Security Risk Management

After reading this chapter, students are expected to achieve an understanding of:

What security risk management is How security risk management works What strategic, functional, and operational risks are How security risk is mitigated How productivity, security compromise, and recovery work together How ALE works How the Naval Safety Center risk management process works Understand how the ABLE risk methodology works Understand how asset analysis works Understand how threat analysis works Understand how security control analysis works Understand how to compute ABLE values Understand how to assess effects of threats on productivity Understand how to compute life-cycle security risks Understand how to compute annual security risks Understand how to compute present security risks Understand how to compute discounted security risks for long risk

life cycles

7.1 Introduction This chapter is mainly concerned with security risk management. We will discuss several security analysis methodologies, for example, ABLE and ALE. The ALE methodology and our new ABLE methodology are presented later in this chapter. Before we do so, however, we need to discuss several issues related to security risk, including strategic, functional, and operational risk management. Because operational management deals with day-to-day business matters, we will also present operational risk management. Even though the operational risk management approach adopted by the Naval Safety Center that we present here applies to military personnel, it is also very effective in risk management for any business or service organization.