Incident Class |
SLE |
ALE |
% of total ALE |
Direct Loss, Cash |
$0. |
$0. |
0.0% |
Disruption, Cash |
$0. |
$0. |
0.0% |
Direct Loss, Construction Equipment |
$0. |
$0. |
0.0% |
Direct Loss, Controlled Substances |
$0. |
$0. |
0.0% |
Direct Loss, Evidence |
$0. |
$0. |
0.0% |
Direct Loss, Facilities/Building |
$0. |
$0. |
0.0% |
Direct Loss, Gold/Silver Gems |
$0. |
$0. |
0.0% |
Direct Loss, Intangibles |
$0. |
$0. |
0.0% |
Figure 13.22
3.2.23Flooding/Water Damage - AFE: 0.05
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Direct Loss, Cash |
$0. |
$0. |
0.0% |
Disruption, Cash |
$0. |
$0. |
0.0% |
Direct Loss, Controlled Substances |
$0. |
$0. |
0.0% |
Direct Loss, Evidence |
$0. |
$0. |
0.0% |
Direct Loss, Gold/Silver Gems |
$0. |
$0. |
0.0% |
Direct Loss, Intangibles |
$0. |
$0. |
0.0% |
Figure 13.23
3.2.24Homicide - AFE: 0.04
The various incident classes associated with this threat are shown in the following table:
There are no incidents associated with this threat.
3.2.25Kidnapping - AFE: 0.02
The various incident classes associated with this threat are shown in the following table:
There are no incidents associated with this threat.
3.2.26Power Loss - AFE: 2.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
||
Intangibles, |
Business Market Share |
$0. |
$0. |
0.0% |
|
Direct Loss, |
Business Market Share |
$0. |
$0. |
0.0% |
|
Direct |
Loss, |
Ammunition/Explosives |
$0. |
$0. |
0.0% |
Direct |
Loss, |
Aircraft |
$0. |
$0. |
0.0% |
Figure 13.26
3.2.27Riot/Civil Disorder - AFE: 0.10
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Disruption, Communications Equipment |
$0. |
$0. |
0.0% |
Figure 13.27 |
|
|
|
3.2.28Robbery - AFE: 1.00
The various incident classes associated with this threat are shown in the following table:
There are no incidents associated with this threat.
3.2.29Sabotage/Disgruntled Employee - AFE: 0.20
The various incident classes associated with this threat are shown in the following table:
There are no incidents associated with this threat.
3.2.30Sabotage/Terrorist - AFE: 0.04
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Disruption, Cash |
$0. |
$0. |
0.0% |
Figure 13.30 |
|
|
|
3.2.31Stalking - AFE: 0.10
The various incident classes associated with this threat are shown in the following table:
There are no incidents associated with this threat.
3.2.32Storms/Hurricanes/Tornadoes - AFE: 0.10
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
|
Direct Loss, Cash |
$0. |
$0. |
0.0% |
|
Disruption, Cash |
$0. |
$0. |
0.0% |
|
Direct |
Loss, Controlled Substances |
$0. |
$0. |
0.0% |
Figure |
13.32 |
|
|
|
3.2.33Theft - Company Property - AFE: 12.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
|
Disruption, Cash |
$0. |
$0. |
0.0% |
|
Direct Loss, Controlled Substances |
$0. |
$0. |
0.0% |
|
Direct |
Loss, Intangibles |
$0. |
$0. |
0.0% |
Figure |
13.33 |
|
|
|
3.2.34Theft - Personal Property - AFE: 12.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
|
Disruption, Cash |
$0. |
$0. |
0.0% |
|
Direct |
Loss, Intangibles |
$0. |
$0. |
0.0% |
Figure |
13.34 |
|
|
|
3.2.35Theft - Services - AFE: 52.00
The various incident classes associated with this threat are shown in the following table:
There are no incidents associated with this threat.
3.2.36Unauthorized Disclosure - AFE: 0.20
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Direct Loss, Cash |
$0. |
$0. |
0.0% |
Disruption, Cash |
$0. |
$0. |
0.0% |
Direct Loss, Electronic Equipment |
$0. |
$0. |
0.0% |
Direct Loss, Evidence |
$0. |
$0. |
0.0% |
Direct Loss, Gold/Silver Gems |
$0. |
$0. |
0.0% |
Figure 13.36
3.2.37Vandalism - AFE: 2.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Direct Loss, Computer Hardware |
$0. |
$0. |
0.0% |
Disruption, Computer Hardware |
$0. $0. |
0.0% |
Figure 13.37
CHAPTER 3. THREATS
Altogether [[[thirty]]] threats were considered in the analysis. Each was assigned a locally applicable estimate of frequency. Each was associated with one or more pairs composed of a Loss Category and an Asset Category to form a number of distinct incidents. Using other data about the expected degree of seriousness for each incident, the vulnerability of [[[The Agency]]] in a variety of area (derived from the responses to questions sent to users of the system being analyzed and reported on thoroughly below in Chapter 4 of this report), the single loss expectancy (SLE) for every incident was computed; when multiplied by the expected frequency of the threat included in the incident definition, the Annual Loss Expectancy (ALE) can be calculated. The ALE for all incidents that are associated with a particular threat are added to determine an ALE attributable to that threat.
The single threat with the greatest Annual Loss Expectancy (ALE) is Accident/Fatal with a value of $22.. This value accounts for 100.0 percent of the total ALE for the enterprise. The next highest values of ALE arise from threats Accident/Injury and Activist. The values and percentages of the whole are, respectively, $0., at 0.0% and $0. at 0.0%. [[[The reason for the size of the Power Loss ALE is the lack of a published Contingency Plan. It is anticipated that the Plan will be ready for publication by July 30. 1997. The Plan should significantly reduce the Facility's vulnerability to the threat of Power Loss.]]]
3.1 SUMMARY OF THREATS
A multitude of threats have been analyzed in order to develop a viable set of threats which is further analyzed for applicability to the specific facility/operation. For each threat, an Annual Frequency Estimate (AFE) is derived by analyzing available national data. Following is a description of the methodology used in deriving the various AFE's which are subsequently employed in calculating the Annual Loss Expectancies (ALE's). Raw data with dates of occurrence, dollar losses, and resources threatened are obtained from a multitude of data bases including data from the National Technical Information Center (NTIS) and the Defense Technical Information Center (DTIS). The collected data are analyzed by use of statistical routines to derive the mean, the standard deviation, and the regression slope. These data are organize
DATA RELEVANCE
The derived AFE values developed from the national data, are not as applicable as AFE's developed with site specific data. Site specific data are defined as information gathered directly on or from the site itself. Historically recorded data of previous threat occurrences which can generally be collected from the specific site are; maintenance logs, documentation on air conditioning and power failure, and false alarms, etc. To determine whether or not the suggested AFE value, for a given threat should be used, is a straightforward process:
1)When possible, the AFE value for the given threat is developed from site
specific/resident data. This requires the gathering of site resident data as needed to calculate the mean and standard deviation for any specific threat AFE.
2)When it is not practical to gather the site specific data required to calculate the AFE
value for a particular threat, the standard AFE value can be used.
The Table (FIGURE 10) below shows the threats that were considered in this analysis together with their local Annual Frequency Estimates (AFE), the ALE of all incidents associated with each, and the percentage of the overall ALE represented by each of these ALE figures.
Threat |
AFE |
ALE % of Total ALE |
||||||
Accident/Fatal |
0.02 |
$22. |
100.0% |
|||||
Accident/Injury |
1.00 |
|
$0. |
|
0.0% |
|||
Activist |
0.10 |
$0. |
|
0.0% |
|
|||
Arson |
0.02 |
$0. |
|
0.0% |
|
|||
Assault, Aggravated |
|
1.00 $0. |
0.0% |
|||||
Assault, Sexual |
0.20 |
$0. |
0.0% |
|
||||
Assault, Simple |
5.00 |
$0. |
|
0.0% |
||||
Biological Contamination |
|
|
0.05 |
$0. |
0.0% |
|||
Blackmail/Extorsion |
|
0.02 $0. |
0.0% |
|||||
Bomb Threats |
2.00 |
$0. |
|
0.0% |
||||
Burglary/Break In |
|
1.00 |
$0. |
0.0% |
||||
Chemical Gas |
0.10 |
$0. |
|
0.0% |
||||
Cold/Frost/Snow |
|
1.00 $0. |
0.0% |
|||||
Communication Loss |
|
|
10.00 |
$0. |
0.0% |
|||
Earthquakes |
0.05 |
$0. |
0.0% |
|
||||
Electromagnetic Interference |
|
|
1.00 |
$0. |
0.0% |
|||
Espionage |
0.20 |
$0. |
0.0% |
|
||||
Explosions Major |
|
0.01 |
$0. |
0.0% |
||||
Explosions Minor/Mail-Bomb |
|
|
0.10 $0. 0.0% |
|||||
Fire, False Alarm |
2.00 |
|
$0. |
|
0.0% |
|||
Fire, Major |
0.04 |
$0. |
0.0% |
|
||||
Fire, Minor |
0.10 |
$0. |
0.0% |
|
||||
Flooding/Water Damage |
|
|
|
0.05 |
$0. |
0.0% |
||
Homicide |
0.04 |
$0. |
0.0% |
|
||||
Kidnapping |
0.02 |
$0. |
|
0.0% |
|
||
Power Loss |
2.00 |
$0. |
|
0.0% |
|
||
Riot/Civil Disorder |
0.10 $0. |
|
0.0% |
|
|||
Robbery |
1.00 $0. |
0.0% |
|
|
|||
Sabotage/Disgruntled Employee |
0.20 |
$0. |
0.0% |
||||
Sabotage/Terrorist |
0.04 |
$0. |
0.0% |
|
|||
Stalking |
0.10 $0. |
0.0% |
|
|
|||
Storms/Hurricanes/Tornadoes |
|
0.10 |
$0. |
0.0% |
|||
Theft - Company Property |
12.00 |
$0. 0.0% |
|||||
Theft - Personal Property |
12.00 |
$0. |
0.0% |
||||
Theft - Services |
52.00 $0. |
|
0.0% |
|
|||
Unauthorized Disclosure |
0.20 |
$0. |
0.0% |
||||
Vandalism |
2.00 |
$0. |
|
0.0% |
|
||
FIGURE 10
This ALE information is presented below as a barchart.
Accident/F |
|
|
|
|
|
|
|
|
|
22 |
|
|
|
|
|
|
|
|
|
|
|
2 |
4 |
6 |
8 |
10 |
12 |
14 |
16 |
18 |
20 |
22 |
|
|
|
|
|
Dollars |
|
|
|
|
|
FIGURE 11
The percentage of the total ALE for each threat is indicated in the following diagram.
36 Others (0.0%)
Accident/F (100.0%)
VULNERABILITY AREA REPORT
OVERALL COMPLIANCE: is no data available.
VULNERABILITY AREA: Computer Systems Security
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Bomb Detection and Control
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Cleaning/Trash Removal
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Communication/Utility Closets
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Communications
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Construction/Architecture
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Contingency/Emergency Planning
There is no information available for this area of vulnerability.
VULNERABILITY AREA: |
Contingency/Incidence |
Response |
There is no information available for this |
area of vulnerability. |
|
VULNERABILITY AREA: |
Controlled Areas |
|
There is no information available for this |
area of vulnerability. |
|
VULNERABILITY AREA: |
Data Backup/Storage |
|
There is no information available for this |
area of vulnerability. |
|
VULNERABILITY AREA: |
Doors |
|
There is no information available for this |
area of vulnerability. |
|
VULNERABILITY AREA: |
Electrical Power |
|
There is no information available for this |
area of vulnerability. |
|
VULNERABILITY AREA: |
Emergency Evacuation |
|
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Emergency Medical
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Entry Control
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Fire Alarms and Detection
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Fire Prevention
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Fire Suppression
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Illumination
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Information/Investigation Process
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Intrusion Detection
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Landscape/Vegetation
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Locks/Key Control
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Management/Organization
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Marine Access Control
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Observation
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Package Control
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Parking Lot/Garage
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Personnel Control
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Personnel Screening
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Property Management
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Roofs
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Safety
There is no information available for this area of vulnerability.
VULNERABILITY AREA: Security Officers
There is no information available for this area of vulnerability.