Hlsc 720-discussion 2-reply 1 | HLSC 720 – Critical Infrastructure: Vulnerability Analysis and Protection | Liberty University

The thread must be a minimum of 250 words. MINIMUM OF TWO SOURCES BESIDES THE TEXTBOOK. Must cite at least 2 sources in addition to the Bible.

TEXTBOOK: Bennett, B. T. (2018). Understanding, assessing, and responding to terrorism: Protecting critical infrastructure and personnel (2nd ed.). Hoboken, NJ: John Wiley & Sons, Inc. ISBN: 9781119237785.

**FRANK**

Critical infrastructure analysis, evaluation, and emergency response ultimately depend upon its established risk assessment, weighing the value of attack versus potential target vulnerability (Bennett, 2018). Bennett (2018) defines risk as, “a quantified measure of the possibility that a critical asset will suffer some degree or harm or loss” (Bennett, p. 203, 2018). Risk in its simplest form is a combination of three elements, when discussing critical infrastructure, a threat toward the asset, any potential asset vulnerabilities, and the resulting consequences of an attack (Bennett, 2018). Liu & Song (2020) expanded upon this intentionally simplistic risk definition by including cyber networks, big data, and telecommunications, encompassing risk assessment into the virtual arena. Risk, increasingly, has moved beyond physical planning for actual critical infrastructure response and into server management or cyber security (Liu & Song, 2020). Quantitative/Qualitative                Determining a true number to categorize risk based on mathematical calculations which weigh a combination of risk-related elements briefly describes quantitative risk analysis (Bennett, 2018). An essential aspect of quantitative risk analysis is the establishment of an actual numerical value, allowing for a comparative scale between multiple critical infrastructures across America (Lyu et al., 2019). For example, if all libraries with open access were garnering a 3 on the risk scale, a library with partial open access and metal detectors would be anointed a 2 on the risk scale, assuming the top is a higher risk (Lyu et al., 2019). If a potential threat was intended upon using explosive devices in each library, and each library had 50 employees, then the mitigated difference between potential losses, determined from security differences, from the first to the second library would establish its quantitative risk rating (Bennett, 2018). Critical Infrastructure and its individualization denotate specific elements which increase or decrease their overall risk assessment number, thereby, creating a quantitative risk assessment (Lyu et al., 2019).             Qualitative risk analysis, on the other hand, utilizes a matrix developed from an event-descriptive scalable table exploring the ratio of hazard likelihood versus consequences (Bennett, 2018). Although expansive, innately more complex and time-consuming qualitative risk analysis is implemented more frequently in America, particularly because it identifies changeable weak points (Bennett, 2018). For example, Zimek & Hromada (2020) reviewed several consumer malls and shopping centers across the world utilizing a lens of qualitative risk analysis. The research indicated that reducing varying access points across the facilities could prevent terrorists’ easy access, limiting the ease by which the attack could be carried out (Zimek & Hromada, 2020). Eventually, Zimek & Hromada (2020) determining multiple entrances, exits, and hallways should be locked or sealed to the general public, utilizing qualitative risk to improve upon weaknesses. Comprehensive Risk/Worst Case Scenario             Ascertaining the prominent factors in risk requires a renewal of priorities, it appears the classic doomsayers or worst-case scenario planners can, at times, prompt more action, however, operating within this theoretical full-scale disaster mode often results in unrealistic expectations upon businesses or public entities (Bennett, 2018). For example, if every military base, law enforcement agency, or private hard target critical infrastructure attempted to incorporate anti-missile technology, preventing nuclear attacks, the resulting cost and time expended would be inconceivable (Gao & Deng, 2019). Therefore, researchers like (Gao & Deng) argue for a more achievable risk assessment methodology, utilizing a comprehensive risk matrix to guide America, and other world superpowers, toward affordable, achievable, and plausible risk-based responses and changes.            Levels of Analysis             Layers of analysis must exist within a comprehensive risk assessment, identifying the value of an asset through evaluation becomes paramount to this process (Bennett, 2018). For example, a large urban police station and a small town hall have completely different levels of value, and corresponding risk assessment metrics (Bennett, 2018). The assets’ portfolio or services provided needs to be weighed amongst its relative value, the urban police station keeps hundreds of thousands of people safe, while the town hall is responsible for executive and clerical decisions regarding tens of thousands of people (Gao & Deng, 2019). When viewing the differences between the two targets in this light it becomes easy to determine a comparative system-level assessment, hopefully, placing funds, personnel, and resources in the proper track (Bennett, 2018).             The allocation of resources versus risk management, assessment, and analysis empowers many of God’s passages and messages, “For God gave us a spirit not of fear but of power and love and self-control” (English Standard Version, 2001/2016 2 Timothy 1:7).        References Bennett, B. (2018). Understanding, Assessing and Responding to Terrorism. John Wiley & Sons, Inc. Hoboken, NJ. English Standard Version. (2016). Bible hub. Retrieved from https://biblehub.com (Original work published 2001). Gao, S., & Deng, Y. (2019). An Evidential Evaluation of Nuclear Safeguards. International Journal of Distributed Sensor Networks. https://doi.org/10.1177/1550147719894550    Liu, W., & Song, Z. (2020). Review of Studies on the Resilience of Urban Critical Infrastructure Networks. Reliability Engineering & System Safety. 193. https://doi.org/10.1016/j.ress.2019.106617   Lyu, X., Ding, Y., & Yang, S. (2019). Safety and Security Risk Assessment in Cyber-Physical Systems. IET Cyber-Physical Systems: Theory & Applications. 4(3). https://doi.org/10.1049/iet-cps.2018.5068   Zimek, O., & Hromada, M. (2020). Risk Analysis of Selected Soft Targets. SGEM. 2(1).             https://doi.org/10.5593/sgem2020/2.1/s07.037