the vulnerability continuum
play

The Vulnerability Continuum Prescriptive Assets Method - PowerPoint PPT Presentation

Mar 09, 2023 •41 likes •191 views

Malcolm Baker Jeremy Edwards Robert Rodger Kevin Thompson Jonathan Scott The Vulnerability Continuum Prescriptive Assets Method Neutralisation Analysis Qualitative Threats Method Table-top Exercises Adversary Vulnerability Sequence

  1. Malcolm Baker Jeremy Edwards Robert Rodger Kevin Thompson Jonathan Scott The Vulnerability Continuum Prescriptive Assets Method Neutralisation Analysis Qualitative Threats Method Table-top Exercises Adversary Vulnerability Sequence and Risks Diagrams Live Play Exercises Protection Pathway System Models Conclusions Modelling Systematic and Approach Simulation

  2. Assets What are you trying to protect (what are the possible targets)? • People • Nuclear Material • Other Radioactive Materials • Structures, Systems and Components

  3. Threats Design Basis Threat Potential Malicious Adversarial Scenarios Capabilities Forces

  4. Vulnerability and Risks Adversary Response

  5. Physical Protection System (PPS) • Designed to address vulnerabilities and manage risk • Assessment can be difficult Subjective • Many methods • • When is it “good enough?” Image Credit; Tom Olzak (TechRepublic)

  6. Systematic Approach Information, Assessment, Decision and Process Categorise Assets for Theft and Sabotage Identify requirements for:  Delay;  Detect;  Assess;  Control of Access; and  Insider Mitigation Design including Performance Specification Vulnerability Assessment

  7. Prescriptive Methods Checklist approach (NSS11, Appendix 4)  Very simple  No expertise required  Quick and Inexpensive  Repeatable Image Credit; Wikimedia Commons  Can include non-quantitative aspects (Security Management etc.) Χ No quantification Χ Is that equipment good enough? Χ No scoring – pass or fail “So you have a gate?”… Image Credit; Newgate UK

  8. Qualitative Methods Software Questionnaire (Automated Questionnaire with scoring)  Easy to use  No expertise required  Quick and Inexpensive  Repeatable  Can test non-quantitative aspects Image Credit; MISCW.com Χ Arbitrary quantification and scoring Χ Subjective (is that a 3 or a 4?)

  9. Adversary Sequence Diagrams  Customisable – can be simple or complex  Quantifies Delay vs. Response  Predominantly user driven  Route comparison/assessment  Understanding of PPS Image Credit; M. L. Garcia χ Data dependent χ No consideration of e.g. security management χ Transit delays difficult to reconcile χ Requires some expertise χ Takes longer than Prescriptive/Qualitative Image Credit; S Bassam

  10. Pathway Methods Simple Pathway  Customisable – can be simple or complex  Quantifies Delay vs. Response  Scenario based  Route comparison/assessment  Understanding of PPS χ Data dependent χ No consideration of e.g. security management χ Requires expertise χ Takes longer than Image Credit; IAEA NUSAM Prescriptive/Qualitative

  11. Modelling and Simulation Image Credit; Ares Corp Pathway/Scenario Tools (e.g. AVERT, Simajin)  Detailed pathway analysis  Highly quantitative  Thorough assessment of PPS  Repeatable  Modifiable Χ Expensive Χ Time consuming Χ Requires significant expertise Χ Needs high volume of data Χ No qualitative assessment Image Credit; Rhinocorps

  12. Neutralisation analysis (ConOps)  Customisable – can be simple or complex  Specialist input  Consideration of expected human responses  Consideration of security management  Understanding of PPS χ Potential for confirmation bias χ Requires significant expertise and knowledge χ Rarely accounts for human error

  13. Table-top Exercises  Customisable – can be simple or complex  Specialist input  Some consideration of expected human responses  Some consideration of security management  Understanding of PPS and response force  Easily re-run χ Potential for confirmation bias χ Requires some expertise and knowledge χ Rarely accounts for human error χ Force on Force interactions may benefit first action

  14. Live Play Exercises  Customisable – can be simple or complex  Specialist input  Consideration of expected human responses  Consideration of security management  Understanding of PPS and response χ Expensive to organise and run χ Potential for confirmation bias χ Requires significant expertise and knowledge χ Limited repeatability

  15. Conclusions There are many ways to assess the performance of Physical Protection Systems Each has their own strengths (cost, scope, schedule, detail) but also their own weaknesses (depth, coverage, completeness) Some require considerable investment in preparation for the assessment to maximise the value of the output No individual method will be all encompassing No method will ENSURE that the system will perform as expected when challenged for ‘Real’

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides
Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a significant shock that brings welfare below a socially accepted level (Khl, 2003) Vulnerability increases when there is uncertainty with respect to

529 views • 21 slides
Contents What is vulnerability? Why conduct vulnerability assessments? Defining

Contents What is vulnerability? Why conduct vulnerability assessments? Defining

6/19/2015 Vulnerability and Capacity Assessment Index (VCAI) for Climate Change Adaptation SVRK Prabhakar USAID ADAPT Asia-Pacific Presented at NABARD Training Workshop, Mumbai on 18 June 2015 Contents What is vulnerability? Why

705 views • 21 slides
Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Analysis and Food Aid W orking Group Chaired by W FP/ VAM Unit Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1 Overview 1 . Methodology of the VA 2 0 0 4 2 . Highlights of

703 views • 28 slides
Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and migration systems Purpose Intended to guide & inform frontline workers & decision makers on the relevance of vulnerability factors to

507 views • 19 slides
Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures Islamabad Pakistan Assessment and Vulnerability Assessment and Vulnerability Reduction Measures Reduction Measures adpc Asian Disaster

702 views • 46 slides
Continuum mechanics Ian Hewitt, University of Oxford hewitt@maths.ox.ac.uk Continuum mechanics A

Continuum mechanics Ian Hewitt, University of Oxford hewitt@maths.ox.ac.uk Continuum mechanics A

Continuum mechanics Ian Hewitt, University of Oxford hewitt@maths.ox.ac.uk Continuum mechanics A continuum approximation treats a material as having a continuous distribution of mass. It applies on scales much larger than inter-molecular

737 views • 38 slides
Introduction What is Disaster vulnerability? Vulnerability is the inability to resist a

Introduction What is Disaster vulnerability? Vulnerability is the inability to resist a

Vulnerability to Disasters: A Gendered Analysis on Water Availability and Livelihoods in Nadu Colony, Kovalam, Chennai, India Group No: 02 Sumaia Kashem Shreeya Lohani Shanmuga Priya. G Meththa Prabodhani Menike

834 views • 40 slides
Diode Pumped Solid State Lasers from Continuum New developments in DPSS Continuum Confidential

Diode Pumped Solid State Lasers from Continuum New developments in DPSS Continuum Confidential

Diode Pumped Solid State Lasers from Continuum New developments in DPSS Continuum Confidential The DPSS Line at Continuum A Broad Approach to Product Quality: Exacting Production Protocols Expanded Cleanroom Facilities Exacting

254 views • 9 slides
Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies with 1000+ web applications running Move to m -services architectures making things worse Huge shortage of skilled security engineers to

732 views • 48 slides
Continuum of Care: Population Management Presented by: Angelica Starkey RN, MSN and Steve

Continuum of Care: Population Management Presented by: Angelica Starkey RN, MSN and Steve

Continuum of Care: Population Management Presented by: Angelica Starkey RN, MSN and Steve Williams OUI 2015 The Continuum of Care What does it mean? The Continuum of Care as defined by HIMSS: Continuum of Care is a concept involving

428 views • 15 slides
The Maldives Population Distribution Vulnerability Indicators Vulnerability Indicators

The Maldives Population Distribution Vulnerability Indicators Vulnerability Indicators

The Maldives Population Distribution Vulnerability Indicators Vulnerability Indicators (excluding Male') Highest elevation 1.5m Population: 298,968 above sea level less than 1000 97% of all inhabited 59 % Total number of

357 views • 4 slides
1 Vulnerability in WPA2 Hole196 Hole196 Vulnerability in WPA2 Presenters: Anthony Paladino,

1 Vulnerability in WPA2 Hole196 Hole196 Vulnerability in WPA2 Presenters: Anthony Paladino,

1 Vulnerability in WPA2 Hole196 Hole196 Vulnerability in WPA2 Presenters: Anthony Paladino, Managing Director, Systems Engineering Dr. Kaustubh Phanse, Principal Wireless Architect Md. Sohail Ahmad, Senior Security Researcher Moderator: Della

314 views • 29 slides
Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability Life

Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability Life

Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability Life Cycle CSU Cybersecurity Center Computer Science Dept 1 1 Topics Vulnerability Life Cycle Vulnerability Discovery models 2 Vulnerability

805 views • 46 slides
Vulnerability of LDCs to Climate Change Lessons from a New Indicator of Physical Vulnerability to

Vulnerability of LDCs to Climate Change Lessons from a New Indicator of Physical Vulnerability to

Vulnerability of LDCs to Climate Change Lessons from a New Indicator of Physical Vulnerability to Climate Change Patrick GUILLAUMONT and Catherine SIMONET FERDI and CERDI, CNRS- Universit dAuvergne September, 2012 Introduction A growing

247 views • 23 slides
VULNERABILITY THEOLOGICAL FOUNDATIONS R OY H OWARD & S HELBY E THERIDGE H ARASTY S EPTEMBER

VULNERABILITY THEOLOGICAL FOUNDATIONS R OY H OWARD & S HELBY E THERIDGE H ARASTY S EPTEMBER

VULNERABILITY THEOLOGICAL FOUNDATIONS R OY H OWARD & S HELBY E THERIDGE H ARASTY S EPTEMBER 11, 2019 I want to start a global conversation about vulnerability, shame and courage. Bren Brown VULNERABILITY Comes from the Latin word

156 views • 13 slides
and Distributed Leadership Models Professor Gary E. Day Professor of Health Services Management

and Distributed Leadership Models Professor Gary E. Day Professor of Health Services Management

Clinical Networks and Distributed Leadership Models Professor Gary E. Day Professor of Health Services Management Pretext Successful implementation of integrated care models (as well as healthcare systems more generally) requires new

404 views • 12 slides
Racial Violence and White Supremacy Wicked Problem Analysis By: Kate, Jannessa, Isaiah, Melia,

Racial Violence and White Supremacy Wicked Problem Analysis By: Kate, Jannessa, Isaiah, Melia,

Racial Violence and White Supremacy Wicked Problem Analysis By: Kate, Jannessa, Isaiah, Melia, Michelle & Travis Introduction and Artistic Expression INTRODUCE THE PROBLEM Racial Violence: Harassment of or violence towards someone who

468 views • 23 slides
The IAEA International School of Nuclear and Radiological Leadership for Safety Objective,

The IAEA International School of Nuclear and Radiological Leadership for Safety Objective,

The IAEA International School of Nuclear and Radiological Leadership for Safety Objective, Concept, and Work to Date Presentation to the GNSSN Steering Committee Meeting 16 April 2018 Shahid Mallick Head, Programme and Strategy Coordination

282 views • 15 slides
WHO Checklist Its Value & Limitations e: academy@yhahsn.nhs.uk/ t: 01274 383926

WHO Checklist Its Value & Limitations e: academy@yhahsn.nhs.uk/ t: 01274 383926

Part of the Yorkshire & Humber AHSN WHO Checklist Its Value & Limitations e: academy@yhahsn.nhs.uk/ t: 01274 383926 www.improvementacademy.org Or visit our Academy Office: Bradford Institute for Health Research Temple Bank House /

592 views • 32 slides
Pedagogical Best Practices: Pedagogical Best Practices: The Power of Quizzing The Power of

Pedagogical Best Practices: Pedagogical Best Practices: The Power of Quizzing The Power of

Pedagogical Best Practices: Pedagogical Best Practices: The Power of Quizzing The Power of Quizzing Gordon Hodge Gordon Hodge University of New Mexico & University of New Mexico & The National Center for Academic Transformation The

386 views • 37 slides
CoRe Clinic Words Matter: Managing ourselves when giving or receiving feedback October 17, 2016

CoRe Clinic Words Matter: Managing ourselves when giving or receiving feedback October 17, 2016

CoRe Clinic Words Matter: Managing ourselves when giving or receiving feedback October 17, 2016 Julie Daum and Kari Boyle Ou Outline 1. Giving and Receiving Feedback the Basics 2. A very personal experience Julie 3. Discussion Th

391 views • 28 slides
Student Leadership and Involvement Rachel Howe: GEAR UP Coordinator, T emple University John

Student Leadership and Involvement Rachel Howe: GEAR UP Coordinator, T emple University John

Student Leadership and Involvement Rachel Howe: GEAR UP Coordinator, T emple University John Harris: GEAR UP Lead Coach, Benjamin Franklin High School Your Opinions and Feelings For Everyone: How do you feel when you need to talk to a

328 views • 14 slides
Competition, choice and consumers National Energy Efficiency Conference, 2017 Paul Harrison, PhD

Competition, choice and consumers National Energy Efficiency Conference, 2017 Paul Harrison, PhD

28/11/17 Competition, choice and consumers National Energy Efficiency Conference, 2017 Paul Harrison, PhD Director Centre for Employee and Consumer Wellbeing Deakin Business School IAmPaulHarrison 1 28/11/17 1. Understand people What

180 views • 6 slides

More recommend