All hazards approach for assessing readiness of critical infrastructure

This paper first points out the ineffectiveness of current security assessment methods that only focus on one aspect of security at a time. Organizations typically conduct a cyber security assessment that only looks at the IT-related assets, or may hire a physical security firm to review the physical security aspects of their facility. Seldom is an approach used that reviews all critical components of an effective security program at the same time. Core information and technical systems that power critical infrastructure rely on more than just cyber security for safe and reliable operations. The paper then describes several key aspects of an infrastructure protection program, and provides a methodology for performing an all-hazards approach for analyzing the readiness of the system to withstand multiple types of threats, both internal and external.