Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Vulnerability assessment

Definition of Terms (American Petroleum Institute/National Petroleum Refiners Association, Security Vulnerability Assessment Methodology for the Petroleum Industry, 2004.)... [Pg.104]

Security Vulnerability Assessment A security vulnerability assessment is intended to identify security vulnerabilities from a wide range of threats ranging from vandalism to terrorism. With the recognition of threats, consequences, and vulnerabilities, the risk of security events can be evaluated, and a security management system can be organized that will effectively mitigate those risks. [Pg.106]

National Institute of Justice, Chemical Facility Vulnerability Assessment Methodology, July 2002 (Sandia VAM). [Pg.106]

The secretary, under the law, must review and approve the required assessment, plan, and implementation for each facility. The statute prohibits the secretary from disapproving a site security plan on the basis of the presence or absence of a particular security measure, but the secretary may disapprove a site security plan that does not meet the risk-based performance standards. The secretary may approve vulnerability assessments (see chapter 5) and site security plans created through security programs not developed by DHS, so long as the results of these programs meet the risk-based performance standards established in regulation. [Pg.60]

It is important to point out that post-9/11 the chemical industry sector has taken great strides to protect its critical infrastructure. For instance, government and industry have developed vulnerability assessment methodologies for critical infrastructure systems and trained thousands of auditors and others to conduct them. [Pg.66]

Some points to consider related to the six basic elements listed above are included in table 5.1. The manner in which the vulnerability assessment is performed is determined by each individual water/wastewater utility. Throughout the assessment process it is important to remember that the ultimate goal is twofold to safeguard public health and safety and to reduce the potential for disruption of a reliable supply of chemicals. [Pg.68]

It is to shore up the gaps in the system that has driven many chemical industrial facilities to increase security. In addition to vulnerability assessments (VA) and PSM/ RMP provisions, other security steps should also be taken. For example, it is the opinion of the authors of this text that the following recommendations are the minimum steps to be taken to upgrade security. The recommendations include... [Pg.93]

U.S. Environmental Protection Agency (USEPA). 2002. Vulnerability assessment fact sheet. EPA 816-F-02-025. www.epa.gov/ogwdw/security/index.html (accessed May 2006). [Pg.96]

Emergency response plans (ERPs) are nothing new to chemical industries, since many have developed ERPs to deal with natural disasters, accidents, violence in the workplace, civil unrest, and so on. Because chemical industries are a vital part and ingredient of our way of life, it has been prudent for chemical industries to develop ERPs in order to help ensure the continuous flow of water to the community. However, many chemical industry ERPs developed prior to 9/11 do not explicitly deal with terrorist threats, such as intentional fire, explosion, or contamination. Recently, the U.S. Congress and federal regulators have required chemical industries to prepare or revise, as necessary, an ERP to reflect the findings of their vulnerability assessment and to address terrorist threats. [Pg.105]

Use your vulnerability assessment (VA) findings to identify specific emergency action steps required for response, recovery, and remediation for applicable incident types. In Section V of this plan, specific emergency actions procedures addressing each of the incident types should be addressed. [Pg.140]

Because of the potential for extensive or catastrophic damage that could result from a malevolent act, additional equipment sources should be identified for the acquisition and installation of equipment and repair parts in excess of normal usage. This should be based on the results of the specific scenarios and critical assets identified in the vulnerability assessment that could be destroyed. For example, numerous pumps, vats, and mixers, specifically designed for the chemical industry, could potentially be destroyed. A certain number of long-lead procurement equipment should be inventoried and the vendor information for such unique and critical equipment maintained. In addition, mutual aid agreements with other industries, and... [Pg.142]

For existing facilities, security upgrades should be based on the results generated from the vulnerability assessment, which characterizes and prioritizes those assets that may be targeted. The vulnerabilities identified must be protected. [Pg.157]

Feature 3. Assess vulnerabilities and periodically review and update vulnerability assessments to reflect changes in potential threats and vulnerabilities. [Pg.217]

Assessments should take place once every three to five years at a minimum. Chemical industries may be well served by doing assessments annually. The basic elements of sound vulnerability assessments are... [Pg.217]

DIMVA 2004, The Detection of Intrusions and Malware Vulnerability Assessment, July 2004, Dortmund, Germany, home page at http //www.dimva.org/dimya2005... [Pg.255]

Unfortunately, most of these tools are extremely expensive, and are fairly complex to deploy, requiring a database backend for alert storage. Surprisingly, they also have limited correlation capabilities, only providing a dozen or so rules as example for the development of environment-specific correlation rules. They should be viewed as a development framework for writing correlation rules. Since our correlation needs are very diverse, we could not find a platform that would allow us to run multiple correlation processes in parallel, from dynamic statistical analysis to vulnerability assessment. Also, manipulation of contextual data with interfaces to the inventory and configuration databases of the companies, was a strong requirement that no commercial tool satisfied at the time we launched the project. [Pg.351]

Data enrichment currently only deals with host information and vulnerability assessment information, although additional sources are under investigation, such as the Cisco Threat Response (CTR) technology1 that provides on-the-spot scan ability for IDS alert assessment. Both functions are presented in greater detail in Section 5. [Pg.355]

This information is collected by the vulnerability assessment process. A vulnerability report is generated by a vulnerability assessment tool (for example Nessus3) as an XML file. Information in this file is imported in the events database as contextual information associated with hosts. Since vulnerability reports are associated with security references (bugtraq, CVE, etc.) and IDS signatures are also associated with the same information, it is fairly straightforward to infer the events that create a serious risk for the information system. If an event has as target the host associated with vulnerability X, and as signature one also associated with vulnerability X, then the risk is serious. This is a standard process that is in use in most intrusion-detection products. [Pg.362]

Another annoying feature of most audit assessment tools is that they provide information about the vulnerabilities found, and not the ones that do not exist in the information system. It is therefore difficult to practice anticorrelation and degrade the severity of events that are not security risks for the information system. To obtain this effect, we currently manually maintain a set of simple rules indicating which vulnerability sets cannot be found in our corporate network. For example, we exclude all IIS vulnerabilities from events coming from hosting zones, as we do not offer this platform in our services. Note that we do not consider here the case where the vulnerability assessment tool fails to discover the vulnerability. Audit information is considered trusted. [Pg.363]

We hope to improve this situation by using active port information and assessment configuration information coming from the vulnerability assessment tools. Most of these tools provide a global configuration section that lists all the tests that will be run. These tests are associated with a port number, and each tested host is associated with a list of open ports. For the ports of each open host, we can infer the list of tests that have been run against the host, and deduce that all these not included in the vulnerability report have had a negative outcome. [Pg.363]

Bioterrorism Act of 2003 While not directly related to water quality regulations, the security and vulnerability of community drinking water systems were addressed in the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (Bioterrorism Act). The vulnerability assessments were intended to examine a facility s ability to defend against adversarial actions that might substantially disrupt the ability of a water system to provide a safe and reliable supply of drinking water. [Pg.17]

For community drinking water systems serving more than 3300 persons, it was required to conduct a vulnerability assessment (VA), certify and submit a copy of the VA to the EPA Administrator, prepare or revise an emergency response plan based on the results of the VA, and within 6 months certify to the EPA Administrator that an emergency response plan has been completed or updated. The VA requirement was to be completed by all facilities in June 2004. [Pg.17]

Preparedness refers to the proactive planning efforts designed to structure the disaster response prior to its occurrence. Disaster planning encompasses evaluating potential vulnerabilities (assessment of risk) and the... [Pg.7]

At the point this was written in 2004, there are no national security regulations (Box 3.2), although a change in Administrations could alter this picture. Nevertheless, members of the American Chemistry Council and the Synthetic Organic Chemicals Manufacturing Association have completed site vulnerability assessments, and are implementing security improvements at their plants. This year, the industry has worked to synchronize efforts in facility and IT security, and to take... [Pg.69]

Currently, however, only a fraction of the chemical processing and storage facilities in the United States are members of the trade groups spearheading these efforts. At this point, it s safe to say that most chemical plants haven t even done site vulnerability assessments. They re behind the curve, says Richard Sem, a 34-year security veteran and former senior Pinkerton executive who now mns his own consulting firm in Plainfield, IL. Atlanta-based consultant Sal De Pasquale, who helped develop one of the most widely used site vulnerability assessment methods, puts it bluntly At most chemical plants handling hazardous materials today, existing security simply could not stand up to a guy with a six shooter and a bomb. ... [Pg.70]

Neville was in a situation that many companies may find themselves in today. It had completed a site vulnerability assessment that found weaknesses in perimeter security, with unlocked gates in need of repair along the rail line that runs through the plant site. [Pg.70]

See other pages where Vulnerability assessment is mentioned: [Pg.105]    [Pg.106]    [Pg.6]    [Pg.60]    [Pg.64]    [Pg.66]    [Pg.66]    [Pg.67]    [Pg.67]    [Pg.68]    [Pg.68]    [Pg.69]    [Pg.69]    [Pg.87]    [Pg.123]    [Pg.223]    [Pg.51]    [Pg.355]    [Pg.362]    [Pg.14]    [Pg.30]    [Pg.30]   


SEARCH



Assessing Vulnerabilities

Assessing Vulnerabilities

Assessing the Vulnerability of Supply Chains

Security Vulnerability Assessment

Threats and vulnerabilities assessing

Transportation Security Vulnerability Assessment

Vulnerability

Vulnerability assessment elements

Vulnerable groups risk assessment

© 2024 chempedia.info