This book offers a state-of-the-science approach to current environmental security threats and infrastructure vulnerabilities. It emphasizes beliefs that the convergence of seemingly disparate viewpoints and often uncertain and limited information is possible only by using one or more available risk assessment methodologies and decision-making tools such as risk assessment and multi-criteria decision analysis (MCDA).

This second edition of Critical Infrastructure Protection, Risk Management, and Resilience continues to be an essential resource for understanding and protecting critical infrastructure across the U.S. Revised and thoroughly updated throughout, the textbook reflects and addresses the many changes that have occurred in critical infrastructure protection and risk management since the publication of the first edition. This new edition retains the book’s focus on understudied topics, while also continuing its unique, policy-based approach to topics, ensuring that material is presented in a neutral and unbiased manner. An accessible and up-to-date text, Critical Infrastructure Protection, Risk Management, and Resilience is a key textbook for upper-level undergraduate or graduate-level courses across Homeland Security, Critical Infrastructure, Cybersecurity, and Public Administration.

As a manager or engineer have you ever been assigned a task to perform a risk assessment of one of your facilities or plant systems? What if you are an insurance inspector or corporate auditor? Do you know how to prepare yourself for the inspection, decided what to look for, and how to write your report? This is a handbook for junior and senior personnel alike on what constitutes critical infrastructure and risk and offers guides to the risk assessor on preparation, performance, and documentation of a risk assessment of a complex facility. This is a definite “must read” for consultants, plant managers, corporate risk managers, junior and senior engineers, and university students before they jump into their first technical assignment.

A compelling overview of systems and strategies implemented to safeguard U.S. resources from a plethora of threats, the vulnerabilities and security gaps in these infrastructure systems, and options to enable the future security of the homeland. Since the first edition of this book was published in 2009, significant changes have occurred in the security landscape, both domestically and internationally. This second edition is thoroughly updated to reflect those changes, offering a complete review of the various security and resilience measures currently in place and potential strategies to safeguard life and property within the U.S. homeland. As noted in the U.S. Department of Homeland Security's National Preparedness Goal, the mission area of protection is vital to the homeland in its focus on actions to protect people, vital interests, and our nation's way of life. With that in mind, this book discusses strategies such as risk analysis and assessment, information sharing, and continuity planning. The authors focus on relevant and timely threats and hazards facing specific infrastructure components including, but not limited to, agriculture and food, banking and finance, water, energy, telecommunications, and transportation. The dynamic posture of critical infrastructure security and resilience (CISR) underscores the importance of an integrated, layered all-hazards approach. In describing this approach, the book includes new chapters on planning and guidance, public and private partnerships, cyber issues and threats, and careers in infrastructure protection. Additions such as discussion questions, learning objectives, and fundamental concepts for each chapter provide additional direction for instructors and students alike.

Professional services firms play a vital role in the social, environmental and economic well-being of any economy. This book considers the key skills and elements required to successfully lead and manage a professional services firm operating in the infrastructure sector. Public- and private-sector clients recognise the role that infrastructure plays in the functionality of our cities and that most urban conurbations have a backlog of infrastructure to deliver to meet the needs of increasing populations, greater urbanisation and emerging economies. Just keeping pace with projected global GDP growth will require an enormous investment in infrastructure and skilful leadership to deliver it. In response to this challenge, professional services firms will need to be well-led and well-managed to be successful and sustainable in the long-term. Such organisations must provide high-value advice, design, knowledge and innovations to get more out of the existing assets and to plan and design new assets with greater integrity and construct them more productively, efficiently and effectively. This book provides practical frameworks for emerging operational managers and future project leaders to prepare them to successfully manage these firms and deliver such projects in the face of new and often disruptive technologies and shifting corporate landscapes. The book is essential reading for aspiring leaders operating in all infrastructure market sectors including energy, water, sewerage, road, rail, ports, airports, education, health, justice, retail, entertainment, property and development sectors.

Internal and external forces such as globalization, global interconnectivity, automation, and other technological advancements are making today's supply chains highly sophisticated and complex. For organizations that produce, manufacture or distribute products, there's often a high level of interdependence and connectivity with their suppliers and their customers and business partners. Although the interconnectedness of these organizations can be beneficial (increased revenues, expanded market opportunities, and cost reduction), the ability of organizations to meet their goals is often increasingly dependent on events, processes, and controls that are not visible and are often beyond their control – such as a supplier's controls. That's why the demand for transparency in supply chains is now higher than ever before, and why this is the perfect time for you to help organizations assess their supply chain risks, evaluate the system controls within their manufacturing, production, or distribution systems, and communicate their supply chain management efforts to those with whom they do business. Accountants and financial managers can also increase the credibility of the supply chain information communicated by the organization by providing an opinion on the organization's supply chain efforts. This guide enables the accountant and financial manager to examine and report on the description of a system for manufacturing, producing and distributing goods as well as on the controls within that system using a dynamic, proactive, and agile approach. It will show how to conduct this examination in accordance with the attestation standards. The guide may also be helpful when providing readiness assessments to clients, who are not quite ready for an examination level service and need help to get there. The guide also includes excerpts from the two distinct, but complementary sets of criteria developed by the AICPA to assist practitioners with SOC for Supply Chain engagements: the description criteria and the 2017 trust services criteria.

Updated as of January 1, 2018, this guide includes relevant guidance contained in applicable standards and other technical sources. It explains the relationship between a service organization and its user entities, provides examples of service organizations, describes the description criteria to be used to prepare the description of the service organization’s system, identifies the trust services criteria as the criteria to be used to evaluate the design and operating effectiveness of controls, explains the difference between a type 1 and type 2 SOC 2 report, and provides illustrative reports for CPAs engaged to examine and report on system and organization controls at a service organization. It also describes the matters to be considered and procedures to be performed by the service auditor in planning, performing, and reporting on SOC 2 and SOC 3 engagements. New to this edition are: Updated for SSAE No. 18 (clarified attestation standards), this guide has been fully conformed to reflect lessons learned in practice Contains insight from expert authors on the SOC 2 working group composed of CPAs who perform SOC 2 and SOC 3 engagements Includes illustrative report paragraphs describing the matter that gave rise to the report modification for a large variety of situations Includes a new appendix for performing and reporting on a SOC 2 examination in accordance with International Standards on Assurance Engagements (ISAEs) or in accordance with both the AICPA’s attestation standards and the ISAEs

The first practical guide to infrastructure security using Intelligent Transportation Systems (ITS) Intelligent Transportation Systems, or ITS, integrates different computing, control, and communication technologies to help monitor and manage traffic management that helps reduce congestion while saving lives, time, and money. While mobility and safety are the primary objectives of any good transportation system, security has also become an equally important consideration in their design and operation. This book provides a comprehensive treatment of techniques to leverage ITS in support of security and safety for surface transportation infrastructure. Through the book's multidisciplinary approach, readers gain a comprehensive introduction to the diverse aspects of transportation infrastructure security as well as how ITS can reduce risks and be protected from threats with such topics as computer systems, risk analysis, and multi-modal transportation systems. This book, which will serve as a textbook and guide, provides: Current ITS approaches to security issues such as freight security, disaster and evacuation response, HAZMAT incidents, rail security, and ITS Wide Area Alerts Guidance on the development of a regional transportation security plan Securing ITS itself and privacy issues involved in any collection and use of personally identifiable tracking data Exercises, question-and-answer sections, and other helpful review tools for the reader Filling a gap in the practical application of security, Transportation Infrastructure Security Utilizing Intelligent Transportation Systems offers both students and transportation professionals valuable insights into the new security challenges encountered and how to manage these challenges with the use of computerized transportation systems.

This study expands upon the scope of a previous contract study for the Virginia Transportation Research Council (VTRC) concluded in March 2002. The objective is to develop methodologies for risk analysis of critical highway infrastructure at two levels: (1) system level and (2) asset level. The system-level analysis conducts risk assessment from a statewide perspective. The goal is to evaluate and prioritize infrastructure from a considerable inventory of assets. The definition of critical infrastructure offered by Presidential Decision Directive (PDD) 63 is used to determine the set of attributes that help differentiate critical from non-critical infrastructure. These attributes correspond to national, regional, and local impact of a structure's damage or complete loss. In addition, the levels of impact are utilized in prioritization: infrastructure that has potential national and regional impact is considered more important than infrastructure with local impact. Further prioritization is conducted based on the asset's need for risk management actions. The asset's current state or condition, in terms of resilience, robustness, redundancy, and security against willful threat is used to evaluate the need for management actions. A set of criteria and corresponding metrics is identified, and supporting data are gathered using information from the FHWA National Bridge Inventory and other sources. Once the most critical infrastructure is prioritized, an in-depth risk assessment of particular assets is performed to determine specific risks and vulnerabilities. Eight case studies on selected VDOT sites are conducted. The details of these case studies are not presented in this report. Instead, general findings are presented that can serve as a guideline for policy implementation to other similar assets. Since a small number of case studies are performed by the project team, another important goal of this study is for effective knowledge transfer of the methodology to VDOT in order to facilitate risk assessment of other critical infrastructure. For this purpose, a prototype computer tool is developed, which is designed to guide facility managers in risk assessment and management. The case studies and documentation of the computer tool are provided in supplemental documents available by request from the authors.