Final Project Milestone Two: Draft of Vulnerability Identification and Vulnerability Assessment Sections
Textbook: Understanding, Assessing, and Responding to Terrorism, Chapter 8 (Section 8.5)
Consider the following questions as you read:
- What factors should you consider when examining vulnerability?
- Threat actor accessibility is a key factor in vulnerability assessment. Think about access considerations you should consider.
- As we examine vulnerability and attempt to mitigate risk, what three approaches are usually taken?
- The purpose of identifying vulnerability is to implement what types of administrative and physical measures?
This optional resource may be helpful as you complete your work for this module.
Overview
Thomas L. Norman, one of the world’s leading security design consultants, provided the following definition of vulnerability:
A vulnerability is any condition that could be exploited by a threat actor to carry out an intrusion or escape or to easily destroy property or process. Different threat actors have different goals and thus look for different kinds of vulnerabilities. An economic criminal is looking for different types of vulnerabilities than a violent criminal. A terrorist is looking for different kinds of vulnerabilities than a subversive (Norman, 2016, p. 155).
In this milestone assignment, you will develop a draft of the vulnerability identification and vulnerability assessment sections of your final project.
To complete this milestone assignment, use the Milestone Two Guide document, which provides directions for each prompt.
Prompt
Specifically, the following critical elements must be addressed:
- Vulnerability Identification: In this section, you will determine the areas of vulnerability of the key asset that may be exploited by terrorists.
- Develop a comprehensive profile of the key asset, utilizing the four main categories of people, property, proprietary information, and reputation.
- Explain why you believe this key asset deserves protection based on the profile of the location.
- Describe the common vulnerabilities of the critical infrastructure sector that the key asset is a part of, and support with evidence. Be sure to include physical, cyber, and personnel vulnerabilities.
- Using your analysis of the key asset and its critical infrastructure sector, determine the known and/or probable vulnerabilities of the key asset. Defend your response.
- Vulnerability Assessment: In this section, you will assess the overall vulnerability of your key asset.
- Explain how the motivations, capabilities, and tactics of the terrorist groups previously identified could impact their decision to target the key asset.
- Determine which of the asset’s known and/or probable vulnerabilities are the most likely to be exploited by terrorists. Explain your reasoning.
- Using what you determined above, rate the current vulnerability level of the key asset, and justify your reasoning. Use the scale from the vulnerability worksheet to assist in determining your rating.
Milestone Rubrics: Note that the grading rubric for this milestone submission is not identical to that of the final project, as this is a draft and not your final submission. The Final Project Rubric will include an additional “Exemplary” category that provides guidance as to how you can go above and beyond “Proficient” in your final submission.