Here is Kristopher post
Based on the Read items thus far, you can see that acronyms abound. What do CARVER, CPTED, SVA, NIPP, and CIKR mean? Be sure to briefly discuss each. Find at least 1 extra acronym you would like to share. Next, what is the purpose of a Security Vulnerability Analysis (SVA)? Explain how one (SVA) works.
CARVER is an system that creates a relative ranking of assets (Lewis et al., 2012). The acronym CARVER stands for criticality, accessibility, recuperability, vulnerability, effect, and recognizability (Bennett, 2018). According to Greaver et al. (2018), CARVER was created by United States special forces in Vietnam as a tool to identify and prioritize targets to increase efficiency when using resources. Carver creates a points-style system laid out in a table to establish hierarchy (Greaver et al., 2018). The weighting scheme is then tallied, and multi-attribute decision-making can be accomplished based on professional knowledge and ranking of a specific topic (Greaver et al., 2018). As such, using CARVER presents an interesting approach to conducting a security vulnerability analysis.
CPTED, according to Cozens et al. (2005), is an acronym for crime prevention through environmental design. When I worked in the DRT division of the Houston Police Department, we often used the CPTED process to assist apartment complexes in creating an environment that would be less conducive to criminal activity. For example, lighting would have to be accomplished in specific manners, gates would need to be operable and set to particular parameters, and even vegetation such as trees and bushes would need to be either trimmed or planted in strategic ways. Fennelly et al. (2018) state that CPTED is helpful in risk analysis of critical infrastructure in that unconventional methods are often thought of to mitigate potential threats. For example, while many risk assessments focus on security through common ideas of fences and cameras, CPTED expands by looking at environmental factors.
Security vulnerability analysis, or SVA, is a tool that enables people to look into critical assets from a different perspective, typically an adversary (Bennett, 2018). SVA is a qualitative method of risk analysis used to discover and address vulnerabilities that exist within a critical asset. In addition to addressing problems, the SVA can also provide options that can be evaluated for implementation to enhance security (Bennett, 2018). Bennett (2018) also argues that since terrorists continue to think outside of the box, SVA allows for more unlikely scenarios to be analyzed. Additionally, Bennett (2018) states the purpose of the SVA is to identify and analyze threats facing a critical asset. One faucet of SVA is risk characterization screening (Bennett, 2018). The screening process looks at the agencies and jurisdiction of where an asset is located. Then, the screening process establishes protocols to link to the local agencies in the event of an incident. For example, if an asset has an attack that requires medical and fire personnel, then predetermined agencies will assist with that asset.
The national infrastructure protection plan (NIPP) was created under the guidance of the Department of Homeland Security as a doctrine that seeks to unify and coordinate our nations response to critical infrastructure threats (Department of Homeland Security, 2006). NIPP seeks to use federal agencies such as the Sector Risk Management Agency (SRMA) to lead a cooperative movement to have critical infrastructure security (Department of Homeland Security, 2006). NIPP is unique in that the collaborative efforts to mitigate threats to critical infrastructure are done so on both the private and government sector. Entities can collaborate on methods to alleviate the burden of some risk analysis methods by sharing results with each other.
Critical infrastructure and key resources (CIKR) explain the roles and responsibilities for prioritizing, protecting, and restoring critical infrastructure in the event of a catastrophe (Fisher et al., 2010). In more straightforward language, CIKR is simply the private and government sector assets we define to be critical and can be either hard or soft targets. CIKR is the primary subject of this class, and the ability to defend and analyze threats to CIKR is the main focus of study. CIP is an additional acronym that stands for critical infrastructure protection (Setola et al., 2016). CIP is the definitional need to prioritize critical infrastructure by way of need and assign security and assets to those CIKR.
He who dwells in the shelter of the Most High will abide in the shadow of the Almighty. I will say to the Lord, My refuge and my fortress, my God, in whom I trust. For he will deliver you from the snare of the fowler and from the deadly pestilence. He will cover you with his pinions, and under his wings you will find refuge; his faithfulness is a shield and buckler. You will not fear the terror of the night, nor the arrow that flies by day (Psalm 91:1-16, The Holy Bible, English Standard Version).
Bennett, B. T. (2018). Understanding, assessing, and responding to terrorism: Protecting critical infrastructure and personnel. John Wiley & Sons.
Cozens, P. M., Saville, G., & Hillier, D. (2005). Crime prevention through environmental design (CPTED): a review and modern bibliography. Property management, 23(5), 328-356.
Fennelly, L. J., Perry, M. A., & Stewart, J. K. (2018). CPTED Foundations and Fundamentals: Risk, Risk Analysis and Assessments, and the Basis for Proper Planning 1. In CPTED and Traditional Security Countermeasures150 Things You Should Know (pp. 236-242). CRC Press.
Fisher, R. E., Bassett, G. W., Buehring, W. A., Collins, M. J., Dickinson, D. C., Eaton, L. K., … & Peerenboom, J. P. (2010). Constructing a resilience index for the enhanced critical infrastructure protection program (No. ANL/DIS-10-9). Argonne National Lab.(ANL), Argonne, IL (United States). Decision and Information Sciences.
Greaver, B., Raabe, L., Fox, W. P., & Burks, R. E. (2018). CARVER 2.0: integrating the Analytical Hierarchy Processs multi-attribute decision-making weighting scheme for a center of gravity vulnerability analysis for US Special Operations Forces. The Journal of Defense Modeling and Simulation, 15(1), 111-120.
Lewis, T. G., Darken, R. P., Mackin, T., & Dudenhoeffer, D. (2012). Model-based risk analysis for critical infrastructures. WIT Transactions on State-of-the-Art in Science and Engineering, 54.
Liberty University. (ND). Watch: Protecting CIKR, Key Resources, and Key Assets. Week 3 Liberty University Learn material.
Setola, R., Rosato, V., Kyriakides, E., & Rome, E. (2016). Managing the complexity of critical infrastructures: A modelling and simulation approach (p. 299). Springer Nature.
The Holy Bible, English Standard Version: containing the Old and New Testament. (2021)
United States. Department of Homeland Security. (2006). National Infrastructure Protection Plan. US Department of Homeland Security.