Vulnerabilities

The next critical assessment component is to measure your vulnerabilities, described previously as the evaluation of the organization’s assets and determination of how susceptible those assets are to attack. As you evaluate the specific and general threats that have developed and the capability of those associated with the threats to attack you, evaluate your assets to determine how vulnerable your assets are to attack and document the findings (Figure 14.1). For example, chain-link fences and padlocks on a remote unmanned location without any means to receive or monitor alarms or any camera systems to view the location make the location more vulnerable than a manned site with analytic video camera systems monitored by a 24-hour central alarm station. The key questions for the vulnerability component are the following: What are we going to protect? How are we protected now? How would we attack us? How can risk to operations be minimized? Vulnerability assessments of critical assets cross from the human factor to include the possibility of harm from weather events or natural disasters. The critical asset must be looked at from every angle, human and natural, for protection.