Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies (2020) / Chapter Skim
Currently Skimming:
Pages 41-53
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 41... ...
41 Plans and Strategies Once the transportation agency has conducted its risk assessment, the next step is to develop a security plan. This chapter highlights planning objectives and examines the core components of a comprehensive plan, including developing enterprise-wide approaches to cybersecurity enhancement and governance strategies.
|
From page 42... ...
42 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies • Support response to events that impact local communities, integrating equipment and capabilities seamlessly into the total effort; and • Recover from major events, taking full advantage of available resources and programs. The SSEPP describes security planning as "more of a process than a product." This approach coincides with a vision of a security plan as a dynamic document, continually under review and subject to change.
|
From page 43... ...
Plans and Strategies 43 • Selecting countermeasures and strategies, and • Maintaining the plan. Establishing Priorities As shown in Figure 2-1, plan development starts with identifying the purpose of the document.
|
From page 44... ...
44 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies Organizing Roles and Responsibilities In this phase of planning, key personnel and their security roles and responsibilities are determined. Incident-based priority security tasks should be listed and assigned to a specific individual known as the primary or principal.
|
From page 45... ...
Plans and Strategies 45 – Establish a review of policies, documents, plans, and vehicles. – Evaluate response and oversee recovery and restoration of personnel, service, vehicles, and facilities.
|
From page 46... ...
46 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies incidents safely and quickly. A Guide to Emergency Management at State Transportation Agencies, Second Edition, provides guidance on practices in emergency response planning within the all-hazards context of the National Incident Management System (NIMS)
|
From page 47... ...
Plans and Strategies 47 The FHWA believes that "understanding risk and how to manage it is emerging as another core competency expected of transportation agencies." The FHWA supports a broad approach to risk management that includes managing threats and capitalizing on opportunities. The FHWA, in Risk-Based Transportation Asset Management, Report 1, summarized the benefits of a risk-based asset management program (FHWA 2012)
|
From page 48... ...
48 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies The NIST Cybersecurity Framework was developed to complement an organization's established risk management process and cybersecurity program. An organization can use its current processes and leverage the framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices.
|
From page 49... ...
Plans and Strategies 49 The Idaho Transportation Department (ITD) uses a chart to display quarterly results (Figure 2-4)
|
From page 50... ...
50 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies security events to total events through the analysis of data related to the known frequency of occurrence of a particular type of security incident. Once the probability aspects of a security incident have been defined, cost analysis is undertaken to rate the actual amount of loss against the costs of prospective security countermeasures available to reduce the risk associated with an occurrence.
|
From page 51... ...
Plans and Strategies 51 loss of capabilities of a security countermeasure. Layered security (also referred to as overlapping security)
|
From page 52... ...
52 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies that the synergies can be two-directional. Security-related technologies and procedures can be integrated with existing or newly created systems to produce non-security benefits, and non-security systems or subsystems can be applied more broadly to reduce security risks and vulnerabilities.
|
From page 53... ...
Plans and Strategies 53 performing its core mission, goals, and objectives. Although not always the case, certain security measures such as increased lighting, improved communications, passenger flow gating, or simply directional signs can serve the dual purpose of adding to the effectiveness of service delivery.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.