Thursday, December 15, 2005

CIP Risk Management: NIPP & Tuck...

As part of the new National Infrastructure Protection Plan NIPP v1.0 the years old RAMCAP (Risk Analysis and Management for Critical Assets Protection) methodology of the American Society of Mechanical Engineers makes it's way into the mainstream:

RAMCAP is an overall methodology and provides a common framework for homeland security risk analysis decision-making that includes:

–Common terminology
–Common metrics for comparing risks across sectors
–Common basis for reporting results
–Basis for informing resource allocation decisions

•Countermeasures
•Consequence mitigation actions


ASME was awarded a grant by the Department of Homeland Security to develop uniform risk-based guidance in September 2003. The methodology's sequential steps include:

•Vulnerability analysis
•Consequence analysis
•Risk analysis
•Countermeasures and mitigation
•Decision analysis
•Multiple assets and sectors


The NIPP is a "draft" today and the comment period has already expired December 5, 2005. We expect that we will see sector specific plans soon after the national plan is finalized. It will be interesting to see how the private sector reacts. Industry critics say the draft lacks specificity at this point. However, maybe this is a good thing for the owners and operators of 85% of the nations critical infrastructure.

No comments: