Year
2017
Abstract
Security managers understand that making decisions about increasing security should be informed by the existing risk and potential risk reduction of implementing additional capabilities. Estimating risk is challenging, however, because threat is difficult to characterize and it is often politically difficult to discuss potential consequences. Many security managers default to estimating vulnerability or using a design basis threat as a proxy for threat. In many assessments, potential security events are limited to armed attack against a facility even though that form of attack may be the least likely approach for an adversary to take. To be useful for supporting security decisions, it is vital that risk assessments account for the variety of approaches an adversary can take to sabotage a facility or acquire nuclear or other radioactive material. Designing a scenario set for a risk assessment (or a vulnerability assessment) must be done in such as fashion as to include all principal risks to the facility. A good set of scenarios should follow these design principals: well-defined, representative, complete, comparable and consistent, compact, useful, calculable, and designed for aggregation. This paper will describe these design principals and demonstrate a method for constructing scenarios that ensures they meet these criteria.