Geoscience Reference
In-Depth Information
Table 8.3
Asset Impact/Criticality Rating Criteria
Criticality Level
Description
Rating Scale (%)
Critical
Indicates that compromise of the asset
would have grave consequences
leading to loss of life or serious injury
to people and disruption of the
operation of the energy facility. It is also
possible to assign a monetary value or
some other measure of criticality.
75-100
High
Indicates that compromise of the asset
would have serious consequences that
could impair continued operation of
the energy facility.
50-75
Medium
Indicates that compromise of the asset
would have moderate consequences
that would impair operation of the
energy facility for a limited period.
25-50
Low
Indicates little or no impact on human
life or the continuation of the operation
of the energy facility.
1-25
to which the asset is protected against each threat identified in Step 3. In Table 8.5,
a quantitative vulnerability rating scale of 0% to 100% is used, which corresponds
to qualitative vulnerability levels of critical, high, medium, and low.
Step 6: Identify Mitigation Options, Costs, and Trade-Offs
The ultimate goal of a risk management process is to select and implement security
improvements to achieve an acceptable overall risk at an acceptable cost. Step 5 of
the risk management process prioritizes the combinations of assets and threats by
the risk ratings or risk levels. This, in turn, helps to identify where protective mea-
sures against risk are most needed.
In this step, potential measures to protect critical assets from recognized threats
are identified, specific programs to ensure that appropriate protective measures are
put in place are established, and appropriate agencies and mechanisms needed to
put protective measures in place are identified. Protective measures that can address
more than one threat or undesirable event should be given special attention.
A variety of approaches to developing protective measures exists. Protective
measures can reduce the likelihood of a failure due to an attack by adding physi-
cal security. Protective measures can also be implemented to prevent or limit the
