This document summarizes lessons learned from implementing best practices for project security. It begins with a statistical analysis of over 1,400 capital facility projects to establish baseline measures of typical project outcomes. It then describes the security best practices and how their implementation was measured. The main part of the document involves case studies of selected projects that implemented the security practices. Key lessons learned from these case studies include techniques for evaluating project threats and consequences, modifications to the web-based tool for scoring security implementation, and benefits observed from implementing the practices. The case studies confirmed that the security practices provide a flexible framework for integrating security into projects, and teams were most successful when implementation steps were incorporated into existing processes.
This document discusses integrating security best practices into capital project delivery for critical infrastructure industries like chemical manufacturing and energy production. It establishes a steering team and practice development team of industry experts to identify existing best practices applicable to security, like pre-project planning, alignment, and constructability. The teams integrated security considerations into each practice, such as assessing threats during planning and ensuring design and construction consider security. They developed a Security Rating Index to measure security integration and its impact on cost, schedule and safety. The index provides a means to evaluate security over a project's lifecycle and compare integration among companies.
The document outlines 33 security best practices for industrial projects organized by project phase. The practices address physical, personnel, and information security elements and aim to integrate security considerations into key project planning and execution activities from front-end planning through startup. Implementing the practices is intended to increase security throughout the project life cycle and reduce the need for costly retrofits.
This document discusses the need for aerospace and defense companies to adopt a model-based enterprise (MBE) approach to address challenges with program execution. It outlines three key motivating factors driving this need: 1) increased program complexity is causing cost growth and schedule delays, 2) program development plans often miss targets for cost, schedule, and capabilities, and 3) more design and manufacturing operations are being outsourced to suppliers. The document argues that an MBE approach, which leverages connected descriptive and computational models throughout the program lifecycle, can help stakeholders better manage information and make real-time decisions to improve program execution and performance.
This document provides an agenda for the GAIN Superior Business and Technical Insight Through Strategic Collaboration conference taking place August 3-4, 2015 in Austin, Texas. The agenda includes keynote speeches, panel discussions, and breakout sessions on aerospace, automotive, and semiconductor topics. Attendees can network and learn about novel test strategies, reducing costs, and how new technologies impact various industries.
This is a special report by IEEE - Power System relaying Committee's Working Group I12 outlining industry practices of Quality Assurance for protection and control design drawing packages. Throughout the electric utility industry, the drive to maximize quality assurance practices has gained increased prominence. These practices mitigate common errors frequently encountered in engineering design packages, specific to
Protection and Control (P&C) design. This report will illustrate industry practices to be applied in a Quality Assurance
Program for protection and control design drawing packages; from conception to final “as-built.” It is the reader’s responsibility to incorporate these practices into their organization’s Quality Assurance Program.
Assignment You will conduct a systems analysis project by .docxfestockton
Assignment:
You will conduct a systems analysis project by performing 3 phases of SDLC (planning, analysis and
design) for a small (real or imaginary) organization. The actual project implementation is not
required. You need to apply what you have learned in the class and to participate in the team
project work.
Deliverables
This project should follow the main steps of the first three phases of the SDLC (phase 1, 2 and 3).
Details description and diagrams should be included in each phase.
1- Planning:
Should cover the following:
• Project Initiation: How will it lowers costs or increase revenues?
• Project management: the project manager creates a work plan, staffs the project, and puts
techniques in place to help the project team control and direct the project through the
entire SDLC.
2- Analysis
Should cover the following:
• Analysis strategy: This is developed to guide the projects team’s efforts. This includes an
analysis of the current system.
• Requirements gathering: The analysis of this information leads to the development of a
concept for a new system. This concept is used to build a set of analysis models.
• System proposal: The proposal is presented to the project sponsor and other key
individuals who decide whether the project should continue to move forward.
3- Design
Should cover the following:
• Design Strategy: This clarifies whether the system will be developed by the company or
outside the company.
• Architecture Design: This describes the hardware, software, and network infrastructure that
will be used.
• Database and File Specifications: These documents define what and where the data will be
stored.
• Program Design: Defines what programs need to be written and what they will do.
The Course Presentations can be downloaded from here:
https://seu2020.com/wp-content/uploads/2019/09/Slides-IT243-Seu2020.com_.zip
In addition to the above please include
Points to be covered:
• Project Plan
• Staff Plan
• Cost
• Who will develop it? Self or vendor
• Project Methodology: need to consider the below factors when choosing a methodology
Clarity of User Requirements, Familiarity with Technology, System Complexity, System
Reliability, Short Time Schedules and Schedule Visibility
• Project timeline and timeframe.
• Risk Management
• Gantt Chart
• Project Requirements: Functional and Non-Functional
• Activity-Based Costing
• Outcome Analysis
• Technology Analysis
https://seu2020.com/wp-content/uploads/2019/09/Slides-IT243-Seu2020.com_.zip
• Include use cases
• Include Processing Model
• Data flow diagrams
• Relationship among Levels of DFDs
• Using the ERD to Show Business Rules
Please consider the slides as a reference of what topics to be covered for this assignment which falls
under the (planning, analysis and design) only.
Special Publication 800-86
Guide to Integrating Forensic
Techniques into Inciden ...
IRJET- A Study on Factors Affecting Estimation of Construction Project : Conc...IRJET Journal
This document summarizes a study on factors affecting the estimation of construction project costs. It identifies 12 key factors that influence cost estimation accuracy based on a questionnaire survey of experts. These include economic instability, quality of project planning, experience of the estimating team, and accuracy of bidding documents. The study develops an artificial neural network model to predict cost variance based on these factors. Testing shows the model can predict cost variance with 80% accuracy. It recommends construction parties consider the 12 identified factors when preparing cost estimates and allow for contingency based on economic conditions and project location. Further research expanding the model to different project types and using more structured cost data is suggested.
This document discusses integrating security best practices into capital project delivery for critical infrastructure industries like chemical manufacturing and energy production. It establishes a steering team and practice development team of industry experts to identify existing best practices applicable to security, like pre-project planning, alignment, and constructability. The teams integrated security considerations into each practice, such as assessing threats during planning and ensuring design and construction consider security. They developed a Security Rating Index to measure security integration and its impact on cost, schedule and safety. The index provides a means to evaluate security over a project's lifecycle and compare integration among companies.
The document outlines 33 security best practices for industrial projects organized by project phase. The practices address physical, personnel, and information security elements and aim to integrate security considerations into key project planning and execution activities from front-end planning through startup. Implementing the practices is intended to increase security throughout the project life cycle and reduce the need for costly retrofits.
This document discusses the need for aerospace and defense companies to adopt a model-based enterprise (MBE) approach to address challenges with program execution. It outlines three key motivating factors driving this need: 1) increased program complexity is causing cost growth and schedule delays, 2) program development plans often miss targets for cost, schedule, and capabilities, and 3) more design and manufacturing operations are being outsourced to suppliers. The document argues that an MBE approach, which leverages connected descriptive and computational models throughout the program lifecycle, can help stakeholders better manage information and make real-time decisions to improve program execution and performance.
This document provides an agenda for the GAIN Superior Business and Technical Insight Through Strategic Collaboration conference taking place August 3-4, 2015 in Austin, Texas. The agenda includes keynote speeches, panel discussions, and breakout sessions on aerospace, automotive, and semiconductor topics. Attendees can network and learn about novel test strategies, reducing costs, and how new technologies impact various industries.
This is a special report by IEEE - Power System relaying Committee's Working Group I12 outlining industry practices of Quality Assurance for protection and control design drawing packages. Throughout the electric utility industry, the drive to maximize quality assurance practices has gained increased prominence. These practices mitigate common errors frequently encountered in engineering design packages, specific to
Protection and Control (P&C) design. This report will illustrate industry practices to be applied in a Quality Assurance
Program for protection and control design drawing packages; from conception to final “as-built.” It is the reader’s responsibility to incorporate these practices into their organization’s Quality Assurance Program.
Assignment You will conduct a systems analysis project by .docxfestockton
Assignment:
You will conduct a systems analysis project by performing 3 phases of SDLC (planning, analysis and
design) for a small (real or imaginary) organization. The actual project implementation is not
required. You need to apply what you have learned in the class and to participate in the team
project work.
Deliverables
This project should follow the main steps of the first three phases of the SDLC (phase 1, 2 and 3).
Details description and diagrams should be included in each phase.
1- Planning:
Should cover the following:
• Project Initiation: How will it lowers costs or increase revenues?
• Project management: the project manager creates a work plan, staffs the project, and puts
techniques in place to help the project team control and direct the project through the
entire SDLC.
2- Analysis
Should cover the following:
• Analysis strategy: This is developed to guide the projects team’s efforts. This includes an
analysis of the current system.
• Requirements gathering: The analysis of this information leads to the development of a
concept for a new system. This concept is used to build a set of analysis models.
• System proposal: The proposal is presented to the project sponsor and other key
individuals who decide whether the project should continue to move forward.
3- Design
Should cover the following:
• Design Strategy: This clarifies whether the system will be developed by the company or
outside the company.
• Architecture Design: This describes the hardware, software, and network infrastructure that
will be used.
• Database and File Specifications: These documents define what and where the data will be
stored.
• Program Design: Defines what programs need to be written and what they will do.
The Course Presentations can be downloaded from here:
https://seu2020.com/wp-content/uploads/2019/09/Slides-IT243-Seu2020.com_.zip
In addition to the above please include
Points to be covered:
• Project Plan
• Staff Plan
• Cost
• Who will develop it? Self or vendor
• Project Methodology: need to consider the below factors when choosing a methodology
Clarity of User Requirements, Familiarity with Technology, System Complexity, System
Reliability, Short Time Schedules and Schedule Visibility
• Project timeline and timeframe.
• Risk Management
• Gantt Chart
• Project Requirements: Functional and Non-Functional
• Activity-Based Costing
• Outcome Analysis
• Technology Analysis
https://seu2020.com/wp-content/uploads/2019/09/Slides-IT243-Seu2020.com_.zip
• Include use cases
• Include Processing Model
• Data flow diagrams
• Relationship among Levels of DFDs
• Using the ERD to Show Business Rules
Please consider the slides as a reference of what topics to be covered for this assignment which falls
under the (planning, analysis and design) only.
Special Publication 800-86
Guide to Integrating Forensic
Techniques into Inciden ...
IRJET- A Study on Factors Affecting Estimation of Construction Project : Conc...IRJET Journal
This document summarizes a study on factors affecting the estimation of construction project costs. It identifies 12 key factors that influence cost estimation accuracy based on a questionnaire survey of experts. These include economic instability, quality of project planning, experience of the estimating team, and accuracy of bidding documents. The study develops an artificial neural network model to predict cost variance based on these factors. Testing shows the model can predict cost variance with 80% accuracy. It recommends construction parties consider the 12 identified factors when preparing cost estimates and allow for contingency based on economic conditions and project location. Further research expanding the model to different project types and using more structured cost data is suggested.
The document summarizes a presentation on construction safety and health management technology. It discusses various technologies used for safety management in construction, including BIM, safety sensors, wearable devices, and mobile apps. It also summarizes three research papers on emerging safety technologies, digital technologies for safety management, and enhancing safety techniques in the Indian construction industry. The presentation concludes that construction safety technology has significantly improved safety outcomes by enabling better training, hazard identification, and risk assessment.
Health and Safety Framework Using Analytic Hierarchy Process For Construction...IRJET Journal
This document discusses developing a health and safety framework for construction projects using the Analytic Hierarchy Process (AHP). It begins with an introduction to construction safety issues in India and the need for improved health and safety standards. The objectives of the study are then outlined as identifying major safety risk factors, assessing these factors, developing a risk assessment framework, and proposing a hierarchical safety management model using AHP. The research methodology of a literature review, surveys, and statistical analysis is described. Key factors impacting construction worker safety in India are identified. Finally, the development of an AHP framework is discussed as a multi-criteria decision making technique to highlight major risks and propose a safety management model.
QUALITY CONTROL AND SAFETY DURING CONSTRUCTIONIjmet 08 03_012IAEME Publication
The concept of Quality control has arisen to ensure that customer demands, and a level of quality and conformance are achieved. Quality Assurance is provided through the implementation of systemic management techniques ensuring control of the activities carried out by each party. This research provides a review of the topic of Quality control. In particular it looks at the meaning of quality control and the needs for its introduction into the construction industry. Current quality standards in the construction industry and the alternative quality systems, including the British Property Federation system, the Construction Industry Development Association's Code of Practice, and the Building and Construction Council's Quality Assessment Scheme are discussed. The quality control and safetyduring construction are highlighted
Risk Management in Industry 4.0 Maintenance: Identifying and Addressing HazardsIRJET Journal
This document discusses risk management in maintenance for Industry 4.0. It first reviews how the construction industry in India is growing rapidly but faces safety issues for workers. It then discusses how Industry 4.0 uses technologies like IoT, big data, and cloud computing to improve efficiency. The research highlights how Industry 4.0 can improve maintenance practices through predictive maintenance using smart sensors, data analytics to prove the value of maintenance strategies, and establishing reliability cultures for successful implementation. It identifies investigating the effectiveness of digital technologies on maintenance processes as a research gap.
IRJET-Analysis of Losses Due to Breakdown of Equipments in Construction.IRJET Journal
This document summarizes research on losses due to equipment breakdown in construction projects. It discusses how proper maintenance of construction equipment is important for productivity and reducing costs. The document reviews several research papers on topics like maintenance management systems, criteria for sustainable equipment selection, and multi-criteria decision making for equipment selection. It also provides details on construction equipment planning, selection of appropriate equipment based on tasks, site constraints, and economic factors. The importance of maintenance planning and developing maintenance plans for individual equipment is highlighted.
THE EVALUATION OF FACTORS INFLUENCING SAFETY PERFORMANCE: A CASE IN AN INDUST...IJDKP
Safety has become a very important element in firms and organisations especially in Ghana. The impact of safety factors on a firm’s 3E’s (Employee, Environment and Equipment) can improve or deteriorate firm’s public image. This paper identified the key safety indicators and also provided a set of core factors that contribute meaningful in promoting safety performance in an Industrial Gas producer in Ghana using the Analytic Hierarchy Process. Organisational, Human, Technical and Environmental factors were identified as the safety indicators in relation to the study area. The studies revealed that organisational factor is the most important factor or criterion that could facilitate a better safety performance of the Industrial Gas
Company. In addition, employees was identified the best safety alternative, whilst environment and equipment followed sequentially.
A Unified International Standard that Covers Prescriptive and Performance-Bas...Dr. Monideep Dey
This paper presents a proposal for development of a unified international standard that covers both prescriptive and performance-based fire safety. Presently, most countries have a prescriptive framework for the requirements for fire safety. Countries that have developed a Performance-Based Code (PBC) for fire safety, e.g. New Zealand, still had to maintain many prescriptive requirements that cannot be replaced using performance-based approaches. Several countries now allow the use of performance-based fire safety design within the framework of its prescriptive fire safety requirements, but in many cases demonstrating the equivalence of the performance-based design with the prescriptive requirements is difficult. A framework and methodology for a unified approach to fire safety requirements, that will allow the use of both sets of requirements in a fire safety program, including an exchange of one set with the other, does not exist at the present. This has been identified as a gap for the use of more modern fire safety design methods.
Monideep Dey, PhD
President, Deytec, Inc.
This document provides a summary of Daniel Matias's qualifications and experience. It summarizes that he has 30 years of experience in engineering and facilities management for the consumer healthcare and pharmaceutical industries. He has expertise in cross-functional team building, budget planning, and project management. His most recent role was Engineering and Facilities Manager at Perrigo Company from 2005 to 2015.
Mistakeproofing the design of construction processes.pdflynelerin1
This document summarizes a study that investigated how mistakeproofing principles can be applied to improve safety and quality in construction processes. It defines mistakeproofing as methods used to design processes in a way that makes it difficult or impossible to make mistakes. The study cataloged 30 examples of mistakeproofing in construction based on its principles and TRIZ (Theory of Inventive Problem Solving) principles. The examples aimed to illustrate how understanding and applying mistakeproofing and TRIZ can help the construction industry avoid errors and improve performance, as has been done in other industries.
Top 10 Factors to Consider for Solar Trackers Feb 16 2016Khushbu Singh
The document discusses the top 10 factors to consider when selecting a solar tracker for a utility-scale photovoltaic project. It begins by introducing the topic and methodology used to determine the top 10 criteria. The top 10 criteria are then presented in order of importance: 1) Bankability, 2) Demonstrated capability via actual sites, 3) Ease of tracker installation and configurability to site, 4) Maintenance and warranty on parts, 5) Monitoring and data acquisition system, 6) Structural strength, 7) Tracker specifications regarding rotational angle, backtracking, power supply and DC capacity, 8) Supply chain, 9) Local requirements, and 10) Performance during unfavorable weather. Each criterion is
Top 10 Factors to Consider for Solar Trackers Feb 16 2016Wassim Bendeddouche
The document discusses the top 10 factors to consider when selecting a solar tracker for a utility-scale photovoltaic project. These include bankability, demonstrated capability through previous installations, ease of installation and configurability, maintenance requirements and warranty coverage, monitoring systems, structural strength, tracker specifications regarding rotation angle and power supply, supply chain management, local requirements, and performance during unfavorable weather. The factors are evaluated based on interviews with industry experts to determine the most important criteria for ensuring a tracker will meet the needs of the specific project and be considered a viable long-term investment.
IRJET- A Study on Factors Affecting Estimation of Construction Project : Conc...IRJET Journal
This document summarizes a study on factors affecting the estimation of construction project costs. It identifies 12 key factors that influence cost estimation accuracy based on a survey of experts. These include economic instability, quality of project planning/management, experience of estimators, and availability of management/finance plans. The study develops an artificial neural network model to predict cost variance based on these factors. Testing shows the model can predict cost variance with 80% accuracy. It recommends construction parties consider the 12 identified factors when preparing estimates and assigning qualified project managers, estimators, and planners to reduce cost variance. Further research expanding the model to different project types and using a more structured project database is suggested.
Phasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and Applications
Mr. Green is an experienced cybersecurity professional with over 3 decades in IT and cybersecurity roles. He has supported both public and private sector clients in developing cybersecurity policies, frameworks, and implementation strategies. Most recently, he has worked at the Department of Energy for over 10 years developing their cybersecurity programs and initiatives. He also has extensive experience developing cybersecurity programs and guidance for nuclear facilities through his role at the Nuclear Regulatory Commission. Mr. Green brings strong leadership and technical skills in implementing risk-based cybersecurity protections across complex government organizations.
This document presents the final report of a research project on developing a tool for risk-based integrity assessment of process components. The report describes the development of a risk-based framework that includes methodologies for risk-based design, risk-based integrity modeling, and risk-based inspection and maintenance planning. Case studies were used to demonstrate the application of the developed methodologies and the results that can be obtained. The framework aims to help industry optimize asset integrity management and safety through risk-informed decision making.
CIS505008VA0- COMMUNICATION TECHNOLOGIESWeek 2 Assignment 1 Su.docxsleeperharwell
CIS505008VA0- COMMUNICATION TECHNOLOGIES
Week 2 Assignment 1 Submission
45% highest match
Attachments (1)
· week 2 assingment 1 cis 505.doc 45%
Word Count: 643
week 2 assingment 1 cis 505.doc
Running head: WIRELESS TECHNOLOGY 1
WIRLESS TECHNOLOGY 2
CIS 505
Wireless Technology
1 04/15/2019
1. 2 SELECT ONE OF THE WORKING GROUPS IN THE IETF OR IEEE AND BRIEFLY SUMMARIZE WHAT THIS GROUP IS WORKING ON
3 I WILL SELECT IETF WHICH IS THE INTERNET ENGINEERING TASK FORCE IN FULL. 4 THE MISSION OF IETF IS TO ENSURE THE INTERNET IS WORKING BETTER BY THE PROVISION OF HIGH QUALITY AND TECHNICAL DOCUMENTS WHICH INFLUENCE THE WAY PEOPLE DESIGN AND MANAGE THE INTERNET. Furthermore, it develops internet standards which make up the Transmission control protocol or the internet protocol (Schuch & Pritham, 2014). 4 THE WEB SECURITY INVOLVES PROTECTING INFORMATION BY PREVENTING, DETECTING AND RESPONDING TO NEW ATTACKS. CONVERSELY, POLICY COMMUNICATION MECHANISMS AND SECURITY TECHNIQUES HAVE SPRINKLED THROUGH VARIOUS LAYERS OF THE WEB AND HTTP. IN THAT CASE, THE ROLE OF THIS WORKING GROUP IS TO COMPOSE THE OVERALL DOCUMENT DERIVED FROM SURVEYING THE ISSUE OUTLINED.
2. 5 JUSTIFY THE NEED OF THE IEEE 802 STANDARD USED IN NETWORKING
6 IEEE 802 IS TERMED AS THE INSTITUTE OF THE ELECTRICAL AND ELECTRONICS ENGINEERS STANDARDS THAT ARE SET TO DEFINE THE STANDARDS AND PROTOCOLS FOR THE WIRED LOCAL AREA NETWORKS, THE METROPOLITAN AREA NETWORKS ALONG WITH THE WIRELESS NETWORKS. Furthermore, it also defies the characteristics, protocols along with the services the networks which carry different sizes of packets. 6 IEEE 802 STANDARD PROMOTES THE APPLIANCES INTEROPERABILITY, DEVELOPMENT, PRICE REDUCTION ALONG WITH STABLE FUTURE MIGRATION (HINDEN, 2015). The rationale for the 802 network standard is usually to facilitate intercommunication among different equipment from different manufacturers. In that case, it can be termed as the fundamental coordinating standard.
IEEE 802 also defines the network standards for physical components which comprise of network interface cards, WAN components together with cabling and will continue to advance with technology.
3. 2 EVALUATE THE THREE STANDARD ORGANIZATIONS INCLUDING IEEE, ISO, AND ANSI TO DETERMINE THE MOST IMPORTANT FOR COMMUNICATION TECHNOLOGY
6 IEEE IS THE NONPROFIT PROFESSIONAL ORGANIZATION THAT WAS FOUNDED BY ENGINEERS FOR THE PURPOSE OF CONSOLIDATING IDEAS THAT DEAL WITH ELECTROTECHNOLOGY. 7 HOWEVER, IT PLAYS A KEY ROLE IN PUBLISHING TECHNICAL WORKS AND STANDARDS DEVELOPMENT.
ISO which is the International Standards Organization is a non-governmental organization that plays a key role in the manufacturing sector. 8 IT USUALLY ENSURES HIGH QUALITY PRODUCTS WHICH ARE BOTH SAFE AND RELIABLE. This is so because of the value of the standards, the company requirement, and the sales and marketing advantage.
9 ANSI IS THE AMERICAN NATIONAL STANDARDS INSTITUTE IS AN ORGANIZATION RESPONSIBLE FOR ADMINISTRATION AND COORDINATION OF THE US.
Application of Lean Construction Techniques in Civil Engineering: Plucking th...IRJET Journal
This document discusses the application of lean construction techniques in civil engineering projects to reduce waste. It defines lean construction as eliminating waste from the construction process to reduce time and costs. The document outlines various lean tools that can be used, such as computer-aided design, visual inspection, continuous improvement programs, and value stream mapping. It also discusses the benefits of lean construction, such as increased productivity, quality improvement, reduced construction time, and improved access to information. The conclusion states that lean principles were developed in the automotive industry and are now being applied more in construction to improve efficiency.
Operational discipline in practices - Build the safety cultureRonachai Fuangfoong
The document discusses various methods to improve operational discipline in chemical process industries, including conducting floor level meetings to identify risks, performing job cycle checks to ensure standard operating procedures are followed, conducting daily safety audits to identify hazards, and incorporating consequence analyses into work instructions to understand safe operating limits and emergency response. It provides examples of completed forms for a floor level meeting, job cycle check, risk assessment, daily safety audit, and consequence analysis to demonstrate how these methods can be implemented.
This document summarizes a paper that describes how model-driven development (MDD) can be used for safety-critical projects in the energy industry. MDD involves first analyzing problems and potential solutions using techniques like simulation before final decision making. Requirements are formally verified and validated to improve common understanding. Graphical models improve communication by breaking down barriers between domains. MDD has been successfully applied in industries like aerospace, defense, nuclear, automotive, and medical devices. The paper outlines how MDD and requirements-driven engineering can improve quality, reduce costs and risks for complex energy projects.
Este documento presenta un plan de negocio para una empresa de renting informático en Nicaragua llamada TECHRENTING. La empresa ofrecerá el arrendamiento de equipos informáticos como ordenadores, servidores e impresoras a pequeñas y medianas empresas en Nicaragua. El equipo gerencial tiene experiencia en el sector y la empresa será pionera en ofrecer este servicio. El plan incluye un análisis del mercado, la competencia, las proyecciones financieras y la estrategia de la empresa. El objetivo es promover el acceso a la te
Este documento describe los elementos clave que deben incluirse en la sección inicial de un Plan de Desarrollo de Proyecto de Inversión (PDRI). Estos incluyen criterios de diseño, objetivos del negocio, datos técnicos, alcance del proyecto e información sobre el sitio. El documento proporciona una lista detallada de los requisitos que deben cubrirse en cada una de estas secciones para definir adecuadamente el proyecto de manera técnica en su etapa inicial.
The document summarizes a presentation on construction safety and health management technology. It discusses various technologies used for safety management in construction, including BIM, safety sensors, wearable devices, and mobile apps. It also summarizes three research papers on emerging safety technologies, digital technologies for safety management, and enhancing safety techniques in the Indian construction industry. The presentation concludes that construction safety technology has significantly improved safety outcomes by enabling better training, hazard identification, and risk assessment.
Health and Safety Framework Using Analytic Hierarchy Process For Construction...IRJET Journal
This document discusses developing a health and safety framework for construction projects using the Analytic Hierarchy Process (AHP). It begins with an introduction to construction safety issues in India and the need for improved health and safety standards. The objectives of the study are then outlined as identifying major safety risk factors, assessing these factors, developing a risk assessment framework, and proposing a hierarchical safety management model using AHP. The research methodology of a literature review, surveys, and statistical analysis is described. Key factors impacting construction worker safety in India are identified. Finally, the development of an AHP framework is discussed as a multi-criteria decision making technique to highlight major risks and propose a safety management model.
QUALITY CONTROL AND SAFETY DURING CONSTRUCTIONIjmet 08 03_012IAEME Publication
The concept of Quality control has arisen to ensure that customer demands, and a level of quality and conformance are achieved. Quality Assurance is provided through the implementation of systemic management techniques ensuring control of the activities carried out by each party. This research provides a review of the topic of Quality control. In particular it looks at the meaning of quality control and the needs for its introduction into the construction industry. Current quality standards in the construction industry and the alternative quality systems, including the British Property Federation system, the Construction Industry Development Association's Code of Practice, and the Building and Construction Council's Quality Assessment Scheme are discussed. The quality control and safetyduring construction are highlighted
Risk Management in Industry 4.0 Maintenance: Identifying and Addressing HazardsIRJET Journal
This document discusses risk management in maintenance for Industry 4.0. It first reviews how the construction industry in India is growing rapidly but faces safety issues for workers. It then discusses how Industry 4.0 uses technologies like IoT, big data, and cloud computing to improve efficiency. The research highlights how Industry 4.0 can improve maintenance practices through predictive maintenance using smart sensors, data analytics to prove the value of maintenance strategies, and establishing reliability cultures for successful implementation. It identifies investigating the effectiveness of digital technologies on maintenance processes as a research gap.
IRJET-Analysis of Losses Due to Breakdown of Equipments in Construction.IRJET Journal
This document summarizes research on losses due to equipment breakdown in construction projects. It discusses how proper maintenance of construction equipment is important for productivity and reducing costs. The document reviews several research papers on topics like maintenance management systems, criteria for sustainable equipment selection, and multi-criteria decision making for equipment selection. It also provides details on construction equipment planning, selection of appropriate equipment based on tasks, site constraints, and economic factors. The importance of maintenance planning and developing maintenance plans for individual equipment is highlighted.
THE EVALUATION OF FACTORS INFLUENCING SAFETY PERFORMANCE: A CASE IN AN INDUST...IJDKP
Safety has become a very important element in firms and organisations especially in Ghana. The impact of safety factors on a firm’s 3E’s (Employee, Environment and Equipment) can improve or deteriorate firm’s public image. This paper identified the key safety indicators and also provided a set of core factors that contribute meaningful in promoting safety performance in an Industrial Gas producer in Ghana using the Analytic Hierarchy Process. Organisational, Human, Technical and Environmental factors were identified as the safety indicators in relation to the study area. The studies revealed that organisational factor is the most important factor or criterion that could facilitate a better safety performance of the Industrial Gas
Company. In addition, employees was identified the best safety alternative, whilst environment and equipment followed sequentially.
A Unified International Standard that Covers Prescriptive and Performance-Bas...Dr. Monideep Dey
This paper presents a proposal for development of a unified international standard that covers both prescriptive and performance-based fire safety. Presently, most countries have a prescriptive framework for the requirements for fire safety. Countries that have developed a Performance-Based Code (PBC) for fire safety, e.g. New Zealand, still had to maintain many prescriptive requirements that cannot be replaced using performance-based approaches. Several countries now allow the use of performance-based fire safety design within the framework of its prescriptive fire safety requirements, but in many cases demonstrating the equivalence of the performance-based design with the prescriptive requirements is difficult. A framework and methodology for a unified approach to fire safety requirements, that will allow the use of both sets of requirements in a fire safety program, including an exchange of one set with the other, does not exist at the present. This has been identified as a gap for the use of more modern fire safety design methods.
Monideep Dey, PhD
President, Deytec, Inc.
This document provides a summary of Daniel Matias's qualifications and experience. It summarizes that he has 30 years of experience in engineering and facilities management for the consumer healthcare and pharmaceutical industries. He has expertise in cross-functional team building, budget planning, and project management. His most recent role was Engineering and Facilities Manager at Perrigo Company from 2005 to 2015.
Mistakeproofing the design of construction processes.pdflynelerin1
This document summarizes a study that investigated how mistakeproofing principles can be applied to improve safety and quality in construction processes. It defines mistakeproofing as methods used to design processes in a way that makes it difficult or impossible to make mistakes. The study cataloged 30 examples of mistakeproofing in construction based on its principles and TRIZ (Theory of Inventive Problem Solving) principles. The examples aimed to illustrate how understanding and applying mistakeproofing and TRIZ can help the construction industry avoid errors and improve performance, as has been done in other industries.
Top 10 Factors to Consider for Solar Trackers Feb 16 2016Khushbu Singh
The document discusses the top 10 factors to consider when selecting a solar tracker for a utility-scale photovoltaic project. It begins by introducing the topic and methodology used to determine the top 10 criteria. The top 10 criteria are then presented in order of importance: 1) Bankability, 2) Demonstrated capability via actual sites, 3) Ease of tracker installation and configurability to site, 4) Maintenance and warranty on parts, 5) Monitoring and data acquisition system, 6) Structural strength, 7) Tracker specifications regarding rotational angle, backtracking, power supply and DC capacity, 8) Supply chain, 9) Local requirements, and 10) Performance during unfavorable weather. Each criterion is
Top 10 Factors to Consider for Solar Trackers Feb 16 2016Wassim Bendeddouche
The document discusses the top 10 factors to consider when selecting a solar tracker for a utility-scale photovoltaic project. These include bankability, demonstrated capability through previous installations, ease of installation and configurability, maintenance requirements and warranty coverage, monitoring systems, structural strength, tracker specifications regarding rotation angle and power supply, supply chain management, local requirements, and performance during unfavorable weather. The factors are evaluated based on interviews with industry experts to determine the most important criteria for ensuring a tracker will meet the needs of the specific project and be considered a viable long-term investment.
IRJET- A Study on Factors Affecting Estimation of Construction Project : Conc...IRJET Journal
This document summarizes a study on factors affecting the estimation of construction project costs. It identifies 12 key factors that influence cost estimation accuracy based on a survey of experts. These include economic instability, quality of project planning/management, experience of estimators, and availability of management/finance plans. The study develops an artificial neural network model to predict cost variance based on these factors. Testing shows the model can predict cost variance with 80% accuracy. It recommends construction parties consider the 12 identified factors when preparing estimates and assigning qualified project managers, estimators, and planners to reduce cost variance. Further research expanding the model to different project types and using a more structured project database is suggested.
Phasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and ApplicationsPhasor Measurement Unit (PMU) Implementation
and Applications
Mr. Green is an experienced cybersecurity professional with over 3 decades in IT and cybersecurity roles. He has supported both public and private sector clients in developing cybersecurity policies, frameworks, and implementation strategies. Most recently, he has worked at the Department of Energy for over 10 years developing their cybersecurity programs and initiatives. He also has extensive experience developing cybersecurity programs and guidance for nuclear facilities through his role at the Nuclear Regulatory Commission. Mr. Green brings strong leadership and technical skills in implementing risk-based cybersecurity protections across complex government organizations.
This document presents the final report of a research project on developing a tool for risk-based integrity assessment of process components. The report describes the development of a risk-based framework that includes methodologies for risk-based design, risk-based integrity modeling, and risk-based inspection and maintenance planning. Case studies were used to demonstrate the application of the developed methodologies and the results that can be obtained. The framework aims to help industry optimize asset integrity management and safety through risk-informed decision making.
CIS505008VA0- COMMUNICATION TECHNOLOGIESWeek 2 Assignment 1 Su.docxsleeperharwell
CIS505008VA0- COMMUNICATION TECHNOLOGIES
Week 2 Assignment 1 Submission
45% highest match
Attachments (1)
· week 2 assingment 1 cis 505.doc 45%
Word Count: 643
week 2 assingment 1 cis 505.doc
Running head: WIRELESS TECHNOLOGY 1
WIRLESS TECHNOLOGY 2
CIS 505
Wireless Technology
1 04/15/2019
1. 2 SELECT ONE OF THE WORKING GROUPS IN THE IETF OR IEEE AND BRIEFLY SUMMARIZE WHAT THIS GROUP IS WORKING ON
3 I WILL SELECT IETF WHICH IS THE INTERNET ENGINEERING TASK FORCE IN FULL. 4 THE MISSION OF IETF IS TO ENSURE THE INTERNET IS WORKING BETTER BY THE PROVISION OF HIGH QUALITY AND TECHNICAL DOCUMENTS WHICH INFLUENCE THE WAY PEOPLE DESIGN AND MANAGE THE INTERNET. Furthermore, it develops internet standards which make up the Transmission control protocol or the internet protocol (Schuch & Pritham, 2014). 4 THE WEB SECURITY INVOLVES PROTECTING INFORMATION BY PREVENTING, DETECTING AND RESPONDING TO NEW ATTACKS. CONVERSELY, POLICY COMMUNICATION MECHANISMS AND SECURITY TECHNIQUES HAVE SPRINKLED THROUGH VARIOUS LAYERS OF THE WEB AND HTTP. IN THAT CASE, THE ROLE OF THIS WORKING GROUP IS TO COMPOSE THE OVERALL DOCUMENT DERIVED FROM SURVEYING THE ISSUE OUTLINED.
2. 5 JUSTIFY THE NEED OF THE IEEE 802 STANDARD USED IN NETWORKING
6 IEEE 802 IS TERMED AS THE INSTITUTE OF THE ELECTRICAL AND ELECTRONICS ENGINEERS STANDARDS THAT ARE SET TO DEFINE THE STANDARDS AND PROTOCOLS FOR THE WIRED LOCAL AREA NETWORKS, THE METROPOLITAN AREA NETWORKS ALONG WITH THE WIRELESS NETWORKS. Furthermore, it also defies the characteristics, protocols along with the services the networks which carry different sizes of packets. 6 IEEE 802 STANDARD PROMOTES THE APPLIANCES INTEROPERABILITY, DEVELOPMENT, PRICE REDUCTION ALONG WITH STABLE FUTURE MIGRATION (HINDEN, 2015). The rationale for the 802 network standard is usually to facilitate intercommunication among different equipment from different manufacturers. In that case, it can be termed as the fundamental coordinating standard.
IEEE 802 also defines the network standards for physical components which comprise of network interface cards, WAN components together with cabling and will continue to advance with technology.
3. 2 EVALUATE THE THREE STANDARD ORGANIZATIONS INCLUDING IEEE, ISO, AND ANSI TO DETERMINE THE MOST IMPORTANT FOR COMMUNICATION TECHNOLOGY
6 IEEE IS THE NONPROFIT PROFESSIONAL ORGANIZATION THAT WAS FOUNDED BY ENGINEERS FOR THE PURPOSE OF CONSOLIDATING IDEAS THAT DEAL WITH ELECTROTECHNOLOGY. 7 HOWEVER, IT PLAYS A KEY ROLE IN PUBLISHING TECHNICAL WORKS AND STANDARDS DEVELOPMENT.
ISO which is the International Standards Organization is a non-governmental organization that plays a key role in the manufacturing sector. 8 IT USUALLY ENSURES HIGH QUALITY PRODUCTS WHICH ARE BOTH SAFE AND RELIABLE. This is so because of the value of the standards, the company requirement, and the sales and marketing advantage.
9 ANSI IS THE AMERICAN NATIONAL STANDARDS INSTITUTE IS AN ORGANIZATION RESPONSIBLE FOR ADMINISTRATION AND COORDINATION OF THE US.
Application of Lean Construction Techniques in Civil Engineering: Plucking th...IRJET Journal
This document discusses the application of lean construction techniques in civil engineering projects to reduce waste. It defines lean construction as eliminating waste from the construction process to reduce time and costs. The document outlines various lean tools that can be used, such as computer-aided design, visual inspection, continuous improvement programs, and value stream mapping. It also discusses the benefits of lean construction, such as increased productivity, quality improvement, reduced construction time, and improved access to information. The conclusion states that lean principles were developed in the automotive industry and are now being applied more in construction to improve efficiency.
Operational discipline in practices - Build the safety cultureRonachai Fuangfoong
The document discusses various methods to improve operational discipline in chemical process industries, including conducting floor level meetings to identify risks, performing job cycle checks to ensure standard operating procedures are followed, conducting daily safety audits to identify hazards, and incorporating consequence analyses into work instructions to understand safe operating limits and emergency response. It provides examples of completed forms for a floor level meeting, job cycle check, risk assessment, daily safety audit, and consequence analysis to demonstrate how these methods can be implemented.
This document summarizes a paper that describes how model-driven development (MDD) can be used for safety-critical projects in the energy industry. MDD involves first analyzing problems and potential solutions using techniques like simulation before final decision making. Requirements are formally verified and validated to improve common understanding. Graphical models improve communication by breaking down barriers between domains. MDD has been successfully applied in industries like aerospace, defense, nuclear, automotive, and medical devices. The paper outlines how MDD and requirements-driven engineering can improve quality, reduce costs and risks for complex energy projects.
Este documento presenta un plan de negocio para una empresa de renting informático en Nicaragua llamada TECHRENTING. La empresa ofrecerá el arrendamiento de equipos informáticos como ordenadores, servidores e impresoras a pequeñas y medianas empresas en Nicaragua. El equipo gerencial tiene experiencia en el sector y la empresa será pionera en ofrecer este servicio. El plan incluye un análisis del mercado, la competencia, las proyecciones financieras y la estrategia de la empresa. El objetivo es promover el acceso a la te
Este documento describe los elementos clave que deben incluirse en la sección inicial de un Plan de Desarrollo de Proyecto de Inversión (PDRI). Estos incluyen criterios de diseño, objetivos del negocio, datos técnicos, alcance del proyecto e información sobre el sitio. El documento proporciona una lista detallada de los requisitos que deben cubrirse en cada una de estas secciones para definir adecuadamente el proyecto de manera técnica en su etapa inicial.
El documento describe los beneficios del uso del PDRI (Project Definition Rating Index), una herramienta para evaluar el nivel de definición de un proyecto. El PDRI proporciona una escala de 1000 puntos para medir el grado de definición de un proyecto, donde puntajes más bajos indican una mejor definición. La investigación ha demostrado que proyectos con puntajes PDRI menores a 200 tienden a tener un mejor desempeño en términos de costos, tiempo y cambios de alcance. El PDRI es una valios
El documento explica el Impuesto a la Ganancia Mínima Presunta en Argentina. Grava los activos de las sociedades y otros sujetos con una alícuota del 1%. Se describen los sujetos obligados, principales exenciones como bienes en Tierra del Fuego y hasta $200,000, y valuación de bienes. También incluye un caso práctico para calcular el impuesto correspondiente al período fiscal 2006 de una empresa llamada "PRESUMIENDO SRL".
El documento detalla la infraestructura tecnológica requerida, incluyendo equipos de computación como computadoras de escritorio, portátiles, estaciones de trabajo, servidores e impresoras, así como servicios de asistencia técnica, mantenimiento y suministro de consumibles. También se especifica la necesidad de redes, telefonía, videoconferencia, redes VPN e interconexión a la red corporativa de PDVSA.
Este manual establece las normas y procedimientos para la administración de proyectos financiados por fondos públicos. Describe los objetivos, marco legal y definiciones clave. También explica las obligaciones de las instituciones, empresas y responsables de proyectos en cuanto a la presentación de informes, el uso y comprobación de recursos, y el proceso general de desarrollo de proyectos desde su aprobación hasta el cierre.
Este documento presenta los conceptos de IPA (Análisis de Proyecto Independiente) y PMI (Instituto de Gerenciamiento de Proyectos). IPA compara métricas como plazo y costo de proyectos realizados en todo el mundo, mientras que PMI promueve las mejores prácticas de gestión de proyectos. El documento también explica los conceptos de FEL 1, FEL 2 y FEL 3, que se refieren al grado de definición de un proyecto en diferentes etapas, y cómo niveles más altos
El documento describe un modelo de un tanquero petrolero para armar. Explica que los tanqueros transportan petróleo y derivados por el mundo. Detalla la estructura de un tanquero, incluyendo los tanques para carga, aceite, agua de lastre y combustible. También indica que PDV Marina se encarga del transporte marítimo de petróleo y derivados en Venezuela.
Este documento describe la Plataforma Dragón-Patao, parte del Proyecto Mariscal Sucre. Explica que la plataforma es fija y extrae 600 millones de pies cúbicos de gas de los campos Dragón y Patao, ubicados en aguas territoriales venezolanas. También incluye instrucciones para imprimir y armar un modelo de la plataforma, con piezas numeradas que se pegan en un orden específico.
La refinería transforma el petróleo crudo en productos útiles como gasolina, kerosene y aceites a través de un proceso que incluye calentar el petróleo en un horno, destilarlo en torres de destilación para separar los diferentes componentes según su punto de ebullición, y utilizar otros equipos como tanques de almacenamiento, motores, bombas e intercambiadores de calor. El documento proporciona instrucciones para armar un modelo de una refinería con varias piezas recortadas de cartulina.
Este documento presenta un modelo de una estación de servicios PDV que se puede imprimir y armar. Explica brevemente qué es una estación de servicios, cómo se clasifican los combustibles en Venezuela y describe los principales componentes de una estación como los tanques de almacenamiento, medidores de flujo, surtidores y broquerel. También incluye instrucciones detalladas para recortar y armar cada una de las piezas del modelo.
El documento describe el funcionamiento de un taladro de perforación petrolero. Consiste en una torre de 20 a 30 metros de altura que perfora el suelo hasta las reservas de petróleo usando una mecha. La torre contiene un sistema mecánico que controla la mecha y perfora hasta la formación petrolífera, luego se instalan tuberías para extraer el crudo a la superficie. El documento también incluye instrucciones para armar un modelo de un taladro de perforación.
Low power architecture of logic gates using adiabatic techniquesnooriasukmaningtyas
The growing significance of portable systems to limit power consumption in ultra-large-scale-integration chips of very high density, has recently led to rapid and inventive progresses in low-power design. The most effective technique is adiabatic logic circuit design in energy-efficient hardware. This paper presents two adiabatic approaches for the design of low power circuits, modified positive feedback adiabatic logic (modified PFAL) and the other is direct current diode based positive feedback adiabatic logic (DC-DB PFAL). Logic gates are the preliminary components in any digital circuit design. By improving the performance of basic gates, one can improvise the whole system performance. In this paper proposed circuit design of the low power architecture of OR/NOR, AND/NAND, and XOR/XNOR gates are presented using the said approaches and their results are analyzed for powerdissipation, delay, power-delay-product and rise time and compared with the other adiabatic techniques along with the conventional complementary metal oxide semiconductor (CMOS) designs reported in the literature. It has been found that the designs with DC-DB PFAL technique outperform with the percentage improvement of 65% for NOR gate and 7% for NAND gate and 34% for XNOR gate over the modified PFAL techniques at 10 MHz respectively.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesChristina Lin
Traditionally, dealing with real-time data pipelines has involved significant overhead, even for straightforward tasks like data transformation or masking. However, in this talk, we’ll venture into the dynamic realm of WebAssembly (WASM) and discover how it can revolutionize the creation of stateless streaming pipelines within a Kafka (Redpanda) broker. These pipelines are adept at managing low-latency, high-data-volume scenarios.
Literature Review Basics and Understanding Reference Management.pptxDr Ramhari Poudyal
Three-day training on academic research focuses on analytical tools at United Technical College, supported by the University Grant Commission, Nepal. 24-26 May 2024
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
1. Office of Applied Economics
Building and Fire Research Laboratory
Gaithersburg, Maryland 20899
U.S. Department of Commerce
Technology Administration
National Institute of Standards and Technology
Construction Industry Institute
The University of Texas at Austin
Austin, Texas 78759-5316
Lessons Learned in the Implementation of
Best Practices for Project Security
Michael S. Rainey
Stephen R. Thomas
BMM2006-10
2. Construction Industry Institute
Owners
3M
Abbott
Air Products and Chemicals, Inc.
Alcoa
Amgen Inc.
Anheuser-Busch Companies, Inc.
Aramco Services Company
Biogen Idec, Inc.
BP America, Inc.
Cargill, Inc.
Chevron
CITGO Petroleum Corporation
Codelco-Chile
ConocoPhillips
Dofasco, Inc.
The Dow Chemical Company
DuPont
Eastman Chemical Company
Eli Lilly and Company
ExxonMobil Corporation
Genentech, Inc.
General Motors Corporation
GlaxoSmithKline
Intel Corporation
International Paper
Kraft Foods
Marathon Oil Corporation
Merck & Co., Inc.
National Aeronautics & Space Administration
Naval Facilities Engineering Command
NOVA Chemicals Corporation
Ontario Power Generation
Petroleo Brasileiro S/A - Petrobras
Praxair, Inc.
The Procter & Gamble Company
Progress Energy
Rohm and Haas Company
Sasol Technology
Shell Oil Company
Smithsonian Institution
Solutia Inc.
Southern Company
Sunoco, Inc.
Tennessee Valley Authority
U.S. Architect of the Capitol
U.S. Army Corps of Engineers
U.S. Bureau of Reclamation
U.S. Department of Commerce/NIST/BFRL
U.S. Department of Energy
U.S. Department of Health & Human Services
U.S. Department of State
U.S. General Services Administration
U.S. Steel
Weyerhaeuser Company
Contractors
ABB Lummus Global Inc.
Aker Kvaerner
ALSTOM Power Inc.
AMEC, Inc.
AZCO INC.
Baker Concrete Construction Inc.
BE&K, Inc.
Bechtel Group, Inc.
Black & Veatch
Burns & McDonnell
CB&I
CCC Group, Inc.
CDI Engineering Solutions
CH2M HILL
CSA Group
Day & Zimmermann International, Inc.
Dick Corporation
Dresser-Rand Company
Emerson Process Management
Fluor Corporation
Fru-Con Construction Corporation
Grinaker-LTA
Harper Industries, Inc.
Hatch
Hilti Corporation
Hyundai Engineering & Construction Co., Ltd.
J. Ray McDermott, Inc.
Jacobs
JMJ Associates Inc.
KBR
Kiewit Construction Group, Inc.
M. A. Mortenson Company
Mustang Engineering, L.P.
The Nielsen-Wurster Group Inc.
Parsons
Perot Systems Corporation
Primavera Systems, Inc.
R. J. Mycka, Inc.
S&B Engineers and Constructors, Ltd.
The Shaw Group Inc.
Technip
Victaulic Company
Walbridge Aldinger Company
Washington Group International, Inc.
WorleyParsons Limited
Yates Construction
Zachry Construction Corporation
Zurich
3. Office of Applied Economics
Building and Fire Research Laboratory
Gaithersburg, Maryland 20899
U.S. Department of Commerce
Technology Administration
National Institute of Standards and Technology
Construction Industry Institute
The University of Texas at Austin
Austin, Texas 78759-5316
Lessons Learned in the Implementation of
Best Practices for Project Security
Stephen R. Thomas
Michael S. Rainey
Sponsored by:
National Institute of Standards and Technology
Building and Fire Research Laboratory
July 2006
4. 2006 Construction Industry Institute®
.
The University of Texas at Austin.
CII members may reproduce and distribute this work internally in any medium at no cost to internal
recipients. CII members are permitted to revise and adapt this work for the internal use provided an
informational copy is furnished to CII.
Available to non-members by purchase; however, no copies may be made or distributed and no
modifications made without prior written permission from CII. Contact CII at http://construction-
institute.org/catalog.htm to purchase copies. Volume discounts may be available.
All CII members, current students, and faculty at a college or university are eligible to purchase CII
products at member prices. Faculty and students at a college or university may reproduce and distribute
this work without modification for educational use.
Printed in the United States of America.
5. Foreword
The National Institute of Standards and Technology (NIST) develops and promotes
measurement, standards, and technology to enhance productivity, facilitate trade, and
improve quality of life. In the aftermath of the attacks of September 11, 2001, NIST has
taken a key role in enhancing the nation’s homeland security. Through projects spanning
a wide range of research areas, NIST is helping millions of individuals in law
enforcement, the military, emergency services, information technology, the construction
industry, and other areas protect the American public from terrorist threats.
NIST’s Building and Fire Research Laboratory (BFRL) has as its mission to meet the
measurement and standards needs of the building and fire safety communities. A key
element of that mission is BFRL’s commitment to homeland security. Specifically, the
goal of BFRL’s homeland security effort is to develop and implement the standards,
technology, and practices needed for cost-effective improvements to the safety and
security of buildings and building occupants, including evacuation, emergency response
procedures, and threat mitigation. The strategy to meet this goal is supported by BFRL’s:
• research and development (R&D) program to provide a technical foundation that
supports improvements to building and fire codes, standards, and practices that
reduce the impact of extreme threats to the safety of buildings, their occupants
and emergency responders; and
• dissemination and technical assistance program (DTAP) to engage leaders of the
construction and building community in implementing proposed changes to
practices, standards, and codes. DTAP will also provide practical guidance and
tools to better prepare facility owners, contractors, architects, engineers,
emergency responders, and regulatory authorities to respond to future disasters.
This report, prepared for NIST by the Construction Industry Institute (CII), was funded as
part of BFRL’s homeland security R&D program. It complements previous DTAP-
funded research into best practices for project security by documenting key lessons
learned from implementing these practices. The security best practices were developed
by CII and published in 2004 as CII technical report BMM2004-10 (available through
CII) and a Grant Contractor Report, NIST GCR 04-865. This report includes a
discussion of baseline measures of performance, information on a set of case study
projects, a summary of significant findings producing the lessons learned, and how to use
the lessons learned to improve implementation for future projects. The case study
projects provided significant supporting information confirming a project team’s ability
to apply the security practices. Based on in-depth reviews of the case study projects, CII
concluded that: (1) the security practices provide project teams access to a flexible and
structured framework for the integration of security into the project delivery process (2)
project teams experienced the most success when they incorporated implementation steps
into existing organizational processes and procedures.
iii
6. The material presented in this report complements research being conducted by the
Office of Applied Economics (OAE) under BFRL’s homeland security R&D program.
OAE’s research focuses on developing economic tools to aid facility owners and
managers in the selection of cost-effective strategies that respond to natural and man-
made hazards. OAE’s research has produced a three-step protocol for developing a risk
mitigation plan for optimizing protection of constructed facilities. This protocol helps
decision makers assess the risk of their facility to damages from natural and man-made
hazards; identify engineering, management, and financial strategies for abating the risk of
damages; and use standardized economic evaluation methods to select the most cost-
effective combination of risk mitigation strategies to protect their facility. This report
covers key components of the first two steps of the three-step protocol.
Robert E. Chapman
Office of Applied Economics
Building and Fire Research Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8603
iv
7. Abstract
This research was performed by the Construction Industry Institute (CII) and
complements previous research into best practices for project security. The security best
practices were developed by CII and published as CII technical report BMM2004-10
(available through CII) and a Grant Contractor Report, NIST GCR 04-865; however,
little data still exist on the implementation of these practices. This lack of information
impeded utilization of the practices due to uncertainties about cost and schedule impacts
as well as impacts on established project processes. This research addresses this lack of
information.
The research consisted of three tasks. The first task included a statistical analysis of a
broad cross section of projects to produce baseline measures of performance used to
establish a desired set of characteristics typical of exemplary projects. The second task
entailed the selection of a set of exemplary projects for case-by-case analyses. The case-
by-case analyses included observation of project team implementations using facilitated
discussions to collect anecdotal information resulting in lessons learned. The final task of
the research was a synthesis of the findings. This synthesis includes a discussion of
baseline measures of performance, a summary of significant findings producing the
lessons learned, and how to use the lessons learned to improve implementation for future
projects.
The case study projects provided significant supporting information confirming a project
team’s ability to apply the security practices. The security practices provide project
teams access to a flexible and structured framework for integrating security into the
project delivery process. Project teams experienced the most success when they
incorporated implementation steps into existing organizational processes and procedures.
Keywords
Best practices, chemical manufacturing, energy production and distribution, facility
security, industrial facilities, security rating index, and transportation infrastructure
v
9. Table of Contents
Foreword...........................................................................................................................iii
Abstract.............................................................................................................................. v
1. INTRODUCTION....................................................................................................... 1
1.1 Background ....................................................................................................... 1
1.2 Purpose.............................................................................................................. 2
1.3 Scope and Approach ....................................................................................... 2
2. STATISTICAL ANALYSIS ....................................................................................... 5
2.1 Description of Data Set ................................................................................... 5
2.2 Project Outcomes - Owners ........................................................................... 8
2.3 Project Outcomes - Contractors................................................................... 11
3. SECURITY BEST PRACTICES AND MEASUREMENT OF THEIR LEVEL
OF IMPLEMENTATION......................................................................................... 13
3.1 Security Best Practices Overview................................................................ 13
3.2 Measuring the Degree of Security Practice Implementation................... 16
3.3 Implementation Process for the Security Practices.................................. 18
4. LESSONS LEARNED FROM SELECTED PROJECTS................................... 21
4.1 Task 2 Methodology ...................................................................................... 21
4.2 Description of Selected Projects.................................................................. 23
4.3 Lessons Learned Findings............................................................................ 25
4.3.1 Techniques for Evaluating Threat and Consequences.......................... 25
4.3.2 Modifications to Web-based Scoring Tool................................................ 28
4.3.3 Benefits of Security Practice Implementation.......................................... 30
4.3.4 SRI Score Analysis ...................................................................................... 32
5. CONCLUSIONS AND RECOMMENDATIONS.................................................. 37
5.1 Conclusions.......................................................................................................... 37
5.2 Recommendations .............................................................................................. 38
Appendix A: Statistical Notes ....................................................................................... 39
Appendix B: Metric and Project Phase Definitions.............................................. 41
Appendix C: Security Questionnaire.......................................................................... 47
Appendix D: Meeting 1 Agenda ................................................................................... 51
Appendix E: Implementation Process Reference Card............................................ 53
Appendix F: Meeting 2 Agenda.................................................................................... 57
Appendix G: Statistical Analysis .................................................................................. 59
Appendix H: References ............................................................................................... 61
vii
10. List of Tables
Table 2-1. Summary of Project Outcomes - Owners.......................................................... 9
Table 2-2. Summary of Project Outcomes - Contractors.................................................. 10
Table 3-1. The Security Best Practices............................................................................. 14
Table 3-2. Threat Levels................................................................................................... 17
Table 3-3. Consequence Levels........................................................................................ 18
Table 4-1. Case Study Phase SRI Scores.......................................................................... 24
Table 4-2. Threat Level Assessment Matrix..................................................................... 26
Table 4-3. Consequence Level Assessment Matrix.......................................................... 27
Table 4-4. Case Study Phase SRI Scores.......................................................................... 33
Table 4-5. SRI Score Descriptive Summary for Original Research and Case Studies Data
(Threat Level 2 and Consequence Level 4).............................................................. 34
Table 4-6. Regression Model Statistics for Original Research and With Case Studies
(Threat Level 2 and Consequence Level 4).............................................................. 36
viii
11. List of Figures
Figure 2-1. Data Set by Respondent ................................................................................... 5
Figure 2-2. Data Set by Project Type.................................................................................. 6
Figure 2-3. Data Set by Project Size................................................................................... 6
Figure 2-4. Data Set by Project Nature............................................................................... 7
Figure 3-1. Security Questionnaire Example.................................................................... 16
Figure 3-2. Security Practice Implementation Process..................................................... 19
Figure 4-1. Suggested SRI Questionnaire Modification................................................... 29
Figure 4-2. Web-based SRI Threat Assessment ............................................................... 30
Figure 4-3. Security-Influence Curve ............................................................................... 32
Figure 4-4. SRI Score Graphical Summary (Threat Level 2 and Consequence Level 4). 34
Figure 4-5. Regression Model for Original and Case Studies Data.................................. 35
ix
13. 1. INTRODUCTION
The events of 9/11 have had far reaching impacts on the country and have heightened the
security awareness of industry leaders responsible for critical infrastructure facilities.
The increased awareness has led to numerous security enhancing initiatives. Research
funded by the Demonstration and Technical Assistance Program of the Building and Fire
Research Laboratory (BFRL) at the National Institute of Standards and Technology
(NIST) and published as CII technical report BMM2004-10 (available through CII) and a
Grant Contractor Report, NIST GCR 04-865, identified best practices for project security.
The Construction Industry Institute (CII) working with NIST developed these practices
and a database for collecting data on their implementation. However, little data still exist
on the implementation of these practices. This lack of information impedes utilization of
the practices due to uncertainties about cost and schedule impacts as well as impacts on
established project processes. This research was funded as part of BFRL’s homeland
security R&D program and performed by CII at The University of Texas at Austin. It
complements the previous efforts by developing a comprehensive set of information
based on actual project execution experiences that documents key lessons learned from
implementing best practices for project security.
The material presented in this report also complements research being conducted by the
Office of Applied Economics (OAE) under BFRL’s homeland security R&D program.
OAE’s research focuses on developing economic tools to aid facility owners and
managers in the selection of cost-effective strategies that respond to natural and man-
made hazards. OAE’s research has produced a three-step protocol for developing a risk
mitigation plan for optimizing protection of constructed facilities (Chapman and Leng,
2004). The protocol helps decision makers assess the risk of their facility to damages
from natural and man-made hazards; identify engineering, management, and financial
strategies for abating the risk of damages; and use standardized economic evaluation
methods to select the most cost-effective combination of risk mitigation strategies to
protect their facility. This report covers key components of the first two steps of the
three-step protocol.
1.1 Background
The earlier research funded by NIST and completed by CII in 2004, identified best
practices for project security and a methodology for scoring the level of implementation
of these practices. In a follow-on effort, CII developed a framework for integrating these
practices into the project delivery process which was published in 2005 as a CII
Implementation Resource BMM-3, Implementing Project Security Practices. Based on
the input of industry experts, the implementation resource defines in detail a process for
integrating the security practices into all phases of project planning and execution and
suggests that this process will enable more cost effective security throughout the project
lifecycle. The lack of actual project data on use of the practices and impacts on
established project processes; however, hinders their acceptance.
1
14. CII also maintains a benchmarking database for capital facility projects containing
approximately 1 420 projects representing over $66 billion in total installed cost. More
than 700 projects in this database fall into the sectors of chemical manufacturing, energy
production and distribution, and transportation infrastructure. The projects drawn from
the three sectors include new construction, additions, and modernization projects, ranging
in cost from less than $5 million to in excess of $100 million. The richness of the CII
database provides an excellent data set for the selection of project specific characteristics
representative of exemplary projects. These characteristics were desired in the selection
of projects for a case-by-case analysis to fill the information gap on implementation of
security practices.
1.2 Purpose
The purpose of this research was to produce a comprehensive set of information based on
actual project execution experiences derived from implementing the best practices for
project security. Specifically, this investigation documents the level of security practice
implementation during the project delivery process using a nine-step procedure defined in
the CII Implementation Resource BMM-3 and described in Section 3.3 of this report. In
addition to recording a project team’s ability to implement the practices, this research
documents lessons learned for better integrating the security practices into the project
delivery process.
1.3 Scope and Approach
The scope of this research consisted of three distinct tasks, all limited to the chemical
manufacturing, energy production and distribution (to include oil production and refining,
natural gas processing and distribution, and power generation and distribution), and
transportation infrastructure sectors. The first task included a statistical analysis of a
broad-cross section of projects within the limits of these sectors. This analysis produced
baseline measures of performance used to establish a desired set of characteristics typical
of exemplary projects. These characteristics were drawn from industry norms on five key
outcomes: cost, schedule, safety, project development and scope changes, and field
rework.
The second task, using the characteristics identified from the Task 1 data analysis,
entailed the selection of a set of exemplary projects for a case-by-case analysis. The task
involved presentations to the project teams on the security best practices and the
proposed method for their implementation. Subsequent analyses included observation of
project team implementations using facilitated discussions to collect anecdotal
information resulting in a series of lessons learned. The lessons learned captured include
issues and difficulties with implementation efforts, perceived benefits for both completed
and ongoing projects, impacts on implementation caused by the facilitation process, and
implementation barriers.
2
15. All selected projects were domestic; however, each was located in differing regions
within the country ranging from the East Coast and Southeast to the Midwest and Gulf
Coast areas of the nation. The geographic dispersion of the projects afforded the
opportunity to observe security practice implementation under varying circumstances and
against a range of potential threats.
The final task of the research was the documentation of the results from Task 1 and Task
2 in this technical report. The report synthesizes the findings from both the statistical
analysis and the case-by-case analysis of the selected projects. This synthesis includes a
discussion of baseline measures of performance, a summary of significant findings
producing the lessons learned, and how to use the lessons learned to improve
implementation for future projects.
3
17. 2. STATISTICAL ANALYSIS
This section provides a summary of the statistical analysis of a broad cross-section of
projects drawn from the chemical manufacturing, energy production and distribution, and
transportation infrastructure sectors. A brief description of the data set is presented along
with performance outcomes for both owner and contractor organizations. Finally, an
overview of the security practices is provided in addition to a means to measure the
degree of implementation of these practices.
2.1 Description of Data Set
A total of 723 projects meeting the criteria specified by NIST were used for the analysis.
Data were first separated for owners and contractors and further categorized by project
type, project size and project nature. The three industry groups specified above
(chemical manufacturing, energy production and distribution, and transportation
infrastructure sectors) were separated into three distinct project cost categories: those
projects with a total installed cost of less than $15 million, those between $15 million and
$50 million, and those greater than $50 million. Each project was also categorized by
project nature as an addition, grass root, or modernization. Figures 2-1 to 2-4 provide
distributions of the number of owner and contractor data by respondent type, project type,
project size, and project nature.
Figure 2-1. Data Set by Respondent
310
413
0
50
100
150
200
250
300
350
400
450
1
Respondent Type
Number
of
Projects
Owner Contractor
5
18. Figure 2-2. Data Set by Project Type
5
187
118
179
207
27
0
50
100
150
200
250
Chemical
Manufacturing
Energy, Production
& Distribution
Transportation
Infrastructure
Project Type
Number
of
Projects Owner
Contract
Owner
Contractor
Figure 2-3. Data Set by Project Size
163
71 76
120
114
179
0
20
40
60
80
100
120
140
160
180
200
<$15MM $15MM ~ $50MM >$50MM
Project Size
Number
of
Projects
Owner
Contract
Owner
Contractor
6
19. Figure 2-4. Data Set by Project Nature
132
82
96
162
153
98
0
20
40
60
80
100
120
140
160
180
Addition Grass Root Modernization
Project Nature
Number
of
Projects
Owner
Contract
Owner
Contractor
Subject to the selection criteria discussed above, all projects in the CII database were
eligible for inclusion in this analysis. In some cases though, item responses were
excluded from the detailed analyses that follow because they were deemed to be
statistical outliers based on the decision rule described in Appendix A. The number of
projects represented in the tables was further reduced by item nonresponse and
confidentiality rules which are also explained in Appendix A. Thus, while the data in
Figures 2-1 through 2-4 above represent all the projects included in the analytic data set,
the data included in Tables 2-1 and 2-2 represent only those data values that are more
typical values throughout the entire distribution of projects.
All data are presented as aggregates to ensure that no individual project could be
identified in any of the charts or tables. When the risk of identifying a project in any
subcategory was increased due to the small number of projects in that subcategory, the
data for that subcategory are suppressed to ensure confidentiality. This was particularly
true for analyses of transportation infrastructure projects and change performance metrics
across most project types. For these cases, data are not shown within Tables 2-1 and 2-2
due to the CII Confidentiality Policy and are identified with the code “C.T.”
(confidentiality test).
Tables 2-1 and 2-2 summarize the key project outcomes for owner and contractor
projects respectively. In each summary, mean values are provided to establish industry
norms for five categories: cost, schedule, safety, changes, and field rework. To assist in
the analysis of the table data, the best performance in each category is shaded. Appendix
B contains metric definitions and formulas for each measure used within the table in
addition to project phase definitions.
7
20. 8
2.2 Project Outcomes - Owners
Within the key outcomes of cost and schedule, owner respondent projects achieved an
overall project cost growth of -4.9 percent with a mean schedule growth of 4.9 percent.
With respect to safety, owner projects reported a recordable incidence rate of 1.437 and a
remarkable lost workday case incidence rate of 0. While the lost workday case rate is
hard to comprehend on a sample this size, verification of the data reveals that any lost
workday incidents are statistical outliers which were stripped from the sample by the data
analysis rules documented in Appendix A.
In general, energy production and distribution projects experienced somewhat better
overall project cost performance compared to chemical manufacturing projects as shown
in the shaded cells of Table 2-1; however, the chemical manufacturing projects reported
stronger schedule performance than their energy counterparts. Insufficient data are
available to report for transportation infrastructure projects.
Within cost categories, larger projects greater than $50 million reported better project and
construction cost growth. This particular outcome is consistent with CII previous
experience due to larger projects typically reporting a greater use of performance
enhancing best practices. Overall schedule growth though, was better in the mid-sized
$15 million to $50 million category with the less than $15 million projects excelling at
construction schedule growth.
With respect to project nature, as expected grass roots projects reported the best project
cost and project schedule growth in comparison to addition and modernization projects.
Although grass root projects tend to be larger in size, they generally experience less
complexities and interferences common in the execution of addition and modernization
projects.
22. Mean N Mean N Mean N Mean N Mean N Mean N Mean N Mean N Mean N Me
ject Budget Factor 0.968 378 0.972 165 0.958 187 1.019 26 0.968 165 0.962 103 0.974 110 0.975 149 0.965 138
ject Cost Growth 0.044 379 0.051 163 0.030 191 0.101 25 0.052 159 0.036 104 0.040 116 0.041 148 0.055 143
truction Cost Growth
2
0.047 277 0.067 110 0.024 145 0.109 22 0.007 94 0.076 88 0.061 95 0.041 97 0.063 112
ject Schedule Factor 0.976 354 0.974 153 0.976 178 0.982 23 0.975 147 0.968 97 0.984 110 0.971 132 0.980 139
truction Phase Duration
10
Table 2-2. Summary of Project Outcomes - Contractors
an N
Pro 0.962 91
Pro 0.032 88
Cons 0.032 68
Pro 0.977 83
Cons (weeks)
2
66 301 63 127 62 153 111 21 41 91 64 95 88 115 66 95 76 130
ject Schedule Growth 0.028 357 0.036 156 0.019 182 0.048* 19* 0.043 144 0.015 101 0.021 112 0.030 134 0.026 142
truction Phase Schedule Growth
2
0.023 271 0.029 115 0.022 138 -0.001* 18* 0.036 79 0.013 83 0.022 109 0.020 83 0.026 124
ordable Incidence Rate 1.553 239 1.560 101 1.310 125 3.842* 13* 0.965 73 2.094 75 1.580 91 1.557 84 1.647 98
t Workday Case Incidence Rate 0.091 232 0.089 98 0.083 126 C.T. C.T. 0.018 74 0.115 67 0.133 91 0.109 78 0.102 100
lopment Change Cost Factor 0.076 57 0.020* 13* 0.094 43 C.T. C.T. 0.083 49 C.T. C.T. C.T. C.T. 0.109 31 C.T. C.T. 0
ope Change Cost Dactor 0.028* 19* C.T. C.T. 0.034* 15* C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T.
lopment Change Schedule Factor 0.120 38 C.T. C.T. 0.126 31 C.T. C.T. 0.131 32 C.T. C.T. C.T. C.T. 0.146 24 C.T. C.T.
ope Change ScheduleFactor 0.041* 12* C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T. C.T.
k Cost Factor 0.021 125 0.023 69 0.020 53 C.T. C.T. 0.016 35 0.022 44 0.024 46 0.024 50 0.020 56 0
k Schedule Factor 0.008 57 0.007 29 0.010 26 C.T. C.T. 0.006* 16* 0.010* 18* 0.008 23 0.005* 12* 0.009 36
Chemical Mfg.
(N = 179)
Energy,
Production &
Distribution
(N = 207)
Metric1
Transportation
Infrastructure
(N = 27)
All Contractors
(N = 413)
Project Type
Grass Root
(N = 153)
Mod
(N
Project Size Project Nature
<$15MM
(N =179)
$15MM -
$50MM
(N = 114)
>$50MM
(N = 120)
48 76
Pro 0.028 81
Cons 0.023 64
Rec 1.386 57
Los 0.044 54
Deve .040* 19*
Sc C.T. C.T.
Deve C.T. C.T.
Sc C.T. C.T.
Rewor .019* 19*
Rewor C.T. C.T.
Rework
Cost
Safety
Schedule
Change
ernization
= 98)
Addition
(N = 162)
1
Metric definitions are provided in Appendix B
2
Phase definitions are provided in Appendix B
* = Statistical warning indicator (less than 20 projects)
C.T. = Data not shown per CII Confidentiality Policy (less than 10 projects or submitted by less than 3 companies) as provided in Appendix A
= Better performance
23. 2.3 Project Outcomes - Contractors
In general, contractor respondents reported greater cost growth in comparison to owners;
however, this is likely reflective of the competitive nature of the bidding process resulting
in lean budget estimates and differences in the treatment of changes between owners and
contractors. The overall project cost growth of 4.4 percent is 9.3 percentage points
higher than the owner counterparts. In contrast, contractors experienced a project
schedule growth of only 2.8 percent; over two percentage points better than owners. This
likely is reflective of a lesser role in the drawn out planning and start-up phases.
Contractors also reported slightly higher safety recordable rates and much higher lost
workday case incidence rates, although, these rates are still very good in comparison to
Bureau of Labor Statistics (BLS) published norms.
By project type, the energy production and distribution sector performed best for most
cost, schedule, and safety metrics. It is interesting to note that the larger cost category of
projects for contractors underperformed the others in every measurable key outcome,
although this finding likely lacks statistical significance. This differs from the owner data
where larger projects experienced better project cost growth. Also of interest for the
contractors is the better performance of the modernization projects on cost and safety
metrics, although in most cases the differences lack any practical significance.
11
25. 3. SECURITY BEST PRACTICES AND MEASUREMENT
OF THEIR LEVEL OF IMPLEMENTATION
The statistical analyses in Section 2 provide characteristics for exemplary projects for
chemical manufacturing, energy production and distribution, and transportation
infrastructure based on the calculation of performance norms. Knowledge of the
performance of these projects would be useful as additional projects were selected for the
case-by-case analysis of security practice implementation required in Task 2 to produce
lessons learned.
Capitalizing on the expertise and knowledge base of CII with respect to best practices
within the construction industry, NIST contracted with CII to develop security best
practices and a quantifiable measure of their integration in the capital facilities delivery
process, which became known as the Security Rating Index (SRI). This section provides
an overview of the security best practices and the SRI which were published in 2004 as
BMM2004-10 (Thomas, et al., 2004). A process for implementation of these practices
was subsequently developed by CII and published in 2005 as Implementation Resource
BMM-3, Implementing Project Security Practices (CII, 2005).
3.1 Security Best Practices Overview
The joint NIST and CII study identified 33 security practices for implementation during
front-end planning through project start-up. In general, the practices identified project
activities in which security should be considered and perhaps integrated based on the
perceived threat and the worst case consequence of a security breach. Methodology for
assessing the level of threat and consequence is discussed in CII BMM2004-10 and CII
IR BMM-3. While specific details of security implementation will be particular to the
project at hand, the activities identified in the study provide the project team a
compendium of practices that should lead to improved security by raising awareness of
the need for security integration at critical stages of project planning and execution.
Table 3-1 lists all 33 practices, the project phase in which they apply, and the security
elements which they address. Project phases are defined in Appendix B and security
elements are defined following the table. As depicted in the Table 3.1 below, most
practices are applicable to multiple project phases and often address more than one
security element. A review of the table confirms that most practices are front-end loaded
and the relative importance of the practices likely varies considerably. The original NIST
and CII research determined through industry experts that activities occurring earlier in
the project should carry more weight in most cases than activities occurring later in the
project. A thorough discussion of the process for establishing the weights is provided in
CII BMM2004-10.
13
26. Table 3-1. The Security Best Practices
FEP D P CON SU Phy Per Info
1
Establishing project objectives (e.g., reliability and operating
philosophy, affordability and feasibility, constructability, future
expansion, etc.)
X X
2
Preparation of the specifications and requirements (e.g.,
civil/structural, architectural, water treatment,
loading/unloading/storage facilities, substation/power sources,
instrument & electrical, etc.)
X X X X
3
Developing and evaluating design criteria (based on vulnerability
assessment)
X X X
4 Developing project scope X X
5 Design and material selection X X X
6 Developing the engineering/construction plan & approach X X X X X
7
Developing the procurement/materials management procedures
and plans (e.g., warehousing, inventory control, key & lock control,
hazardous materials)
X X X X X X
8 Prequalification/selection of suppliers X X X X
9
Developing the pre-comm/turnover sequence/startup
requirements/objectives
X X X X X
10 Technology and process selection X X X
11 Determining required site characteristics and location X X
12 Preparing the permitting plan X X X
13
Developing the plot plan (i.e., layout, accessibility, gate
configuration, etc.) - retrofit & greenfield
X X X X X
14
Evaluation of various personnel issues (e.g., education/training,
safety and health considerations)
X X
15
Development of a distribution matrix for document control (e.g.,
drawings, project correspondence, CAD, as-built documents)
X X X
16
The project team was in alignment concerning the importance of
security issues identified in the project objectives.
X X X X X X X
17
Security-related equipment was defined and purchased with
appropriate input (e.g., O&M, Security Manager, etc.)
X X X X X
18
Identifying stakeholders for the project team (based on vulnerability
assessment)
X X
Security Element2
Phase1
# Activity in which security should be considered:
X X
14
27. FEP D P CON SU Phy Per Info
19
Establishing priorities between cost, schedule, and required project
features (based on vulnerability assessment)
X X X X X
20
Identifying and resourcing startup requirements (e.g., procurement,
personnel, training)
X X X X
21 Screening of the project team for appropriate level of clearance X X
22
Screening of contractor/subcontractor employees/delivery
personnel for appropriate level of clearance
X X X X X X
23 Identifying startup risks X X X X X X X
24 Developing/implementing startup security plan X X X X X X X
25 Developing system startup plan (reconciled with security plan) X X X X X
26 Developing training plans (e.g., job site, O&M, startup) X X X X X X X X
27 Assessing & communicating effects from change orders X X X X X
28
Developing/implementing construction site security plan (e.g., fire
protection and safety considerations, egress, emergency responder
access, process shutdown)
X X X X X
29 The project had a designated site security coordinator X X X X X
30 Developing business partnerships/alliances X X X X X X X X
31
Project information systems security plan (e.g., firewalls, wireless
security, passwords, access controls)
X X X X X
32 Security breaches/incidents were routinely investigated X X
33
Developing emergency response plan in coordination with local
authorities
X X
Security Element2
Phase1
# Activity in which security should be considered:
1
Phase definitions are provided in Appendix B. Phase abbreviations are as follows:
• FEP: Front End Planning
• D: Design
• P: Procurement
• CON: Construction
• SU: Start-Up
2
Security Elements Definitions (Center for Chemical Process Safety, 2002):
• Physical security considerations include equipment, building and grounds design, and security
practices designed to prevent physical attacks on facilities, persons, property, or information.
• Personnel security includes practices and procedures for hiring, terminating, and addressing
workplace issues; screening or background checks of employees.
• Information security refers to practices and procedures for protection of documents, data,
networks, computer facilities, and telephonic or other verbal communication.
15
28. 3.2 Measuring the Degree of Security Practice Implementation
The Security Rating Index published in CII BMM2004-10 provides a means to
quantitatively assess the level of security practice implementation for a specific project.
Project teams assess the level of implementation by answering questions concerning the
degree that security was considered while performing typical project tasks. There are 33
questions, one for each security practice; however, questions may be asked multiple times
as most of the practices are relevant to multiple project phases. The questions are framed
by the statement that “Security was a consideration in…” followed by a specific project
task pertinent to the project phase. Figure 3-1 provides sample questions and the six
possible responses ranging from Strongly Disagree to Strongly Agree in addition to a
non-applicable / unknown response. A complete list of the 33 security practices in
questionnaire format is provided in Appendix C.
Figure 3-1. Security Questionnaire Example
Security was a consideration in
Strongly
Disagree
Disagree
Neutral
Agree
Strongly
Agree
NA/Unknown
establishing project objectives (e.g., reliability and
operating philosophy, affordability and feasibility,
constructability, future expansion, etc.).
preparation of the specifications and requirements (e.g.,
civil/structural, architectural, water treatment,
loading/unloading/storage facilities, substation/power
sources, instrument & electrical, etc.).
developing and evaluating design criteria (based on
vulnerability assessment).
Each security question was weighted using the analytical hierarchy process (AHP) to
better reflect its relative importance for security based on the opinion of industry experts.
The resulting weights from this process provided the foundation for the SRI scoring
algorithm used to calculate a Phase SRI score. The algorithm calculates an overall
project score that assesses practice implementation on a scale of 0 to 10, with a higher
score representing a higher level of implementation. A detailed description of the scoring
algorithm and the method of calculating the SRI score can be found in CII BMM2004-10.
As discussed in CII BMM2004-10, SRI scores must be viewed in the context of threats
and consequences of potential security breaches (Thomas, et al., 2004). Projects with
differing characteristics, such as location, infrastructure criticality, and potential
environmental impacts have differences in adversarial threat and consequences of a
16
29. security breach and thus, require differing levels of security practice implementation.
Determination of project threat and consequence levels therefore, provides a common
basis for comparing levels of security implementation among projects. Table 3-2 and
Table 3-3 depict the Threat and Consequence Level assessment matrices for project team
use developed by the original NIST and CII research. Use of these matrices is fully
discussed in CII BMM2004-10.
As depicted in Table 3-2, the threat ratings range from Very Low to Very High on a scale
from 1 to 5. Project teams with the assistance of company security and risk assessment
professionals evaluate their project threat level based on a potential adversary’s capability
to conduct an attack, their intent to attack the project, and historical events identifying
cases where similar facilities have been attacked.
Table 3-2. Threat Levels
Threat Rating Description
5 - Very High Indicates that a definite threat exists against the asset and that the
adversary has both the capability and intent to launch an attack or
commit a criminal act, and that the subject or similar assets are targeted
on a frequently recurring basis.
4 - High Indicates that a credible threat exists against the asset based on
knowledge of the adversary’s capability and intent to attack or commit a
criminal act against the asset, based on related incidents having taken
place at similar assets or in similar situations.
3 - Medium Indicates that there is a possible threat to the asset based on the
adversary’s desire to compromise similar assets and/or the possibility that
the adversary could obtain the capability through a third party who has
demonstrated the capability in related incidents.
2 - Low Indicates that there is a low threat against the asset or similar assets and
that few known adversaries would pose a threat to the asset.
1 - Very Low Indicates no credible evidence of capability or intent and no history of
actual or planned threats against the asset or similar assets.
The Consequence Levels depicted in Table 3-3 quantify the worst-case outcome of a
successful attack on the project. The scores, similar to the Threat Levels, range from
Very Low (1) to Very High (5) and again depend on the project team’s assessment of 1)
the types of injuries that would occur, 2) the potential environmental impact, 3) resulting
property damage, and 4) likely business interruptions. As with the threat assessment,
project teams should obtain input from company security and risk management personnel
when making this assessment.
Following the threat and consequences assessment for the project, an appraisal is made of
the security practice use using the questionnaire in Appendix C to obtain the SRI score.
17
30. The SRI questionnaire, in addition to providing a quantitative assessment of practice use,
provides project teams a checklist to facilitate integration of security into project tasks
according to typical project phases. Once sufficient data are available, norms can be
established to compare projects with similar threat and consequence levels (Thomas, et
al., 2004).
Table 3-3. Consequence Levels
Consequence
Category Description
5 – Very Severe ● Possibility of any offsite fatalities; possibility for multiple onsite
fatalities
● Extensive environmental impact onsite and/or offsite
● Extensive property damage
● Very long term business interruption/expense
4 – Severe ● Possibility of any offsite injuries; possibility for onsite fatalities
● Significant environmental impact onsite and/or offsite
● Significant property damage
● Long term business interruption/expense
3 – Moderate ● No offsite injuries; possibility for widespread onsite injuries
● Moderate environmental impact onsite and/or offsite
● Moderate property damage
● Medium term business interruption/expense
2 – Minor ● Possibility for onsite injuries
● Minor environmental impact only
● Minor property damage
● Short term business interruption/expense
1 – Very Minor ● Possibility for minor onsite injuries
● No environmental impact
● Little to no property damage
● Little to no business interruption/expense
3.3 Implementation Process for the Security Practices
The SRI can be an effective means of assessing security implementation; however, it is
often difficult for project teams to adequately use the tool without a structured
implementation process. Recognizing this barrier, CII published a nine-step
implementation process to assist project teams with implementation of the security
practices and use of the SRI. This section provides an overview of the nine-step process.
The nine steps in Figure 3-2, reprinted from IR BMM-3, provide a structured process to
integrate security into each phase of the project delivery process. For a detailed
description of the implementation process, to include examples of the phase checklist and
activity risk matrix, see Chapter 3 of IR BMM-3.
18
32. In Step 1, “Review phase checklist before phase start”, project teams review the activities
in Table 3-1 for the upcoming project phase to gain an understanding of the security
practices relevant to their project for the phase which they are entering. As part of
developing the activity risk matrix in Step 2, the project team must identify applicable
risks to the project, classification of risks by security element, and the means of
mitigating the risk. Step 2 also includes the project team’s initial assessment of the
project threat and consequence level. A detailed activity risk matrix enables the team to
better identify the security practices in Step 3 that are applicable to the upcoming project
phase. Identification of the applicable practices enables the project team to focus on
implementing in Step 4, only those practices that are essential for the risks given their
threat and consequence assessments. Step 5, “Complete questionnaire and calculate
phase SRI score”, provides the team with an initial assessment of the level of security
implementation and should also give them a means to compare their level of
implementation to other projects once a database of SRI scores is developed. Completion
of the questionnaire and scoring of the SRI is accomplished using CII’s web-based data
collection and scoring tool known as the SRI Tool.
Since project phases can last many months or even years, periodic review and update of
the threat and security practice use are encouraged in Steps 6 and 7. The purpose of the
review is to identify changes in the threat and activity risk matrix and update security
practice use as appropriate. Periodic reviews also provide the team with an opportunity
to validate initial responses to the security questionnaire by updating practice use
assessments to reflect changes in implementation. Upon completion of a project phase,
the team conducts a post-phase implementation review in Step 8 to identify lessons
learned from the completed phase to improve implementation during upcoming phases.
This enables a structured review of implementation prior to phase close-out in Step 9 to
evaluate the effectiveness of risk assessments and security practice implementation.
20
33. 4. LESSONS LEARNED FROM SELECTED PROJECTS
This section contains the results of Task 2 documenting the lessons learned from projects
selected for implementation of the security practices. The Task 1 statistical analysis
provided the desired set of characteristics for industry exemplary projects to assist in
identifying projects for implementation of the security practices. With knowledge of
characteristics of projects desirable for implementation analysis, CII sought from its
membership projects to serve as case studies for documentation of lessons learned.
Section 4.1 describes the methodology used to obtain projects that would produce both
quantitative and anecdotal information as the basis for lessons learned. Section 4.2
provides a description of the selected case study projects and Section 4.3 documents the
lessons learned to include perceived benefits from implementing the project security
practices.
4.1 Task 2 Methodology
Early in the research, CII distributed a one-page document requesting industry
participation and outlining the case study approach. The request was disseminated to
companies with projects likely to meet the desired exemplary project characteristics
desirable for the research. The request for participation outlined assistance required in
the gathering and documentation of security practice implementation issues. Minimal
restrictions were placed on the completion status of prospective projects, but the
solicitation document suggested that projects in the front-end planning and design phases
would prove ideal due to the majority of security practices extant in those stages of
project development.
In an effort to garner support for the research, CII highlighted the following benefits to
participation in the study: exposure to and understanding of the security best practices,
access to knowledge captured within the original research, and the opportunity to
contribute to improved industry security through the identification of lessons learned in
the implementation of the security best practices. The document also confirmed CII’s
strict adherence to policies of confidentiality and provided participants the opportunity to
review the case study findings prior to publication.
Following dissemination of the request for participation, CII carefully followed up with
prospective organizations, a step which proved critical to obtaining participation.
Conference calls were scheduled with interested teams. The purpose of the initial
conference call was to inform the project team of the planned approach for the case
studies, provide an initial orientation on the use of the security practices, and to identify
issues the project team may have had concerning their participation. The conference call
provided the project teams with a background on the original NIST and CII research on
the security practices and an overview of the nine-step implementation process. A
specific goal of the call was to assure project teams that security practice implementation
required no formal training and simply involved integrating security practices into
21
34. existing project team processes. In addition, the conference call served to assure teams
that: the process was not an assessment of security posture, but rather of security practice
implementation, that company and project confidentiality would be maintained, and that
specific project data from the study were available only to qualified CII staff. Following
the conference call, a face-to-face meeting was scheduled.
A purpose of the face-to-face meeting was to provide project teams a more detailed
orientation on the use of the security practices. Expected outcomes of the meeting
included team familiarization with the security practices, the nine-step implementation
process, and available implementation tools (SRI Tool). A secondary purpose of the
meeting was to capture initial feedback that could result in future lessons learned. The
agenda for the meeting outlined the sequence of events, estimated time requirements, and
event description as given in Appendix D. During the meeting, facilitated evaluations of
the project threat and consequences of a security breach were conducted and the team
answered security practice questions for their specific project. Project team responses to
the security practice questionnaire were used to generate an SRI score using CII’s secure
web-based SRI Tool. To assist project teams with an understanding of the practices and
the implementation process, a reference card included in Appendix E was developed and
distributed to team members. The four page document summarizes the security practices,
the nine-step process for implementation, and the threat and consequence matrices. Team
members were also provided a link and password to access CII’s website for access to the
SRI Tool and numerous references as additional background material. At the conclusion
of the meeting, all participants agreed upon a path forward to continue security
implementation and to gather feedback for potential lessons learned. A point of contact
for each project team was identified to facilitate discussion and provide data for entry into
the SRI questionnaire producing a score for their project.
Follow-up with each project team was initially made via email and telephone. If the
project team indicated success with implementation of the security practices and use of
the SRI Tool, no additional face-to-face meeting was scheduled and all subsequent
feedback to include SRI scores and lessons learned were obtained by telephone or email.
However, if a project team expressed interest in additional hands-on facilitation or
expressed difficulty in practice implementation and SRI scoring, a second face-to-face
meeting was scheduled with key project personnel.
The second meeting permitted additional facilitation in use of the practices,
documentation of challenges to implementation, and the gathering of data on security
practice implementation benefits. The second meeting afforded a more detailed
understanding of the challenges and benefits realized by the project team during security
practice implementation and assisted with the documenting of lessons learned for future
implementation. The agenda for the second meeting is provided in Appendix F.
From the face-to-face meetings and email and telephone updates, project teams provided
sufficient information to document lessons learned and SRI scoring data. Although the
documentation of lessons learned was the primary objective of this research, SRI data
were also analyzed to determine statistical differences in scores from this research and
22
35. scores gathered during the original research in 2004. Analyses of means and variances
were performed for SRI scores of projects with similar threat and consequence levels to
assess differences in scores resulting from the facilitated approach to use of the practices
implemented in the case studies. After assessing differences in the two data sets, the new
data were added to the original data to update statistical models relating SRI scores to
consequence levels for a given level of threat. These models are documented in a
doctoral dissertation produced in conjunction with the original research (Sylvie, 2005).
4.2 Description of Selected Projects
As a result of the project selection process, three projects from separate organizations
were chosen for analysis providing a mixture of public and private sector projects from
the petro-chemical and transportation infrastructure sectors. However, shortly before the
face-to-face meeting with the public sector organization, hurricane Katrina occurred
disrupting the transportation infrastructure project and forcing a change in the projects
available for analysis. The final set of projects analyzed included four chemical and
petro-chemical projects from two private companies. The four projects afforded analysis
of implementation data and SRI scores for nine phases of project life cycle. Similar to
the original research, all projects were from the heavy industrial sector with an emphasis
on chemical manufacturing and petro-chemical processes.
Although actual cost data were provided for only one of the four projects, estimates from
the scope of projects place two of the projects within the over $50 million cost category
and the remaining two projects in $15 million to $50 million cost category. Fortunately,
the projects consist of both the addition and grass roots classifications providing the
opportunity to observe implementation of the security practices over both of these project
types. This was particularly important since the issues of security practice
implementation vary considerably among the different classifications. Even though all
analyzed projects were domestic, each came from differing regions within the United
States from the East Coast and Southeast to the Midwest and Gulf Coast areas. The
geographic dispersion of the projects across the country afforded the opportunity to
observe security practice implementation under varying circumstances and against a
range of potential threats.
Participating project teams consisted of project-level personnel with either direct or
indirect organizational (corporate) level security input. Indirect input includes those
resources that were available to the project team, but not assigned to the specific project.
While most project teams had indirect organizational input, one team included the direct
services of their corporate Health, Safety, and Environmental specialist whom assisted in
all discussions. A majority of the teams were composed of project-level personnel
including project managers, construction managers, and project engineers with two to
four members participating per project.
One project team incorporated significant contractor input during all interviews and SRI
score assessments. This greatly assisted the research by creating a broader perspective on
23
36. the project team’s ability to implement the practices which enhanced the lessons learned
from the implementation process.
Members of the project teams participated in a facilitated SRI scoring session for their
projects producing the nine phase SRI scores presented in Table 4-1. The projects are
identified as A through D to maintain the confidentiality of the projects. The nine phase
SRI scores are categorized by project, threat and consequence level, and phase of project
execution. Scores are provided on a 0 to 10 scale for the phases shown. Calculation of
SRI scores is described in detailed in CII BMM2004-10 (Thomas, et al., 2004).
Table 4-1. Case Study Phase SRI Scores
Project Threat Consequence Phase Score
A 4 4 FEP 6.57
FEP 7.68
B 2 4
Design 8.14
FEP 8.01
Design 7.25
Procurement 8.35
Construction 7.72
C 2 4
Start-Up 7.71
D 3 3 FEP 8.45
The nine project phases for which scores were assessed from the four selected projects
consist primarily of the early project phases of front-end planning (FEP) and design.
This is fortunate since security practices implemented in these phases have more cost-
effective impacts on project security as determined in the NIST and CII research. Out of
the 79 total questions (33 with replications for project phases) within the SRI
questionnaire, over 60 percent survey practices that are implemented prior to the
construction phase. In addition these practices are weighted more heavily than practices
implemented in the later project phases (Thomas, et al., 2004).
As in the original research on the security practices, all data analysis is performed using
phase SRI scores rather than project scores due to the relatively small data set. Also, only
one of the four projects had completed all five project phases due to the relatively short
duration of the case studies in comparison to estimated project completion time and a
desire to study teams in the early phases of planning and design. Current, rather than
completed projects, better provided an opportunity to observe project teams
implementing the security practices and their challenges to implementation.
Seven of nine SRI scores in this research come from projects assessed at a Threat Level 2
as compared to a majority coming from a Level 1 assessment in the original research.
This may be due to the facilitated approach in arriving at a consensus threat assessment
or it may be the result of the type of projects targeted for this research; specifically the
industrial projects thought to be at greater risk. Three of the four case study projects
reported worst case Consequence Levels of 4 with the other reporting a level of 3. This
also distinguishes this data set from the original where half of the projects reported
24
37. Consequence Levels of 1 or 2 and nearly as many reported Level 3 as Level 4. Again
either the facilitated process of establishing ratings or the potentially greater consequence
of security breach for chemical and petro-chemical projects could be the cause of the
differences. The higher consequence levels of this research are consistent with the type
of projects used in the case study.
Two of the projects in this research used the traditional design-bid-build project delivery
process. The other two projects used the design-build and multiple design-build delivery
systems. The distribution of project delivery systems in this research is similar to that of
the original research.
4.3 Lessons Learned Findings
Previous sections presented the methodology followed in this research and described the
projects selected for case study analysis for the development of information on the
implementation of security best practices. This section documents the lessons learned
from the implementation of these practices and identifies specific recommended
modifications to the implementation process and SRI Tool based on project team input.
The opportunity to observe project teams during the implementation of the security best
practices and use of the SRI Tool produced a considerable amount of information on the
project team’s ability to implement the practices, benefits perceived by the teams from
use of the practices, and barriers to practice implementation. This information is
captured as lessons learned in the following four sections: Section 4.3.1 documents
difficulties that project teams experienced in achieving consensus threat and consequence
assessments and provides a recommended technique to assist in achieving this consensus,
Section 4.3.2 identifies suggested changes to the CII web-based SRI scoring tool to
improve usability and increase project team comfort with the system, and Section 4.3.3
discusses benefits of security practice implementation. Finally, Section 4.3.4 provides
SRI score analysis using data collected in this research and the original NIST and CII
research to assess impacts on the SRI scores of changes to the security best practices
implementation process developed through these case studies.
4.3.1 Techniques for Evaluating Threat and Consequences
Figure 3-2 depicted the nine-step process for implementation of the security best
practices as defined in the CII Implementation Resource BMM-3 (CII, 2005). Step 2 of
the process requires the development of an activity risk matrix to assist the project team
in selecting the security practices most relevant to the project. Prior to developing the
risk matrix, the implementation resource suggests that the project team assess the threat
and consequence levels for their project to better enable the team to develop the risk
matrix. Project teams participating in the case studies; however, experienced difficulty in
reaching a consensus on threat assessments and to a lesser extent, consequence
assessments. Observation of the teams revealed that team personnel, especially when
supported by organizational security specialists, possessed the necessary experience and
25
38. technical knowledge to accurately assess the threat, but the lack of a systematic
assessment process for teams to follow led to difficulties in achieving consensus.
To address this problem, a four-step process was developed with project team input to
systematically address the threat from potential adversaries and better achieve a
consensus on threat assessment. These steps included:
1. Identify likely potential adversaries.
2. Assess each adversary’s capability to conduct an attack on the project.
3. Assess each adversary’s intent to attack the project.
4. Look at current and historical events to identify attacks on similar projects
by these adversaries.
Once likely threats were identified, teams assessed the capability of the adversary to
attack their project. This capability was assessed from characteristics such as technical
and tactical competence and access to resources. Assessment of an adversary’s intent
required analysis of the reasons for conducting an attack and an adversary’s potential
gains from the attack. A review of historical data on attacks for similar projects
provided the project team an additional perspective on capabilities and intent.
As the teams considered each adversary, they recorded their assessments in a matrix
format similar to Table 4-2. In addition to adversary, capability, intent, and evaluation of
historical events, elaborating remarks, and threat level assessments using the criteria and
scale from Table 3-2 were recorded. The 4-step process structured the identification and
evaluation of individual threats and by organizing these data, the team was better able to
arrive at a consensus threat level rating. Using these steps, project teams established a
comprehensive list of credible, potential threats to facilitate an overall project threat
assessment. For the example shown in Table 4-2 below, the team determined that the
most credible threats for their project included a disgruntled worker and an activist
seeking press. By focusing on these specific threats, the team could better arrive at a
consensus assessment for the overall project threat rating. As shown by the bolded fields
in the table, assessments for the disgruntled worker and activist seeking press drove a
consensus threat rating of 4.
Table 4-2. Threat Level Assessment Matrix
Adversary Capability Intent
Recent
Events
Remarks Level
Terrorist attack High Low Low
High population and profile
targets not similar to current
project
2
Disgruntled
worker
High High Moderate
Similar events occurred in the
past but at very low rates
4
Activist sniper Moderate Low Low
Little intent to endanger others or
themselves
3
Activist
seeking press
High High High
Recurring events confirm high
level of threat for this action
5
26
39. Although project teams experienced less difficulty in reaching a consensus on
consequence assessments, a similar systematic process was devised to assist with the
process. Project teams answered specific questions about the worst case scenario
resulting from an attack from the adversaries identified during the threat level
assessment. The consequence assessment used the criteria and scale provided in Table 3-
3 to assess consequences attributed to each adversary.
Again a 4-step process, listed below, was used to address each of the criteria developed in
Table 3-3 to assess the worst case scenario of an attack and a matrix was used to record
and organize assessments. The steps of the process are shown below:
1. Identify severity and location of incident: injury or fatality, on-site or off-
site.
2. Assess potential for environmental impact: none to extensive.
3. Determine expected property damage: none to extensive.
4. Identify likely business interruptions: little to very long term.
Depicting these assessments in a matrix format as before provided the project teams with
a means to more easily compare consequences of security breaches from each threat and
assisted in determining the overall consequence rating due to the worst case consequence.
Table 4-3 depicts an example consequence level assessment matrix with the overall
project assessment highlighted in bold italics.
Table 4-3. Consequence Level Assessment Matrix
Possibility of Injury
Environmental
Impact
Property
Damage
Business
Interruption
Consequence
Level
Offsite fatality; Multiple
onsite fatalities
Extensive Extensive Very long term 5
Any offsite injury;
Onsite fatality
Significant Significant Long term 4
No offsite injuries;
Widespread onsite
injuries
Moderate Moderate Medium term 3
Onsite injuries Minor Minor Short term 2
Minor onsite injuries None
Little /
None
Little / None 1
In this example, a project team assessed the possibility of injury, environmental impact,
and property damage all at a Consequence Level of 3 using the criteria and scale of Table
3-3. Only a short term worst case business interruption received a Consequence Level 2
assessment; therefore, the project received an overall Consequence Level 3 assessment.
By addressing threat and consequence assessments in this manner, project teams were
more able to develop the activity risk matrix as part of the nine-step implementation
process. The activity risk matrix documents security risks categorized by security
element (physical, personnel, or information) and the measures selected to mitigate the
27
40. security risk (CII, 2005). The brainstorming process used by the project team to arrive at
the threat and consequence level assessments enabled the group to identify a more
complete list of security risks and thus, a more complete activity risk matrix.
4.3.2 Modifications to Web-based Scoring Tool
The nine-step implementation process discussed in Chapter 3 encourages project teams to
use the CII web-based questionnaire (SRI Tool) to record their threat and consequence
levels and to assess their level of security practice implementation. Assisting the case
study project teams with the use of this tool provided excellent general feedback and two
specific instances for improving the web-based tool.
First, project teams confirmed their ability to effectively use the SRI Tool to assess
security practice use and to generate an SRI score quantifying the level of use. The ease
of system use allowed teams to conduct multiple assessments with interim project phase
scoring sessions. This repetition, in turn, enabled teams to become more familiar with
the practices themselves and ultimately reduced the total time to complete an assessment
and scoring session. Project teams indicated no difficulties in understanding and
answering all 33 security practices within the questionnaire. This finding is particularly
important since the tool was designed for use with no formal training. One suggestion;
however, was identified to improve questionnaire clarity by ensuring that project teams
properly framed each question with “Security was a consideration in:” followed by the
activity where security should be incorporated. When this was done project team
members found it easier to answer the Likert-type scaled responses.
Figure 4-1 provides a suggested reorganization of information provided on the computer
screen to ensure that respondents frame the questions with the lead-in phrase “Security
was a consideration in:” as they answer the questions. By placing the lead-in phrase
closer to the phrase that describes the practice: in this case, “establishing project
objectives” the intended question becomes clearer and therefore, the response should be
of higher quality. Also, the project ID number and name should be moved away from the
question to allow the respondent to focus further on the question being asked.
28
41. Figure 4-1. Suggested SRI Questionnaire Modification
Figure 4-2 depicts a minor but important modification to the threat assessment screen for
the front end planning project phase. Project teams recommended changing the
“Submit” button at the bottom of the web pages to a “Continue” button. Although the
“Submit” button merely saves the page data and continues with the questionnaire, this
was not clear to the teams and they thought that clicking on the button actually submitted
data to CII before they were ready to do so. Of importance to project teams is their
ability to maintain control of all SRI data until they make a decision to submit it to CII.
Changing the button from “Submit” to “Continue” will remove any ambiguity and
eliminate a potential barrier for project team use.
29
42. Figure 4-2. Web-based SRI Threat Assessment
Overall, project teams confirmed their comfort with and the ease of use of the web-based
SRI Tool. Use of the tool provided an additional benefit of team security awareness.
Responding to the security practice questionnaire assisted project teams with identifying
aspects of project security often not considered previously. The questionnaire, as
intended, served as an effective security checklist.
4.3.3 Benefits of Security Practice Implementation
Probably the most significant finding identified through the case studies is the recognition
that the security practices and SRI Tool provide project teams access to a flexible and
structured framework for the integration of security early into the project delivery
process. This framework proved applicable to projects of varying characteristics such as
grass roots or additions. Project teams identified particular benefits of implementation of
the practices on projects when companies have no formal or only weak security
procedures. This attribute was noted by a contractor; because contractors work with a
wide array of owner companies that may or may not have well-defined security
procedures, the security practice implementation process provides a well-researched and
structured process for implementing security on projects regardless of an owner’s
emphasis on security. Project managers and engineers stated that the implementation
process was flexible and easily adaptable to projects, even where the organization had
formal, top-driven security procedures.
Two of the four case study project teams reported that their companies imposed a top-
down driven security process managed by corporate security personnel. Initially, these
teams expressed concern that their directed procedures dictated their approach to security
30
43. implementation and that this would ultimately reduce the effectiveness of or the need for
the NIST and CII security practices and nine-step implementation process. A team even
stated that the existence of an organizational security process often precluded them from
integrating security into the project delivery process at the project level. After additional
discussion; however, the team concluded that the NIST and CII procedures for security
practice use did not conflict with corporate guidance, and even actually increased their
involvement with security implementation on the project.
The practices provided the teams with a structured process that could perhaps even assist
them in complying with company security requirements. The flexible nature of the SRI
Tool could be used to quantify use of security practices directed by corporate security
programs as well as practices identified in CII BMM2004-10. Since the practice and SRI
Tool were developed for project team use, they can actually assist in getting the project
team involved with security, which is a particular benefit for companies that manage
security at the corporate level. The SRI Tool provides the team with qualitative and
quantitative feedback that they can share with corporate security managers and it can also
assist with the identification of redundant requirements. Comparison of output across
multiple projects provides companies a new perspective on security awareness and
implementation.
The timing of practice implementation forces companies to consider security early in the
project lifecycle when it can be addressed in a more cost-effective manner. As noted in
CII BMM2004-10, the Security-Influence Curve depicted in Figure 4-3 indicates a
greater ability to influence security in a cost-effective manner in the early planning
phases of a project than during the execution phases. Security add-ons later in the
construction and start-up phases tend to produce cost overruns and schedule impacts and
almost always ensure higher security costs. Recommended security modifications based
on the project team input early in the planning phases of the project will reduce the
amount of change orders needed within the construction phases of a project.
31
44. Figure 4-3. Security-Influence Curve
Case study findings also suggest a benefit to using the security practices on recently
completed projects as well. The flexibility of the SRI Tool and the nature of the data
collected permit assessments as part of project post-mortems. For example, one project
team using the tool on a recently completed project identified a need to improve the
screening of contractor and subcontractor employees and delivery personnel for an
appropriate level of clearance. After evaluating this project, the team felt that they did
not adequately plan for security for subcontractor personnel assisting with startup
procedures. That project team experienced difficulty when screening these workers late
in the construction and early in the startup phases of the project. By identifying this
deficiency as part of a post-project review, the project team emphasized the screening of
startup subcontractor personnel early in the startup planning for an ongoing project,
resulting in a higher level of security awareness and more effective implementation.
4.3.4 SRI Score Analysis
The original research hypothesized that a meaningful relationship could be established
between threat level, consequence level, and SRI scores, yet it stopped short of
establishing these relationships do to a lack of data available at the time. The
establishment of a statistically significant relationship could prove valuable in
determining norms for security practice use for various levels of threat and consequence
(Thomas, et al., 2004). Although the original research documented in CII BMM2004-10
did not establish the relations between threat, consequence, and SRI score, preliminary
relationships were provided in the academic research conducted in conjunction with the
32
45. research and these are documented in the dissertation of the graduate research assistant,
Jon Sylvie (Sylvie, 2005). It is useful to determine if the data collected in the case
studies research can be combined with the original data for further analysis of these
relationships. The following paragraphs compare the scores received during the case
studies with those generated during the original research conducted by CII. Also, the
original models documented in Sylvie’s work establishing the relationships between
consequence level and SRI score for a given threat level are updated to assess the impacts
of the new data.
4.3.4.1 Differences in Case Studies and Original SRI Scores
The ease of use of the web-based tool contributed to case study project teams completing
nine phases of questions producing SRI scores for each phase. Although complete
project SRI scores to include scores for each project phase would be desirable, analysis of
phase data is acceptable as discussed in section 4.2 and CII BMM2004-10 (Thomas, et
al., 2004). Table 4-4 presents the SRI scores for each phase scored for each of the case
study projects.
Table 4-4. Case Study Phase SRI Scores
Project Threat Consequence Phase Score
A 4 4 FEP 6.57
FEP 7.68
B 2 4
Design 8.14
FEP 8.01
Design 7.25
Procurement 8.35
Construction 7.72
C 2 4
Start-Up 7.71
D 3 3 FEP 8.45
As shown in the table, seven of the nine phase scores were from projects with Threat
Level 2 and Consequence Level 4. The original research produced eleven phase scores
with Threat Level 2 and Consequence Level 4. For the most meaningful comparisons,
these seven case study scores are compared to the eleven original study scores with the
same threat and consequence levels for analysis of differences in means and variability.
These phase score comparisons are made in Table 4-5 and Figure 4-4 below.
Figure 4-4 uses a Box-Whiskers Plot to compare the two data sets. The “whiskers”
extend from the minimum value to the 25th
percentile and from the 75th
percentile to the
maximum value for each data set. The “box” contains the inter-quartile range—the
middle 50 % of the observations. The 25th
percentile, 50th
percentile (median), and the
75th
percentile are shown as vertical lines or “hinges” in the box for each data set. The
mean value of each data set is designated by a small diamond within the box.
33
46. Table 4-5. SRI Score Descriptive Summary for Original Research and Case
Studies Data (Threat Level 2 and Consequence Level 4)
Original Research Case Studies
Mean 7.66 7.84
Minimum 6.09 7.25
First Quartile 6.16 7.68
Median 7.53 7.72
Third Quartile 8.99 8.14
Maximum 9.71 8.35
Range 3.62 1.10
SD 1.485 .361
n 11 7
Figure 4-4. SRI Score Graphical Summary for Original Research and Case
Studies Data (Threat Level 2 and Consequence Level 4)
Original and Case Studies Data
(Threat Level 2, Consequence Level 4)
Original Data
(Sylvie, 2005)
Case Studies Data
6.00 6.75 7.50 8.25 9.00 9.75
Phase SRI Score
A comparative analysis of the two data sets reveals a striking difference. While both the
original and case studies data have somewhat similar means and medians, they have very
different variances. Statistical tests for differences in the means and variances are
provided in Appendix G. These tests confirm what is apparent from Table 4-5 and Figure
4-4, while the difference in means is not significant; the difference in variance is highly
significant. Caution is appropriate though when drawing conclusions from the small
samples available.
A review of the differences in process for data collection between the original research
and the case studies is useful for interpreting the differences in scores. The most notable
difference in the data collection process was the face-to-face facilitation with the case
study project teams as previously described. The increased interaction with these teams
34
47. had the potential to significantly affect the data received. Possible impacts include higher
case study scores due to the increased security awareness and familiarity with the security
practices and implementation process. This of course is not supported by the data.
However, a better understanding by the project teams of the process for implementation
of the security practices could result in higher quality data that more accurately reflects a
project’s level of security implementation. The reduction in variability of case study
scores may be an indication of this.
4.3.4.2 Impact on Original Regression Models
Preliminary regression models established in the academic research in conjunction with
the original research produced relationships between threat level, consequence level, and
the SRI score. These consisted of simple linear models regressing phase SRI scores
against consequence levels for the levels of threat reported. This research recreated the
regression models from the original research for Threat Level 2 projects (7 of the nine
case studies scores) to assess the impact of the addition of the newer data. Figure 4-5 and
Table 4-6 depict the relationship from the original research and updates it to include the
seven scores from the case studies. A complete summary of the regression models is
provided in Appendix G.
Figure 4-5. Regression Model for Original Research and Case Studies Data
(Threat Level 2 and Consequence Level 4)
Regression Analysis With & Without Case Studies Data
(Threat Level 2)
Original Data (n=24)
y = 1.7054x + 1.0282
R2
= 0.4840
With Case Studies (n=31)
y = 1.7029x + 1.0335
R2
= 0.5354
0
2
4
6
8
10
1 2 3 4 5
Consequence Level
SRI
Score
Case Studies Original
35
48. Table 4-6. Regression Model Statistics for Original Research and With Case
Studies (Threat Level 2 and Consequence Level 4)
Regression Statistics
Original Research With Case Studies
R Square 0.4840 0.5354
Standard Error 1.7608 1.5424
Level of Significance 0.0002 0.0000
Observations 24 31
The new model updated to include the case study observations is very similar to the
original model; however it has been improved in all summary statistics. Figure 4-5
reveals that the regression lines are essentially identical which can be confirmed through
comparison of their slopes and intercepts. The slope of the original model (1.7054) is
slightly greater than the model with case study data added (1.7029) while the intercept
with the additional case study data (1.0335) is slightly higher than the original (1.0282).
The most notable difference lies in the improvement of the model fit as depicted in Table
4-6 by the R-square improvement from 0.4840 to 0.5354 and the reduction in the
standard error from 1.7608 to 1.5424. In additional, the significance of the model
improved from .0002 to less than .00001. While the significance would be expected to
improve from the addition of more data, of more importance is the improvement in the
explanatory power evident in the R-square and the increased reliability of its predictive
power through the reduction of standard error. The improvement in the model is
predictable from comparison of the original and case study data in Section 4.3.4.1. The
case study data obtained through a facilitated process cluster around the mean of the
original data and are much less variable which reduces the standard error in the
regression models.
36
49. 5. CONCLUSIONS AND RECOMMENDATIONS
These case studies produced some significant and interesting findings from actual project
experiences of teams implementing the security best practices developed through the
joint NIST and CII research documented in CII BMM2004-10. This information is of
particular importance since an absence of such data has proved an impediment to teams
contemplating use of the practices. Although the case studies targeted projects from the
heavy industrial sector; specifically the chemical and petro-chemical project types, it is
likely that the lessons learned are applicable to most industrial projects and to projects
from the building and infrastructure sectors as well.
5.1 Conclusions
The case study projects provided significant supporting information confirming a project
team’s ability to implement the security practices using the nine-step implementation
process. The security practices and SRI tool provide project teams access to a flexible
and structured framework for the integration of security into the project delivery process.
Project teams experienced the most success when they incorporated implementation steps
into existing organizational processes and procedures. Conducting project level reviews
of security implementation during normally scheduled team meetings eliminated the need
for additional security specific meetings and minimized the total impact on project team
time.
Specific lessons learned through these case studies include:
• Project teams have difficulty assessing the levels of threats and consequences of a
security breach for their projects without a structured process and some
facilitation.
• Minor modifications should be made to CII’s online questionnaire for assessing
security practice use to enhance its usability and increase project team comfort
with the system.
• The security best practices and nine-step implementation process provide a
flexible and structured framework for integrating security into the project delivery
process.
• Project teams identified benefits of implementing the security best practices even
if their company had well-defined security procedures in place.
• The SRI tool encourages project team participation in security practice
implementation early in the project lifecycle when it is most cost-effective.
• The security practices and the SRI Tool can be used effectively for post project
analysis to identify lessons learned for future projects.
• Facilitation of use of the SRI tool and nine-step process for implementation does
not increase scores on average; however, it significantly reduces variability for
projects with similar threat and consequence levels.
37
50. Lessons learned for barriers to implementation of the security practices were predictable:
• Perceived time constraints for implementing additional practices.
• Team buy-in for the applicability to their project.
• A lack of understanding of the benefits of security practice implementation.
5.2 Recommendations
While this research confirmed that project teams possess the necessary expertise to
implement the security practices, the recommendations outlined in this section could
remove barriers to their implementation and increase the overall level of practice use
industry wide.
The Construction Industry Institute should continue to educate industry stakeholders on
the security best practices and use of the nine-step implementation process. Continued
industry use should affirm the flexibility of the practices for a wide range of projects and
contribute to their validation. CII conferences and other industry forums are appropriate
for promoting awareness of the practices and implementation process.
CII should continue collecting SRI scores. Additional data will permit continued
development of the relationship between expected SRI scores and threat and consequence
levels. Additional SRI score data will permit establishment of correlations between SRI
scores and project outcomes of cost, schedule, and safety.
Wider dissemination of the security practices and the implementation processes to
corporate risk and security management personnel should improve overall security
implementation. Although the CII developed security practices to promote security at the
project level, integration of these practices into corporate policies should improve project
team buy-in, communications, and overall security.
38
51. Appendix A: Statistical Notes
Confidentiality
When there were fewer than 10 projects available in a category or when fewer than three
companies submitted the data, no statistical summaries are provided. This is consistent
with the CII policy on confidentiality and in such cases the code “C.T.” (confidentiality
test) was inserted in the tables.
Statistical Warning Indicator
When there are fewer than 20 projects included in any table cell, an asterisk (*) follows
the data value. This notation indicates that the data in that table cell should be interpreted
with caution due to the small number of projects represented in that cell.
Removal of Statistical Outliers
Prior to performing the Task 1 statistical analyses, all outcome metrics values calculated
were screened to remove statistical outliers. This step was incorporated to remove values
so extreme that their inclusion would likely distort the statistical summaries produced.
The technique used to identify statistical outliers was the same used to define outliers in
most statistical texts. This is also the same definition used for outlier commonly used in
the preparation of box and whisker plots. All values exceeding the 75th percentile value
+1.5 times the inter-quartile range or those less than the 25th percentile value - 1.5 times
the inter-quartile range were excluded.
39
53. Appendix B: Metric and Project Phase Definitions
Performance Metric Formulas and Definitions
Performance Metric Category: COST
Metric: Project Cost Growth
Formula:
Actual Total Project Cost - Initial Predicted Project Cost
Initial Predicted Project Cost
Metric: Delta Cost Growth
Formula:
| Cost Growth |
Metric: Project Budget Factor (Contractor data only)
Formula:
Actual Total Project Cost
Initial Predicted Project Cost +Approved Changes
Metric: Delta Budget Factor(Contractor data only)
Formula:
| 1- Budget Factor |
Metric: Phase Cost Factor (Owner data only)
Formula:
Actual Phase Cost
Actual Total Project Cost
Metric: Phase Cost Growth (Owner data only)
Formula:
Actual Phase Cost – Initial Predicted Phase Cost
Initial Predicted Phase Cost
Definition of Terms
Actual Total Project Cost:
• Owners –
o All actual project cost from pre-
project planning through startup
o Exclude land costs but include in-
house salaries, overhead, travel, etc.
• Contractors – Total cost of the final scope
of work.
Initial Predicted Project Cost:
• Owners – Budget at the time of
authorization.
• Contractors – Cost estimate used as the
basis of contract award.
Actual Phase Cost:
• All costs associated with the project phase in
question.
• See the Project Phase Table in Appendix B for
phase definitions.
Initial Predicted Phase Cost:
• Owners – Budget at the time of authorization.
• Contractors – – Budget at the time of contract
award.
• See the Project Phase Table in Appendix B for
phase definitions.
Approved Changes:
• Estimated cost of owner-authorized changes.
41
54. Performance Metric Category: SCHEDULE
Metric: Project Schedule Growth
Formula:
Actual Total Proj. Duration - Initial Predicted Proj. Duration
Initial Predicted Proj. Duration
Metric: Delta Schedule Growth
Formula:
| Schedule Growth |
Metric: Project Schedule Factor (Contractor data only)
Formula:
Actual Total Project Duration
Initial Predicted Project Duration + Approved Changes
Metric: Delta Schedule Factor(Contractor data only)
Formula:
| 1- Schedule Factor |
Metric: Phase Duration Factor (Owner data only)
Formula:
Actual Phase Duration
Actual Overall Project Duration
Metric: Total Project Duration Actual Total Project Duration (weeks)
Metric: Construction Phase Duration Actual Construction Phase Duration (weeks)
Definition of Terms
Actual Total Project Duration:
(Detail Design through Start-up)
• Owners – Duration from beginning of detail
design to turnover to user.
• Contractors - Total duration for the final
scope of work from mobilization to
completion.
Actual Overall Project Duration:
(Pre-project Planning through Start-up)
• Unlike Actual Total Duration, Actual
Overall Duration also includes time
consumed for the Pre-Project Planning
Phase.
Actual Phase Duration:
• Actual total duration of the project phase in
question. See the Project Phase Table in
Appendix B for phase definitions.
Initial Predicted Project Duration:
• Owners – Predicted duration at the time of
authorization.
• Contractors - The contractor's duration estimate
at the time of contract award.
Approved Changes
• Estimated duration of owner-authorized
changes.
42