Risk & Vulnerability Assessment Training

Transcription

1 Critical Infrastructure Protection Homeland security assistance should be based strictly on an assessment of risks and vulnerabilities......it [Homeland Security] should supplement state and local resources based on the risks and vulnerabilities that merit additional support. -9/11 Commission Report Risk & Vulnerability Assessment Training Applicable to all National Critical Infrastructures: FOOD WATER ENERGY KEY ASSETS AGRICULTURE GOVERNMENT PUBLIC HEALTH TRANSPORTATION DEFENSE INDUSTRY CHEMICAL INDUSTRY POSTAL AND SHIPPING BANKING AND FINANCE EMERGENCY SERVICES INFORMATION AND TELECOMMUNICATIONS

2 The nation s Critical Infrastructures face a myriad of physical and technical threats. These threats, whether natural, man-made, accidental or intentional, each carry a certain level of risk that could compromise national security, public safety, and the economy. Critical Infrastructure owners/operators and U.S. Government officials at all levels have a responsibility to take action to mitigate these risks. IIT s Subject Matter Experts have conducted RVAs of : Freight and Passenger Rail Systems Water Utilities Ports HAZMAT Transportation Chemical Plants IT Infrastructures Emergency Operations Centers and Homeland Security Installations U.S. Government and Military Installations IIT is committed to Critical Infrastructure Protection. IIT has established, and operates 24/7, Information Sharing and Analysis Centers (ISACs) for three Critical Infrastructure Sectors and the Operations Center (security and intelligence) for the North American Freight Railroad Industry. The first step in securing Critical Infrastructures is the performance of a full spectrum Risk and Vulnerability Assessment (RVA). An RVA is an assessment of an organization s critical assets and the impact of their degradation, their vulnerability to exploitation, and the nature and likelihood of specific threats. The successful execution of an RVA requires highly skilled, knowledgeable, and trained personnel. IIT, a leader in the Risk Management and Information Security field, has developed a comprehensive and cost effective Risk & Vulnerability Assessment Training Program to meet these needs. CONTACT: Gary Williams (gwilliams@ewa.com) or Keith Kennedy (kkennedy@ewa.com)

3 IIT s Risk & Vulnerability Assessment Training Provides: Long-term Security Solution Immediate Realization of Increased Protection Turn-Key Operation Complete With Procedures, Policies, and Assessment Formats Proven, Documented, and Repeatable Risk and Vulnerability Assessment Process Comprehensive Physical and Technical Risk and Vulnerability Assessment Approach Hands On Training - Students Learn By Doing Trained Risk and Vulnerability Assessment Team Consisting of Your Own Personnel Assessments of Two Critical Infrastructures Authoritative Response to Proposed / Actual Government Regulations and Inspections GSA Approved Rates and Schedule; DHS and Emergency Management Performance Grants Applicable The IIT Training Team consists of experienced Subject Matter Experts. IIT s RVA process relies upon the U.S. Government, Intelligence Community, Military, and International Security Best Practices. These practices encompass both physical and technical Risk Management and Vulnerability Assessment methodologies and techniques.

4 RVA Training Curriculum The Risk and Vulnerability Assessment Program Consists of Two Phases. Phase I Self-Paced Instruction CD based interactive training that introduces the methodologies, techniques, and tools to conduct an RVA. Phase II Resident Instruction Three-day classroom instruction focusing on the analytical tools through a series of practical exercises and case studies. Seven-day practical application of skills by conducting an RVA of an actual Critical Infrastructure. Phase I: Self-Paced Instruction A 40-hour Interactive CD provides the foundation of the methodologies, tools, and pertinent guidelines to conducting a Risk and Vulnerability Assessment. Phase I is a mandatory prerequisite to the second phase of resident training. Subjects include: Assessment Methodologies and Planning Vulnerability Assessment Legal Landscape Critical Infrastructure Interdependencies and Contingency Planning Analytical Risk Management Asset Assessment Threat Assessment Vulnerability Assessment Information Systems Architecture and Information Assurance CONTACT: Gary Williams (gwilliams@ewa.com) or Keith Kennedy (kkennedy@ewa.com)

5 Phase II: Resident Instruction A. Classroom Practical Exercises Days one through three present a series of practical exercises that address the fundamental skills and tools necessary to conduct an RVA. Critical Infrastructures and their Interdependencies Contingency Planning Analytical Tools and Techniques Blast Mitigation Primer Introduction to Crime Prevention through Environmental Design (CPTED) Principles Sample Adversary Logic Diagram B. Vulnerability Assessment Exercise During days four through ten, student teams conduct an actual Risk and Vulnerability Assessment of a critical infrastructure. IIT Subject Matter Experts guide the students through all phases of the assessment: Assessment Planning and Coordination Data Collection and Aggregation Analysis Mitigation Strategies Reporting

6 Gary Williams Program Manager, Critical Infrastructure Protection Gary Williams is a Physical and Operational Security RVA Subject Matter Expert. Over the past decade, he has established an authoritative, comprehensive set of Private Infrastructure, U.S. Government, Military, and International Security Best Practices and methodologies. Mr. Williams has been instrumental in the execution of RVA s for the North American Class 1 Freight Railroads, the Passenger Railroads, Public Transportation, and the Chemical Industry. As a Program Manager for Critical Infrastructures, he has continued to refine RVA methodologies and develop numerous distance learning and resident CIP training programs. Retired from 22 years of service with U.S. Army Special Operations Forces, Mr. Williams has continued to protect the Critical Infrastructure of the United States through his work conducting Risk and Vulnerability Assessments. Currently possesses a U.S. Government Top Secret/SCI clearance. Keith Kennedy - Senior Analyst Mr. Kennedy is an expert in intelligence analysis and critical infrastructure protection. His recent efforts include Counter-Terror Information Analysis for Water Utilities, the Class 1 Freight and Passenger Railroads, and Public Transportation Organizations. Mr. Kennedy is a former U.S. Amry Intelligence Analyst with experience in information analysis, link analysis, and vulnerability assessments. Mr. Kennedy performed vulnerability assessments worldwide for the United States Army. Mr. Kennedy has been instrumental in developing analytical methods and information sharing initiatives that greatly enhance the security of our critical infrastructure. He co-authored the comprehensive Risk and Vulnerability Assessment Curriculum. Currently possesses a U.S. Government Top Secret/SCI clearance. Craig Thompson Senior Technical Security Engineer Mr. Thompson is responsible for technical & cyber vulnerability assessments. His recent efforts include vulnerability assessments for the Defense Department, Federal Agencies, Water Utilities, the Class 1 Freight Railroads, and Passenger Railroads. Mr. Thompson is a former U.S. Army Counterintelligence (CI) Special Agent, whose assignments ranged from leading and conducting specialized media and network forensics investigations to training CI personnel to perform this mission. Mr. Thompson is a current member of the National Guard, leading and conducting advanced security, Computer Defense Assistance Program (CDAP), and vulnerability assessments (VA), as well as training National Guard soldiers to perform the VA mission. Currently possesses a U.S. Government Top Secret/SCI clearance. To coordinate your RVAT course and for more information contact: Gary Williams (703) gwilliams@ewa.com IIT TRAINING TEAM RVA Subject Matter Experts

7 IIT CORPORATE PROFILE EWA Information and Infrastructure Technologies, Inc. (IIT) provides the private and public sectors with vendor-neutral risk management and information security solutions that are advanced, comprehensive, and complete. A wholly owned subsidiary of Electronic Warfare Associates, IIT, was established in 1997 to provide Information Operations and Information Assurance support to both Government and Commercial customers. Early and continued success has allowed for steady growth and diversification. Today, IIT s core business areas include Critical Infrastructure Protection, Homeland Security, Information Operations, Information Technology, Intelligence, Systems Security Engineering, and Training and Certification. With annual revenues of over $30 million, IIT is a recognized leader in the security field. Dedicated to providing its clients with the highest level of service and support, IIT recruits and retains only top quality personnel. IIT professionals have extensive problem solving and intelligence experience. In addition, over 90% have U.S. Government Top Secret security clearances. Headquartered in Herndon, VA, with employees working in corporate offices around the globe, IIT is well equipped to provide a variety of services to protect information, assets, and people. Through its collaboration with standards boards such as the International Organization for Standardization (ISO), and its active participation in national and international professional organizations, IIT is directly involved in major developments within the security community. For further information please visit:

8 EWA Information & Infrastructure Technologies, Inc Park Center Road, Suite 200 Herndon, VA