Contrast of Security Threat Assessment and Risk Assessment When Countering Terrorism Attacks - Essay Example

Title: Student’s Name: Course: Course Code + Name: Instructor’s Name: University Name The threat of terrorism has grown to be very factual in the world as its levels keep on escalating. The negative effects of terrorism lead to long lasting impacts on the people it does strike. It destroys the economy of the country, results in the loss of lives, a population that is injured emotionally, physically and mentally. It has resulted in every nation coming up with measures to counter terrorist attacks in their country. The term counter-terrorism according to the National Strategy for Counterterrorism 2011, defines the term that refers to the incorporation of hard-power and soft-power tactics to inhibit the occurrence of terror attacks. It involves the sharing of intelligence information among the various law enforcements agencies, carrying out an intensive security risk assessment, security threat assessment and finally the formulation of progressive strategies. In this essay, the focus will be concentrated on the comparison and contrast of security threat assessment and risk assessment when countering terrorism attacks. Security threat and risk assessment are all geared towards determining the potential threats that can occur on security and formulation of ways to reduce the instance of surprise attacks. Secondly, they involve a series of steps that have to be conducted by professionals to ensure that all the aspects are intensively evaluated. In the society, we have people who are equipped with sufficient knowledge and can easily pinpoint the cracks within a security system that can make the area prone to terror attacks. Thirdly, in the industry, there is software that has been designed to make the process easier to carry out. As technology progress, the terrorist attacks are taking a myriad of shapes and becoming more complex to control. Currently, we have cyber terrorism attacks that can easily paralyze a nation through a click of a button. Fourthly, the implementation of the Security risk assessment and security threat assessment leads to uniform benefits for an organization or country. The first benefit is it tends to reduce the uncertainties. Secondly, it leads to improved corporate governance for the organization. Thirdly, it does lead to transparency in the organization on controlling risks and ensuring sustainability. Lastly, it does lead to optimization of resources and shaping of the operational activities (Campbell and Stamp, 2004). When evaluating security threats and risk assessment, the following vulnerabilities are quite evident. The vulnerabilities assessment falls into two categories which are the physical and operational levels. When carrying out the evaluation, the following steps have to be implemented they include; policies, training, security personnel and finally liability issues. From the second facet that is physical vulnerabilities, one needs to design barriers, electronic systems and lighting (Byres and Lowe, 2005). When the threat is identified to counter terrorism, the scenarios that brought about the incident have to be described, and judgement passed on the best way to control the threat that is facing the organization. According to Butler, (2002) and Carlson,(2005), the strategies that are employed to control the threat should not accelerate its vulnerability resulting in the escalation of the problem or issue at hand. Therefore in threat and risk assessment a formula is used to determine the probability of occurrence and the circumvention of the situation to ensure that the asset in question is protected. Later on, for effective control of the risk facing the assets, the risk has to be evaluated with respect to severity that often ranges from low, moderate and high ranges. The magnitude of the risk is then calculated and a progressive method employed to ensure that the scenario is prevented from taking place (Chittester and Haimes, 2004). In the case it is already occurring the diminishing effect does come into play to ensure that the confidential information and the lives of the parties are not compromised. At the end of the identification and assessments of the risks and threats, the integrity of the system and the process has to be maintained. The measurement of the risk is an integral point in its elimination. This risk measure is the whole point of the risk assessment(Campbell and Stamp, 2004). Therefore, it is a guide to the businesses as to the ways they can control the terrorist attacks that are escalating on a daily basis. The two approaches often force a business to accept the reality of risk. Security threat assessment is defined as any threat that does arise from natural and human sources that negatively affect the security sentiment, the interests and finally the choices available to the organization. However, the security risk assessment refers to the disruption of objectives achieved through risks originating from the prevalence of security threats in the industry (Aagedal, Den Barber, Dimitrakos, Gran, Raptis and Stolen, 2002). The natural factors are lighting, hurricane and tsunami while the human factors include internal threats are the former employees and current employees who lack integrity. They, therefore, have to be evaluated appropriately within the organization. On the other hand, the external threats include malicious events, hackers, and crackers, viruses, Trojans and worms. In literature the security threat assessment has the following techniques; application to Automated External Application Scanning, Automated Source Code Analysis, security threat assessment, Security Architecture Review, Manual Penetration Testing and, manual Security-Focused Code Review. Additionally, security risk assessment is more in-depth and covers a wider scope. Miller and Byres,(2005), state that the research papers that are present in the world today have focussed more on discussing the weaknesses that are present in control of the system they have abandoned the aspect of relative risk implementations of certain aspect within the risk assessment structure. All the various facets that have to be protected to prevent the reoccurrence of risk have to be identified on time; vulnerabilities that can easily transform into threats have to be evaluated. Then later on the policy or technology for counter-terrorism has to be implemented (Singer and Weiss, 2005). Haimes, Kaplan, and Lambert (2002) have developed the risk filtering, ranking and management method commonly referred to as RFRM that has clearly outlined the steps in security risk assessment. The steps are identification and value assets, threat identification, vulnerabilities identification, assess inherent risk, identification of controls, determine residual risk and finally feeding into the risk plan. The risk assessment frameworks are Operationally Critical Threat, Asset, and Vulnerability Evaluation commonly referred to as OCTAVE it was developed by Carnegie Mellon University and the second framework is the NIST risk assessment framework that was listed on the NIST special publication 800-30. The other risk frameworks are the ISACA's RISK IT this is part of the COBIT, and ISO 27005:2008. The OCTAVE is one of the most prominent risk assessment frameworks. It is present in three different sizes. The first one is the heavyweight that has sufficient documentation and is often used by organizations that are big. The second one is the OCTAVE-S it was created for smaller corporations where they have fewer people and limited use of technology( Haimes et al.,2005). In this the risk assessment framework it is easier to work on when employing progressive measures. Regarding security threat assessment, the following frameworks are employed the technical security testing, security process assessment and the security audit. The technical security testing often does entail the analysis of areas where the organization is highly prone to get attacked when a terror attack does occur. Later after identifying the areas policies are identifies with that effect to ensure that the threat does not occur (Aagedal,2002). The last aspect involves the evaluation and audit of the various aspects to eliminate any probability that the terror attack will occur. Security threat assessment concentrates more on analyzing the attackers’ resources. Analysing threats are essential in helping one to formulate specific security policies that are essential in the implementation of priorities in policies. Additionally, it leads to the comprehension of the various ways to implement needs on securing resources(Singer and Weiss, 2005). Contrariwise risk assessment concentrates more on the analysis of the potential of one’s resources to be exposed to the occurrence of various attacks to the resources of the country. It determines the potential security breaches to tackle at the current moment rather than later. It does focus on the analysis of the cost and the probability of risk occurring (Marius, 2015). In conclusion, security threats assessments and security risk assessments are essential to ensuring that the terrorism reality is identified and regulated. The aspect of risk does come from the combination of various vulnerabilities that tends to harm an asset. The term asset refers to anything with a degree of value that is need of protection. With the rise of terrorism every single facet of the country and population is at risk of an attack, therefore, carrying out an assessment is paramount to security. Therefore, the employment of the counter-terrorism does lead to the redemption of the situation hence creating at least a safer place. References Aagedal.J., Den Barber., Gran., D.., Raptis.K & Stolen., K.(2002). Model-based Risk Assessment to Improve Enterprise Security., Proceedings of the Sixth International Distributed Object Computing Conference. Butler.S.(2002). Security Attribute Evaluation Method: A Cost-Benefit Approach, Proceedings of the 24th International Conference on Software Engineering, Orland Florida. Byres.E & Lowe.J.(2004). The Myths and facts behind Cyber Security Risks for Industrial Control Systems. VDE Congress, Berlin. Campbell, P. L., & Stamp, J. E. (2004). A classification scheme for risk assessment methods. The United States. Department of Energy. Carlson.C.(2005).DHS to state its case to business.,eweek.Issue 42. Chittester,G.,C & Haimes,Y.(2004). The risk of Terrorism to Information Technology and Critical Interdependent Infrastructure. Journal of Homeland Security and Emergence Management. Vol., Issue 4,2004, article 402. Haimes.Y.YKaplan.S & Lambert.J.H.,(2005). Risk Filtering, Ranking, and Management Framework usng Hierarchial Holographic Modelling.Risk Analysis. Miller.D & Byres.(2004). The Use of Attack Tress in Assessing Vulnerabilities in SCADA Systems.International Infrastructure Survivability Workshop.IEEE, Lisbon,Portugal Read More