This free chapter is from the new book: Critical Infrastructure Risk Assessment: The Definitive Threat Identification and Threat Reduction Handbook, by Ernie Hayden MIPM, CISSP, CEH, GICSP(Gold), PSP
In this chapter — The Power of the Observation — you will discover:
- An overview of the concept of an “observation.”
- The primary elements included in the observation as well as its format.
- Fundamental considerations when performing and documenting the observation including the power of one’s influence on the actions being observed, the need for critical thinking, and considerations on how the observation supports the risk assessment.
WHAT DEVASTATING THREATS DOES YOUR CRITICAL FACILITY FACE? WHAT CAN YOU DO TO ADDRESS THOSE RISKS?
Critical Infrastructure Risk Assessment is your hands-on, step-by-step guide to understanding, prioritizing, and mitigating, risk. Ernie Hayden guides you with tools, examples, processes plus a real-world example risk assessment report. You will learn what constitutes critical infrastructure and risk, and you will be guided in risk assessment of any complex facility.
This handbook is for junior and senior personnel alike. Whether you’re a consultant, plant manager, corporate risk manager, engineer, or student, read this book before you jump into your first technical assignment!
CRITICAL INFRASTRUCTURE RISK ASSESSMENT WILL GUIDE YOU TO:
- Understand Risk, Risk Management, and Risk Assessment.
- Prepare for your site Risk Assessment, and navigate from pre-visit through the final report.
- Balance Risk Assessment activities including Observations and Inspections.
- Weigh Critical, High, Medium, and Low Risk for your assessment findings.
- Perform Interviews and Material Condition Inspections as part of the Risk Assessment Process.
- Draw practical lessons from a real-world example risk assessment report.
- Motivate and educate engineers to perform large-facility risk assessments.
- Capture your risk assessment findings and strengths in a realistic, usable risk assessment report.
- Make decisions and do the right thing to conduct an effective Risk Assessment of any large, complex facility.
WHAT YOUR COLLEAGUES ARE SAYING ABOUT CRITICAL INFRASTRUCTURE RISK ASSESSMENT
“Critical Infrastructure Risk Assessment is an invaluable reference for assessors, business managers, operators, and planners. And given a rapidly evolving geopolitical situation with nations and other actors motivated to compete and fight across multiple domains, the book could not come at a better time.” – Chuck Benson, Director of IoT Risk Mitigation Strategy, University of Washington
“What I particularly like about this book is how self-contained it is in its knowledge of statutes, approaches, resources, and recommendations. You need not look elsewhere for guidance in conducting infrastructure risk assessments. This book is a practitioner’s guide that anyone involved in managing, securing, or operating critical infrastructure would find invaluable. The book’s subtitle, “Critical Infrastructure Risk Assessment: The Definitive Threat Identification and Threat Reduction Handbook” is no boast as this book lives up to its title.” – Tari Schreider, C|CISO, CRISC, MCRP, Cybersecurity Program Strategist, Author & Instructor
“Ernie Hayden has been in the industry for many years and offers a lot of practical advice in this book. The book is laid out in an easy-to-consume manner; it starts with foundational information and proceeds to detail the assessment process from start to finish. This book is a great reference for the facility manager, plant manager or consultant.” – Matt B., CISSP
“Ernie Hayden has provided an extraordinary work that goes beyond its title, addressing Risk Assessment for Critical Infrastructure, with all its elements: threat identification, vulnerability identification, and impact. But more than an academic exercise, Mr. Hayden has taken years of experience as a risk assessor, and provides a handbook that will be invaluable to both the novice assessor, the executive who has been charged with an assignment to have a risk assessment completed, and the seasoned assessor.” – Matt Lampe, Partner, Fortium Partners
“This handbook was written for anyone involved in critical infrastructure risk assessment. Ernie Hayden guides you through the quagmire of complex terms and essential concepts to gain a clear understanding of critical infrastructure and risk assessment. The responsible executive or risk assessor will want to keep this reference by their side while planning, conducting, or using any risk assessment.” – Gil Oakley, Retired, Institute of Nuclear Power Operations
As a manager or engineer have you ever been assigned a task to perform a risk assessment of one of your facilities or plant systems?What if you are an insurance inspector or corporate auditor? Do you know how to prepare yourself for the inspection, decided what to look for, and how to write your report?
This is a handbook for junior and senior personnel alike on what constitutes critical infrastructure and risk and offers guides to the risk assessor on preparation, performance, and documentation of a risk assessment of a complex facility. This is a definite “must read” for consultants, plant managers, corporate risk managers, junior and senior engineers, and university students before they jump into their first technical assignment.
At over 400 pages, this book is robust in its content of conducting a physical risk assessment on critical infrastructure. The author, Ernie Hayden has extensive experience in protecting critical infrastructure and has generously shared his years’ of experience gained from his Chief Information Security Officer (CISO) roles for the Port of Seattle, Seattle City Light, and as the Managing Principal of Critical Infrastructure Protection for Verizon. With widely reported eroding infrastructure within the US, this book is not only timely, but critically needed. But Ernie does not stop at US borders, he also provides insight in assessing risk to critical infrastructure located in Canada, the UK as well as many other countries.
The book’s nine chapters are divided into two parts. Part I covers the background of critical infrastructure, risk management and the process of assessing risk. Part II walks the reader through conducting an effective risk assessment on critical infrastructure. The crown jewel in Ernie’s book is the sample risk assessment report provided as an Appendix. Here you can see the application of the lessons, guidance, and examples seeded throughout the book.
The book provides several great diagrams on the four dimensions of interdependent infrastructure cautioning the reader to not only assess risk on their specific infrastructure but consider the risk introduced by infrastructures they may be dependent. The level of detail provided even includes the types of tools one would need to perform a physical risk assessment of critical infrastructure. One could easily build a toolkit from the examples provided.
What I particularly like about this book is how self-contained it is in its knowledge of statutes, approaches, resources, and recommendations. You need not look elsewhere for guidance in conducting infrastructure risk assessments. Readers will have no ambiguity about what critical infrastructure is as Ernie provides ample definitions and examples of critical infrastructure. Ernie grounds us in the evolution of critical infrastructure directives, regulations, and laws, walking us through the evolution of the regulatory landscape. When it comes time to perform an assessment, the book walks you through the pre-assessment, on-site observations, writing a final report, and remediation strategies.
Each chapter provides questions for further thought and discussion for the stimulation of critical thinking. Readers will find the book well cited and easy to read. It becomes clear to the reader that the author has performed extensive critical infrastructure risk assessments by the level of detail provided that only an outlier would have. This book is a practitioner’s guide that anyone involved in managing, securing, or operating critical infrastructure would find invaluable. The book’s title “The Definitive Threat Identification and Threat Reduction Handbook” is no boast as this book lives up to its title.
Review by Tari Schreider, C|CISO, CRISC, MCRP
Cybersecurity Program Strategist, Author & Instructor
382 pages including comprehensive index and real-world example risk assessment report.