Bill Cumming shared the following:
The Emergency Management and Responseâ"Information Sharing and Analysis Center (EMR-ISAC) Critical Infrastructure Protection (CIP) Process Job Aid provides a model process for the systematic protection of critical infrastructures. The CIP process consists of five steps: identifying critical infrastructures, determining the threat, analyzing the vulnerabilities, assessing risk, and applying protective or resiliency measures. Those interested in examining this process can see or download the Job Aid at http://www.usfa.dhs.gov/downloads/pdf/publications/fa-313.pdf .
Regarding the fourth step of the process (i.e., assessing risk), a new Web-based tool from the National Institute of Standards and Technology (NIST) offers a central source of data and tools for Emergency Services Sector (ESS) personnel involved in risk assessment and mitigation planning.
NIST's publication and corresponding Web-based tool are organized around the topics of risk assessment, risk management, and economic evaluation. The risk assessment portion includes hazard data for all natural and man-made threats. Risk management resources include software for estimating costs and losses (mitigation costs and event-related losses), risk management guidance documents for the building and community levels, and risk management software, all intended to help owners, managers, and designers develop a cost-effective risk mitigation plan. For planners faced with evaluating how to efficiently allocate scarce financial resources, the compendium presents evaluation methods, industry standards, and software for implementing industry standards, economic modeling resources, and analysis strategies for treating uncertainty.
The first of five appendices is an overview of the three-step protocol for developing a cost-effective risk mitigation plan. To register and download the free Web-based tool, go to