- •Санкт-Петербург
- •1.1.1 The Risk Assessment Team
- •1.1.3 Physical Plant and Physical Security
- •1.2.11 Safeguards:
- •1.3 Risk Analysis Methodology
- •1.4 RiskWatch Parameters and Data Analysis
- •I. Executive Summary
- •II. Recommendations
- •2.2 Assets within category
- •2.1 Summary of asset categories
- •Insurance/Bond 0.00 0.0%
- •In the tables below, three figures, one for each discount rate, are provided, for each safeguard,
- •5.1 Summary of safeguards
- •Insurance/Bond 0.00 0.00 0
Insurance/Bond 0.00 0.0%
Life Cycle Management 0.00 0.0%
Material Segregation 0.00 0.0%
Monitor System 0.00 0.0%
New Construction 0.00 0.0%
Operating Procedures 0.00 0.0%
OPR for each System 0.00 0.0%
Organizational Structure 0.00 0.0%
Passwords/Authenticaion 0.00 0.0%
Personnel Clearances 0.00 0.0%
Personnel Control 0.00 0.0%
Preventive Maintenance 0.00 0.0%
Property Management 0.00 0.0%
Quality Assurance 0.00 0.0%
Redundant Power 0.00 0.0%
Review Sens. Applications 0.00 0.0%
Risk Analysis 0.00 0.0%
Security Classification 0.00 0.0%
Security Plan 0.00 0.0%
Security Policy 0.00 0.0%
Security Staff 0.00 0.0%
Safeguard Test & Eval. 0.00 0.0%
System Validation 0.00 0.0%
Technical Surveillance 0.00 0.0%
Tempest Survey 0.00 0.0%
Training 0.00 0.0%
Visitor Control 0.00 0.0%
Water Drainage 0.00 0.0%
CHAPTER 5. SAFEGUARDS
The analysis recommends a total of [[[ thirty-six (36) ]]] safeguards out of a possible 42 for use (at the AIS).
Figures 16 through 18 reflect the total cost of each safeguard for the life cycle of the safeguard.
It is generally taken that safeguards can fall into three categories:
(1) those that prevent incidents;
(2) those that permit the timely detection of incidents that have not been detected;
(3) those that aid in the recovery process after an incident has occurred.
The goal of a safeguard is to reduce the Annual Loss Expectancy (ALE) of one or more incidents, thereby reducing the overall ALE for the enterprise. This reduction is calculated by noticing that various safeguards impact the overall system in different ways. Three different forms of impact have been noted:
(1) the reduction in certain evaluative parameters for assets (for example the (recovery) safeguard of Insurance can reduce the Replacement Cost of all assets covered by the insurance);
(2) the reduction in the level of vulnerability in certain areas (for example the (preventative) safeguard of Data Encryption) can significantly reduce the vulnerability called Disclosure (or Data Disclosure); the (detective) safeguard of Monitor System can act to lessen the difficulty that can arise from the slowly degrading Reliability of hardware components);
(3) the reduction in the frequency of a threat (or threat event) (for example, the safeguard called Training is expected to reduce the frequency of the threat of Errors).
Not only is a safeguard intended to reduce ALE, but it must do it in a cost-effect way. RiskWatch II for Windows considers all possible safeguards and their impact on the overall system. For each, in turn, a full Cost-Benefit Analysis (CBA) is performed.
This analysis uses the reduction in ALE, expected annually, as the benefit and the initial and maintenance costs over the lifetime of the safeguard, and considers three different possible discount rates of 5, 10 and 15% to permit the calculation of the net present value of all projected figures.