Geoscience Reference
In-Depth Information
Table 8.5
Vulnerability Rating Criteria
Vulnerability
Level
Description
Rating Scale (%)
Critical
Indicates that there are no effective
protective measures currently in place and
adversaries would be capable of exploiting
the critical asset.
75-100
High
Indicates that although there are some
protective measures in place, there are
still multiple weaknesses through which
adversaries would be capable of exploiting
the asset.
50-75
Medium
Indicates that there are effective
protective measures in place; however,
one weakness does exist that adversaries
would be capable of exploiting.
25-50
Low
Indicates that multiple layers of effective
protective measures exist and essentially
no adversary would be capable of
exploiting the asset.
1-25
◾
Security measures—such as traffic filtering, authorized controls, encryption
and access controls, minimizing or disabling of unnecessary services and
commands, minimizing banner information, and e-mail filtering and virus
control—should be implemented.
◾
A formal process for accessing relevant threat information and for contacting
the proper government and law enforcement agencies should be instituted
(if it does not already exist), and reviewed and updated on a regular basis.
The energy facility may need to work with the government to obtain security
clearances for appropriate personnel.
◾
Appropriate security measures (e.g., access controls, barriers, badges, intru-
sion detection devices, alarm reporting and display, CCTV cameras, commu-
nication equipment, lighting, and security officers) should be implemented.
◾
Top management support is critical in ensuring a successful security program.
◾
Security training programs should be formalized.
◾
Procedures for escorting contractors and visitors into sensitive areas should be
enhanced and enforced.
◾
Security should be incorporated in the company goals as well as in its corpo-
rate culture.
◾
The foundation for security is well-informed employees acting responsibly.
