\"A Risk Assessment Methodology for Physical Security\"

Violence, vandalism, and terrorism are prevalent in the world today. Managers and decisionmakers must have a reliable way of estimating risk to help them decide how much security is needed at their facility. A risk assessment methodology has been refined by Sandia National Laboratories to assess risk at various types of non-nuclear facilities, including US Mints, federal dams, and electrical power transmission systems. The methodology is based on the traditional risk equation: Risk = PA * (1 - PE) * C, PA = potential for attack, PE = security system effectiveness, 1 - PE = adversary success, and C = consequence of loss to the attack. The process begins with screening a facility to determine if a full assessment is needed. Characterization of the facility will include identification of the undesired events and the respective critical assets. Guidance is included for defining physical threat and for using the definition of the threat to estimate the potential for attack at a specific facility. Relative values of consequence are estimated. Methods are also included for estimating the effectiveness of the security system against the adversary attack. Finally, risk is calculated. In the event that the value of risk is deemed to be unacceptable (too high), the methodology addresses a process for identifying and evaluating security system upgrades in order to reduce risk.