lllsaboteurs, or vandals. (See the Security Manualand OPNAVINST 5530.14 for evaluationguidelines.) Special equipment can be installedto improve the quality and reliability of electricpower. Special door locks, military guards, andintrusion detectors can be used to control accessto critical areas.Improve procedures to close gaps in controls.These might include better controls overoperations or more rigorous standards forprogramming and software testing.Early detection of harmful situations permitsmore rapid response to minimize damage.Fire and intrusion detectors are both typicalexamples.Contingency plans permit satisfactoryaccomplishment of command missionsfollowing a damaging event. Contingencyplans include immediate response toemergencies to protect life and property and tolimit damage, maintenance of plans andmaterials needed for backup operation offsite,and maintenance of plans for prompt recoveryfollowing major damage to or destruction of theAIS facility. The command’s Disaster ControlPlan should coincide with the AIS facility’scontingency plans.Table 4-3 shows examples of remedial measures fora few threats. When selecting specific remedialmeasures, use the following two criteria:1.2.The annual cost is to be less than the reductionin expected annual loss that could be caused bythreats.The mix of remedial measures selected is to bethe one having the lowest total cost.The first criterion simply says there must be a costjustification for the security program-that it returnsmore in savings to the AIS facility than it costs. Thismay seem obvious but it is not uncommon for an AISmanager to call for a security measure, to comply withhigher authority security instructions and directives,without first analyzing the risks.The second criterion reflects the fact that a givenremedial measure may often be effective against morethan one threat. See table 4-3.Since a given remedial measure may affect moreTable 4-3.—Example of Remedial Measures by Threat Typethan one threat, the lowest cost mix of measuresprobably will not be immediately obvious. Onepossible way to make the selection is to begin with thethreat having the largest annual loss potential. Considerpossible remedial measures and list those for which theannual cost is less than the expected reduction in annualloss. Precision in estimating cost and loss reduction isnot necessary at this point. If two or more remedialmeasures would cause a loss reduction in the same area,list them all, but note the redundancy. Repeat theprocess for the next most serious threat and continueuntil reaching the point where no cost justifiablemeasure for a threat can be found. If the cost of aremedial measure is increased when it is extended tocover an additional threat, the incremental cost should4-17
Integrated Publishing, Inc. - A (SDVOSB) Service Disabled Veteran Owned Small Business
