Security Risk Assessment and Management: A Professional Practice Guide for Protecting Buildings and Infrastructures / Edition 1

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $23.24
Usually ships in 1-2 business days
(Save 78%)
Other sellers (Hardcover)
  • All (12) from $23.24   
  • New (7) from $40.65   
  • Used (5) from $23.24   


Proven set of best practices for security risk assessment and management, explained in plain English

This guidebook sets forth a systematic, proven set of best practices for security risk assessment and management of buildings and their supporting infrastructures. These practices are all designed to optimize the security of workplace environments for occupants and to protect the interests of owners and other stakeholders. The methods set forth by the authors stem from their research at Sandia National Laboratories and their practical experience working with both government and private facilities.

Following the authors' step-by-step methodology for performing a complete risk assessment, you learn to:

  • Identify regional and site-specific threats that are likely and credible
  • Evaluate the consequences of these threats, including loss of life and property, economic impact, as well as damage to symbolic value and public confidence
  • Assess the effectiveness of physical and cyber security systems and determine site-specific vulnerabilities in the security system

The authors further provide you with the analytical tools needed to determine whether to accept a calculated estimate of risk or to reduce the estimated risk to a level that meets your particular security needs. You then learn to implement a risk-reduction program through proven methods to upgrade security to protect against a malicious act and/or mitigate the consequences of the act.

This comprehensive risk assessment and management approach has been used by various organizations, including the U.S. Bureau of Reclamation, the U.S. Army Corps of Engineers, the Bonneville Power Administration, and numerous private corporations, to assess and manage security risk at their national infrastructure facilities. With its plain-English presentation coupled with step-by-step procedures, flowcharts, worksheets, and checklists, you can easily implement the same proven approach and methods for your organization or clients. Additional forms and resources are available online at

Read More Show Less

Editorial Reviews

From the Publisher
"Used by government and private corporations, it sets forth a systematic, proven set of best practices for security risk assessment and management of both buildings and their supporting infrastructure." (; 11/7/07)
Read More Show Less

Product Details

  • ISBN-13: 9780471793526
  • Publisher: Wiley
  • Publication date: 3/23/2007
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 384
  • Sales rank: 1,567,925
  • Product dimensions: 9.21 (w) x 6.14 (h) x 0.88 (d)

Meet the Author

BETTY E. BIRINGER is currently the manager of the Security Risk Assessment Department at Sandia National Laboratories. She has developed security risk assessment methodologies for dams, high-voltage electric power transmission, chemical facilities, communities, and energy infrastructures that connect the gas industry to the electric power grid. She previously managed projects for the Office of Counterintelligence, where she developed a risk method to address the insider threat.

RUDOLPH V. MATALUCCI, PhD, PE, is a retired Lieutenant Colonel in the United States Air Force and President of Rudolph Matalucci Consultants, Inc. Prior to starting his consulting firm, Dr. Matalucci was a project engineer/manager for Sandia National Laboratories, where he directed numerous risk-related projects for the Department of Energy, the Department of Defense, several other government agencies, and private organizations. He has developed, validated, implemented, and taught risk assessment methodologies for dams/locks/levees, electric power generation/transmission facilities, buildings, and other infrastructures.

SHARON L. O'CONNOR is a Principal Member of the Laboratory Staff in the Security Systems and Technology Center at Sandia National Laboratories. For the last ten years, she has supported Architectural Surety© and security risk assessment work. Her baccalaureate degree is from the University of New Mexico.

Read More Show Less

Table of Contents

1. Security Risk Assessment and Management Process.

1.1 Introduction.

1.2 Security Risk Equation.

1.3 Security Risk Assessment and Management Process.

1.3.1 Facility Characterization.

1.3.2 Threat Analysis.

1.3.3 Consequence Analysis.

1.3.4 System Effectiveness Assessment.

1.3.5 Risk Estimation.

1.3.6 Comparison of Estimated Risk Levels.

1.3.7 Risk Reduction Strategies.

1.4 Presentation to Management.

1.5 Risk Management Decisions.

1.6 Information Protection.

1.7 Process Summary.

1.8 References.

1.9 Exercises.

2. Screening Analysis.

2.1 Introduction.

2.2 Screening Analysis Methods.

2.3 Summary.

2.4 References.

2.5 Exercises.

3. Facility Characterization.

3.1 Introduction.

3.2 Undesired Events.

3.3 Facility Description.

3.3.1 Physical Details.

3.3.2 Cyber Information System.

3.3.3 Facility Operations.

3.3.4 Security Protection Systems.

3.3.5 Workforce Description.

3.3.6 Restrictions, Requirements, Limitations.

3.4 Critical Assets.

3.4.1 Generic Fault Tree.

3.4.2 Identifying Critical Assets.

3.5 Protection Objectives.

3.6 Summary.

3.7 References.

3.8 Exercises.

4. Threat Analysis.

4.1 Introduction.

4.2 Sources of Threat Information.

4.2.1 Local and State Sources.

4.2.2 National Sources.

4.3 Adversary Spectrum.

4.4 Adversary Capability.

4.5 Threat Potential for Attack.

4.5.1 Outsider Threat.

4.5.2 Insider Threat.

4.6 Summary.

4.7 References.

4.8 Exercises.

5. Consequence Analysis.

5.1 Introduction.

5.2 Reference Table of Consequences.

5.3 Consequence Values for Undesired Events.

5.4 Summary.

5.5 References.

5.6 Exercises.

6. Asset Prioritization.

6.1 Introduction.

6.2 Prioritization Matrix.

6.3 Summary.

6.4 References.

6.5 Exercises.

7. System Effectiveness.

7.1 Introduction.

7.2 Protection System Effectiveness.

7.2.1 Adversary Strategies.

7.2.2 Physical Protection System Effectiveness.

7.2.3 Cyber Protection System Effectiveness.

7.3 Summary.

7.4 References.

7.5 Exercises.

8. Estimating Security Risk.

8.1 Introduction.

8.2 Estimating Security Risk.

8.2.1 Conditional Risk.

8.2.2 Relative Risk.

8.3 Summary.

8.4 References.

8.5 Exercises.

9. Risk Reduction Strategies.

9.1 Introduction.

9.2 Strategies for Reducing Likelihood of Attack.

9.3 Strategies for Increasing Protection System Effectiveness.

9.3.1 Physical Protection System Upgrades.

9.3.2 Cyber Protection System Upgrades.

9.3.3 Protection System Upgrade Package(s).

9.4 Strategies for Mitigating Consequences.

9.4.1 Construction Hardening.

9.4.2 Redundancy.

9.4.3 Optimized Recovery Strategies.

9.4.4 Emergency Planning.

9.5 Combinations of Reduction Strategies.

9.6 Summary.

9.7 References.

9.8 Exercises.

10. Evaluating Impacts.

10.1 Risk Level.

10.2 Costs.

10.3 Operations/Schedules.

10.4 Public Opinion.

10.5 Other Site-Specific Concerns.

10.6 Review Threat Analysis.

10.7 Summary.

10.8 References.

10.9 Exercises.

11. Risk Management Decisions.

11.1 Introduction.

11.2 Risk Assessment Results.

11.2.1 Executive Summary.

11.2.2 Introduction.

11.2.3 Threat Analysis.

11.2.4 Consequence Analysis.

11.2.5 System Effectiveness Assessment.

11.2.6 Risk Estimation.

11.2.7 Risk Reduction Strategies and Packages.

11.2.8 Impact Analysis.

11.2.9 Supporting Documentation.

11.2.10 Report Overview.

11.3 Risk Management Decisions.

11.4 Establish Design Basis Threat (DBT).

11.5 Summary.

11.6 References.

11.7 Exercises.

12. Summary.

12.1 Facility Characterization.

12.2 Threat Analysis.

12.3 Consequence Analysis.

12.4 System Effectiveness Assessment.

12.5 Risk Estimation.

12.6 Comparison of Estimated Risk Level to Threshold.

12.7 Risk Reduction Strategies.

12.8 Analysis of Impacts Imposed by Risk Reduction Upgrade Packages.

12.9 Presentation to Management.

12.10 Risk Management Decisions.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)