasingly volatile world. The chapter uses the author’s background in the discussion of the countermeasures employed by organizations, the challenges and benefits of such measures (Norman, 5).
- The most important information in this chapter includes the qualitative and quantitative data from the various studies to conclude that most organizations fail in the adopting of security analysis programs and measures. Information from study carried out in California on critical thinking indicates that curricula of 28 private and 38 public universities see the skill as honorific phrase in many educators’ minds. The chapter also provides the rationale for reading the whole text with the promise for the reader that the knowledge they obtain conform to the requirements of United States Department of Homeland Security (Norman, 5).
- The main points of view in the chapter is that countermeasures are often poorly conceived so as to protect the firms against assumed risks and for which no empirical that to support them. Many organizations see themselves unable to fund risk assessment hence their security programs are based wholly on one individual’s ill-advised judgments (Norman, 3).
- The major assumptions underlying the reasoning in this chapter is that many popular methodologies for risk assessment offer poor services to clients and that any methodology that fails to include all risk elements is inadequate and hence cannot provide successful risk mitigation. Another assumption is that checklists for risk analysis are most of the time used by individuals with limited understanding of the potential threats (Norman, 11).
- The key concepts in this chapter includes asset characterization that involves understanding and describing the assets in the organizations; threat identification that involves understanding and describing the threats faced by the organization’s assets; consequence analysis that involves understanding and describing the assets’ role to the organization’s mission; vulnerability analysis which relates to understanding and expressing the extent to which assets are vulnerable. The other concepts includes threat assessment that relates to understanding how the assets are viewed by the threat actors; risk assessment where risks are expressed in calculation forms ; risk prioritization where most significant risks are mitigated first and the least ones mitigated last; risk management involves providing countermeasures recommendations for the mitigation of the risks(Norman, 14).
- The alternative considered in chapter is a matrix for decision making which can help in achieving consensus on the right countermeasures solution in case of few ideas or existing options are contentious (Norman, 16).
- The main interpretation of this chapter is that any risk analysis should lead to the recommendation of countermeasures that can provide a basis for the position that risk mitigation can happen at cost which organization’s operations can afford (Norman, 11).
- If the author’s line of reasoning is taken seriously, the implications and consequences are that organizations can implement security programs that based on factual judgments and risk mitigation approaches can be successful
If the author’s line o reasoning is not taken seriously, the firms would adopt security programs or countermeasures based on individual ill-advised judgments and the resulting risks implications cannot explain the foregone cost.
Work cited
Norman L. Thomas . Risk Analysis and Security Countermeasure Selection. CRC Press. 2009.3-18