3.2 Treating security improvement as a process

 < Day Day Up > 

The most important principle of security is that it is a process that requires continuous risk assessments, the evaluation of existing mitigation, and the discovery and eradication of newly found vulnerabilities. In other words, what may be secure one day may not be secure a day, a week, or a month later because of new vulnerabilities or improved terrorist abilities.

To initiate and maintain the process of continuous security improvement, the federal government intends to encourage market solutions wherever possible and to compensate for market failure with focused government intervention. In addition, the government will serve as a facilitator of meaningful information sharing and work to foster international cooperation. The federal government has the capacity to organize, convene, and coordinate broadly across governmental levels to:

  • Take inventory of the most critical facilities, systems, and functions and monitor their preparedness across economic sectors and governmental jurisdictions.

  • Assure that federal, state, local, and private entities work together to protect critical facilities, systems, and functions that face an imminent threat or whose loss could have significant national consequences.

  • Provide and coordinate national-level threat information, assessments, and warnings that are timely, actionable, and relevant to state, local, and private-sector partners.

  • Create and implement comprehensive, multitiered protection policies and programs.

  • Explore potential options for enablers and incentives to encourage stakeholders to devise solutions to their unique protection impediments.

  • Develop cross-sector and cross-jurisdictional protection standards, guidelines, criteria, and protocols.

  • Facilitate the sharing of critical-infrastructure and key asset-protection best practices and processes and vulnerability-assessment methodologies.

  • Conduct demonstration projects and pilot programs.

  • Seed the development and transfer of advanced technologies, while taking advantage of private-sector expertise and competencies.

  • Promote national-level critical-infrastructure and key asset-protection education and awareness.

  • Improve the federal government's ability to work with state and local responders and service providers.

The high-priority cross-sector security initiatives are designed to address planning and resource allocation; information sharing and indications and warnings; personnel surety; building human capital and awareness; technology and research and development; and modeling, simulation, and analysis. The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets clearly states that in the planning and resource allocation process it is incumbent on federal, state, and local governments and private-sector stakeholders to work together to:

  • Define clearly their critical-infrastructure and key asset-protection objectives.

  • Develop a business case for action to justify increased security investments.

  • Establish security baselines, standards, and guidelines.

  • Identify potential incentives for security-related activities where they do not naturally exist in the marketplace.

DHS has been charged with creating collaborative mechanisms for public- and private-sector critical-infrastructure and key asset-protection planning. One of the first steps in this process is to identify key protection priorities and develop mechanisms to support these priorities. This will be accomplished in part by a supposed sharing of risk-management expertise between the public and private sectors and the coordination and consolidation of federal and state protection plans. Other activities that DHS will supposedly accomplish to facilitate the process of improving homeland security include the following:

  • Identifying options for incentives for private organizations that proactively implement enhanced security measures

  • Developing an integrated critical-infrastructure and key asset-geospatial database

  • Establishing a task force to review legal impediments to reconstitution and recovery following an attack against a critical infrastructure or key asset

  • Conducting critical-infrastructure protection planning with international partners

  • Identifying requirements and developing appropriate programs to protect critical personnel

  • Coordinating the development of national standards for personnel surety

  • Developing a certification program for background-screening companies

  • Exploring the establishment of a model security training program for private security officers

 < Day Day Up > 

Implementing Homeland Security for Enterprise IT
Implementing Homeland Security for Enterprise IT
ISBN: 1555583121
EAN: 2147483647
Year: 2003
Pages: 248

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net