February 2011
| 
|
Thanks to our Gold-Level Corporate Patron
|
|
Need Your Own Copy of The Risk Communicator?
|
|
Write for Us
|
| Have you seen a story you would
like to see included in The Risk Communicator? Do you have a research project you want to share with your colleagues? If so, please contact
the newsletter staff at newsletter@sarma.org. |
Legal Matters
| Copyright 2011
SARMA
All Rights Reserved
Privacy Policy
The views expressed in The Risk Communicator reflect the views of their authors, and do not neccesarily reflect the views of SARMA, the US Government or the employers or clients of the contributors.
|
|
|
News
| | |
SARMA Methodologies Featured in
New Applied Concept Mapping Book
In 2007, SARMA highlighted the need for common terminology and lexicon as a key foundational requirement for the wider security analysis and risk management community, establishing it as a core goal in SARMA's first mission statement. A new book, Applied Concept Mapping: Capturing, Analyzing, and Organizing Knowledge by CRC Press, has highlighted the methodologies utilized by SARMA in addressing this requirement in the security risk management community.
SARMA's Common Lexicon Initiative collected key terms and definitions from across the federal government and published risk doctrine and brought them together in encyclopedic fashion in the SARMApedia.This common collection alone, however, was not enough for the advancement of the career field.SARMA went further, using Novakian concept mapping methodology to evolve the core concepts from each definition -- bringing them together in a way that presented them free of institutional bias -- and then presented them to panels of industry experts to elicit and elucidate the core concepts and features of these terms.
By using this methodology, SARMA was able to take the initial steps
towards common language and understanding across a wide spread of community historical work. This foundational work was referenced and utilized by the Department of Homeland Security in producing its first DHS Risk Lexicon, building upon the initial SARMA consensus efforts to expand in an authoritative and valuable reference for the homeland security enterprise.
Chapter seven of the book, co-authored by SARMA Board Member Andrew G. Harter and book editor Brian M. Moon, describes this process in full detail for future practitioners of concept mapping methodology to learn from the best practices and lessons garnered from SARMA's efforts.
The text is organized into three sections:
- Practitioners' Views supplies narratives, guidance, and reviews of applications from career concept mappers.
- Recent Case Studies and Results presents in-depth examinations of specific applications and their results.
- Pushing the Boundaries explores what's possible and where the boundary conditions lie.
The book is available through the SARMA Store and Amazon.com here.
|
Research & Analysis
| | |
Security at What Cost? Quantifying Trade-offs Across Liberty, Privacy & Security
A RAND Europe Issue Brief
Fundamental rights to liberty and privacy are established in legislation such as the European Convention on Human Rights 1953 and the UK's Human Rights Act 2000. They include the right to a private life and freedom of assembly and certain rights regarding use of an individual's personal data by others. But as governments confront new security threats, policymakers are again forced to consider how far such individual rights can be reconciled with the security needs of society as a whole.
In the UK, the security versus civil liberties debate is often polarised between those who argue for more stringent measures to protect the public and those who believe that eroding civil liberties will harm society. To balance these concerns and make appropriate decisions, policymakers must consider the possible social and economic consequences of different security options, as well as their effectiveness. It is critical that they learn whether individuals are willing to surrender some liberty or privacy in return for security benefits.
While there has been extensive research in this area, including surveys for the European Commission and the UK Home Office, simple polling techniques have three major flaws: (i) unidimensional yes/no questions lead people to polarised preferences toward absolutes, instead of grading choices involving privacy, liberty and security trade-offs, (ii) researchers cannot quantify the extent to which people may be willing to give up some liberties in return for greater security, and (iii) the research cannot be easily integrated into cost-benefit assessments since it does not provide usable economic data.
RAND Europe undertook a self-funded initiative to try to understand and quantify the trade-offs that people might make when confronted with realistic choices about liberty, privacy and security. We used stated-preference techniques that present participants with alternative options, each with advantages and disadvantages that they must explicitly trade off when selecting between options. Participants could also state where they would prefer the status quo. We examined three scenarios where trade-offs might arise: applying for a passport, travelling on the national rail network, and attending a major public event.
UK citizens are asked to submit substantial personal data with their passport applications, ostensibly to help counter terrorism and illegal immigration. We found that while individuals were willing to share private data for these purposes, they were reluctant to provide advanced forms of biometric information. People were willing to allow DNA collection only if there was a subsidy of £19 on the cost of a passport. However, participants were willing to pay an additional £7 for the perceived security benefits of providing fingerprint data as well as a photograph.
There was also universal discomfort about the passport service sharing personal data with third parties. Large incentives would be required for people to be comfortable having their data shared with other government departments, such that a subsidy of £16 would be required, or with other European nations (£23 subsidy). Participants were least willing to share information with the private sector and would do so only if the price of a passport was discounted by £30.
People are more enthusiastic about sacrificing some privacy or liberty to gain additional security in public places. This may be due to familiarity: in contrast to the somewhat abstract issues involved in submitting and sharing passport data, security mechanisms such as closed-circuit television (CCTV), X-rays and body searches are easy to envisage. In the public event case study, people were willing to pay more for identity checks, including intrusive biometric checks such as fingerprint or iris scans. In the rail travel scenario, the perceived security benefits of CCTV cameras that automatically identify faces outweighed privacy concerns. People were prepared to pay more for these than for regular CCTV.
Our findings on security checks were surprisingly counterintuitive. People are more comfortable passing through an X-ray arch or scanner than submitting to a pat down or bag search. While the physical nature of searches may be perceived as more invasive of privacy, the data recorded in a metal detector or X-ray scanner has the potential for broader adverse impact, since it can be recorded, stored and shared more systematically. Less surprisingly, participants were relaxed about deploying specialised security personnel, with people willing to pay for transport police, armed police and uniformed military. However, the military were least valued, suggesting some wariness about deploying them in civilian settings or doubts about their effectiveness.
The practical challenge for those shaping security policy is whether and how to accommodate the views of citizens in policy decisions. Economic appraisal of the value of civil liberties is controversial, but our research shows that it is possible to obtain and monetize the preferences of citizens and bring objectivity to a highly charged and emotional debate. Our findings highlight areas where policy and preferences differ, to help policymakers assess the broader social, economic and behavioral costs of new measures and evaluate whether the potential costs of ignoring preferences outweigh the benefits. It may also be possible to identify where measures can be adjusted to better reflect preferences without undermining the effectiveness of security efforts.
This 2010 report is reprinted with permission of the RAND Corporation.
|
Key Reports
| | |
NIST: Glossary of Key Information Security Terms (Revision 1)
An updated version of the National Institute of Standards and Technology glossary "provides a central resource of terms and definitions most commonly used iinformation security publications and in CNSS information assurance publications," including nearly all the terms from the Committee for National Security Systems Instruction 4009 (CNSSI-4009).
Get the report
CALL: Disaster Response Staff Officer's Handbook
An extensive handbook for managing disasters from the Center for Army Lessons Learned instructs staff officers "through the reception, staging, onward movement, and integration of your unit into a larger command structure link into an incident command system with marginal communications in an austere environment."
Get the report
UK: Strategic National Guidance (Decontamination)
A new report from the British government about the release of chemical, biological, radiological or nuclear materials "covers key
elements in the decontamination process following an incident - from developing the initial recovery strategy through to managing waste and returning things to normal. The principal roles and responsibilities of key organizations have been identified and listed, and planning and precautionary measures have been highlighted to promote better
preparedness."
Get the report
|
Jobs
|
| ABS Consulting: Senior Cyber Security Consultant
ABS Consulting is seeking seeking qualified individuals to provide chemical security analyses of vulnerability assessments and security plans for chemical facilities regulated by the Department of Homeland Security.
View the notice
ABS Consulting: Senior Chemical Security Consultant
ABS Consulting is seeking qualified individuals to provide chemical security analyses of vulnerability assessments and security plans for chemical facilities regulated by the Department of Homeland Security.
View the notice
ABS Consulting: Chemical Facility Security Consultant
ABS Consulting is seeking talented individuals to provide physical security, chemical security, and/or cyber security analyses of vulnerability assessments and security plans for chemical facilities regulated by the Department of Homeland Security.
View the notice
ABS Consulting: Senior Physical Security Consultant
ABS Consulting is seeking qualified individuals to provide physical security analyses of vulnerability assessments and security plans for chemical facilities regulated by the Department of Homeland Security.
View the notice
NMR Consulting: Senior Risk Officer
NMR Consulting is seeking candidates for a position responsible for developing and managing a risk management program in support of a large government contract involving infrastructure upgrades and enhancements at Ft. Meade, Maryland.
View the notice
NMR Consulting: Senior Risk Officer
NMR Consulting is seeking candidates for a position responsible for moving a project from Northern Virginia to the Ft. Meade, Maryland area. The successful applicant may also support efforts on other contracts.
View the notice
SRA: Security Risk Analyst Position
SRA International Inc. is seeking candidates for a security risk analyst position. The successful candidate will use their experience to plan, organize and carry out analytical studies of complex security risk management problems, as well as plan and implement potential technical or programmatic solutions to those problems.
View the notice
Corporate Security Analyst Position in Switzerland
SMR Group, an international executive search firm whose global practice is focused exclusively on professional- and executive-level corporate security positions, is seeking candidates for the position of Corporate Security Analyst, located in Switzerland. The Corporate Security Analyst will be responsible for protecting business operations and associates throughout the organization from external threats by the collection, analysis and dissemination of strategic and tactical threat assessments, and production of both analytical and intelligence products designed to support investigations and protective security operations.
View the notice
Risk Analyst Position With Centra Technology
Arlington, VA-based CENTRA Technology, Inc. is seeking talented professionals to provide technical and national security analysis for the U.S. Government, especially in the area of homeland security risk analysis. Successful candidates will perform security risk analysis; threat, vulnerability, and consequence analysis supporting risk analysis; and security risk management. They also will develop, assess, document, institutionalize, and apply risk management processes and methodologies to inform policy and programmatic decisions.
View the notice
|
|
|
|
|
