This document discusses four types of disaster risks: cyber attacks, civil commotion, natural events, and domestic terrorism. For each risk, it provides a definition, likelihood and impact ratings, examples, potential pre-event and post-event measures, and an impact breakdown calculation. The cyber attack section examines a data breach at a university, the civil commotion section analyzes protests that could affect enrollment, and the natural event section models a blizzard's financial impacts. The domestic terrorism section models costs from a hypothetical attack targeting students.
Maatalousalan ammatillisten tutkintojen kehittäminenMTK ry
OKM:n tutkintojen kehittämisen linjausten mukaisesti tutkintoja kootaan suurempiin kokonaisuuksiin. Samalla muodostetaan uusi maatalousalan erikoisammattitutkinto. Muutos antaa mahdollisuuden reagoida nopeammin työelämän muutostarpeisiin.
Check out our short slide-share showcasing our newest product line promoting nutrition and physical activity. The graphics are geared toward environments for children such as pediatric healthcare and schools.
Maatalousalan ammatillisten tutkintojen kehittäminenMTK ry
OKM:n tutkintojen kehittämisen linjausten mukaisesti tutkintoja kootaan suurempiin kokonaisuuksiin. Samalla muodostetaan uusi maatalousalan erikoisammattitutkinto. Muutos antaa mahdollisuuden reagoida nopeammin työelämän muutostarpeisiin.
Check out our short slide-share showcasing our newest product line promoting nutrition and physical activity. The graphics are geared toward environments for children such as pediatric healthcare and schools.
Disaster PlansThe SNS is a pivotal tool in the event of a disa.docxduketjoy27252
Disaster Plans
The SNS is a pivotal tool in the event of a disaster.
Using the Scholarly Library or the Internet, research SNS. Based on your understanding, respond to the following:
· List and explain the types of items a community hospital will require and seek from the SNS in the event of a disaster.
· List and explain at least two concerns you may have when forced to rely on this facility.
· During the creation of disaster plans, it is common and essential that neighboring hospitals work together. List and explain some of the problems that may arise from a disaster plan which may be ten years old and involved all of the local community hospitals at the time it was originally designed.
NOTES FROM CLASS
Disaster planning is planning for the mitigation of the most likely, or most destructive, events based on some rational thought process. Note that this approach recognizes and accepts that it is impossible to plan for every contingency.
The simplest technique for prioritizing between possibility and probability based on threats and vulnerability is to use a matrix comparing the probability of a particular threat occurring. This is then weighed against a similar matrix comparing the potential threat with the observed vulnerabilities.
Differently put, what is the possibility of something happening and if it does, what impact will it have?
Since the attacks of 9/11, the anthrax attack in Washington, DC, and the sniper shootings in 2002, disaster planning in the United States has changed. In the past, hospitals planned for disasters involving mass casualty such as, a plane crash or hazardous material spill. Now hospitals must contend with the idea that they could be the primary targets. They must also realize that in the event of a biohazard attack, they may be the point at which the outbreak is first recognized. They may be the first contaminants.
You must also position your plan from the perspective of both an external bioterrorism attack as well as an internal bioterrorism attack. Your approach, response priorities, and staff involved may be very different between the two types of attack.
Hospitals have traditionally been designed and operated to be open, welcoming places. This would no longer be desirable. Facility hardening and personnel security are now bywords for disaster planning. Hospitals must decide who is to be allowed inside the facility, and who is to be kept out. At the same time, hospitals must be sensitive to confidential medical information being mishandled under the terms of Health Insurance Portability and Accountability Act (HIPAA) and understand that a cyber-attack could be just as dangerous as a bioterrorist attack.
The emergency department may be the first place where victims of a bioterrorist attack are received and the attack is first identified. Hospital staff, especially emergency room staff, is likely to have been exposed and may then have to be quarantined and taken out of commission.
The hospital is.
Disaster PlansThe SNS is a pivotal tool in the event of a disa.docxduketjoy27252
Disaster Plans
The SNS is a pivotal tool in the event of a disaster.
Using the Scholarly Library or the Internet, research SNS. Based on your understanding, respond to the following:
· List and explain the types of items a community hospital will require and seek from the SNS in the event of a disaster.
· List and explain at least two concerns you may have when forced to rely on this facility.
· During the creation of disaster plans, it is common and essential that neighboring hospitals work together. List and explain some of the problems that may arise from a disaster plan which may be ten years old and involved all of the local community hospitals at the time it was originally designed.
NOTES FROM CLASS
Disaster planning is planning for the mitigation of the most likely, or most destructive, events based on some rational thought process. Note that this approach recognizes and accepts that it is impossible to plan for every contingency.
The simplest technique for prioritizing between possibility and probability based on threats and vulnerability is to use a matrix comparing the probability of a particular threat occurring. This is then weighed against a similar matrix comparing the potential threat with the observed vulnerabilities.
Differently put, what is the possibility of something happening and if it does, what impact will it have?
Since the attacks of 9/11, the anthrax attack in Washington, DC, and the sniper shootings in 2002, disaster planning in the United States has changed. In the past, hospitals planned for disasters involving mass casualty such as, a plane crash or hazardous material spill. Now hospitals must contend with the idea that they could be the primary targets. They must also realize that in the event of a biohazard attack, they may be the point at which the outbreak is first recognized. They may be the first contaminants.
You must also position your plan from the perspective of both an external bioterrorism attack as well as an internal bioterrorism attack. Your approach, response priorities, and staff involved may be very different between the two types of attack.
Hospitals have traditionally been designed and operated to be open, welcoming places. This would no longer be desirable. Facility hardening and personnel security are now bywords for disaster planning. Hospitals must decide who is to be allowed inside the facility, and who is to be kept out. At the same time, hospitals must be sensitive to confidential medical information being mishandled under the terms of Health Insurance Portability and Accountability Act (HIPAA) and understand that a cyber-attack could be just as dangerous as a bioterrorist attack.
The emergency department may be the first place where victims of a bioterrorist attack are received and the attack is first identified. Hospital staff, especially emergency room staff, is likely to have been exposed and may then have to be quarantined and taken out of commission.
The hospital is.
Emergency Preparedness Demonstration Project March 2009 .docxgidmanmary
Emergency Preparedness Demonstration Project
March 2009
Community Based
Vulnerability Assessment
A Guide to Engaging Communities in Understanding
Social and Physical Vulnerability to Disasters
Vulnerability Assessment: Step-By-Step Guidebook
Emergency Demonstration Project Partners
UNC Institute for the Environment
100 Miller Hall, CB #1105, Chapel Hill, NC 27599-1105
Phone: 919.966.9922 | Fax: 919.966.9920
Email: [email protected] | http://www.ie.unc.edu
MDC, Inc.
PO Box 17268, Chapel Hill, NC 27516-7268
Phone: (919) 968-4531 | Fax: (919) 929-8557
Email: [email protected] | http://www.mdcinc.org/home
mailto:[email protected]�
mailto:[email protected]�
Vulnerability Assessment: Step-By-Step Guidebook
Acknowledgements
This guidebook was made possible by a generous grant from the Federal Emergency Manage-
ment Agency (FEMA). The grant funded the Emergency Preparedness Demonstration Project,
from which this guidebook was developed. In particular, we would like to thank Ralph Swisher of
FEMA for his support of this project and his dedication to emergency preparedness. We would
also like to thank Susan Fowler, Bill Hoffman, and Barbara Wyckoff-Baird for their expertise and
invaluable role as facilitators in the communities that participated in the demonstration. Those
communities included Chester County, Pennsylvania; Dorchester County, Maryland; Hampshire
County, West Virginia; Hampton, Virginia; Hertford County, North Carolina; Washington, D.C.
and Wilmington, Delaware.
And a special thank you to the residents, government officials, nonprofit organizations, and faith-
based organizations who articulated the strengths, weaknesses, challenges and opportunities of
their communities and brought their energy, opinions, and ideas to address the challenges of
emergency preparedness, particularly for socially vulnerable populations. This project could not
have occurred without your commitment. Our community partners included:
Chester County, PA
Chester County Department of Emergency Management
Dorchester County, MD
Maryland Rural Development Corporation
Dorchester County Department of Emergency Management
Hampshire County, WV
Eastern West Virginia Community Action Agency, Inc.
Hampshire County Department of Emergency Management
Hampton, VA
City of Hampton Neighborhood Office
City of Hampton Department of Emergency Management
Hertford County, NC
Roanoke Economic Development Inc.
Hertford County Department of Emergency Management
Washington, DC
DC Emergency Management Agency
Wilmington, DE
West End Neighborhood House, Inc.
City of Wilmington Department of Emergency Management
Vulnerability Assessment: Step-By-Step Guidebook
Table of Contents
Overview…………………………………………………………………………………...1
How to Use this Guidebook………………………………………………………………..6
Step 1: Getting Started…………………………………………………………………......9
Step 2: Identify and Rank Hazards…………………………… ...
2. Disaster Risks
• Definition: unexpected natural or manmade
events that cause mass destruction
• Measurements for Likelihood and Impact
- Likelihood: 0 (Remote) to 2 (High Probability)
- Impact: 0 (Small) to 2 (Large)
3. Agenda
1. Cyber Attack- AJ
2. Civil Commotion- Matt Lebo
3. Natural Event – Emily
4. Domestic Terrorism - Nick
4. Cyber Attack
Any type of offensive maneuver employed by individuals
or whole organizations that targets computer
information systems, infrastructures, computer networks
and/or personal computer devices.
Done by various means of malicious acts usually
originating from an anonymous source
Attacker either steals, alters, or destroys a specified
target by hacking into a susceptible system
5. Cyber Attack
Likelihood: 1 Impact: 2
Pre-event measures: Buying a Cyber Insurance Policy,
Have a Incident Response Plan, Establish Relationship
with Law Enforcement, Identify Key Assets
Post event measures: Notify Law Enforcement,
Implement Incident Response Plan, Capture Extend of
Damage, Prevent Further Damage, Notify to Victims,
Impact:$73,900,000
6. Impact Breakdown
45% (Likelihood 1) * $162,000,000 (Cost of Target’s 2013-2014
Breach)
+ $1,000,000 on Improved Cyber Security (based on Rutgers’
investments)
_____________________________________________________
$73,900,000
7. Civil Commotion
Definition: a public revolt by a large number of people
who cause harm to people and or property
Internal and also external
Civil commotion instills fear in the surrounding areas
and could affect Saint Joseph’s University depending on
the proximity
8. Civil Commotion
Likelihood: 0 Impact: 2
Pre-event measures: Meet with other colleges in the
area, have training sessions for our employees on
emergency response and notification plans.
Post-event measures: Update policies and
procedures, determine if the way we handled the
situation can be reformed.
10. Natural Event
A natural disaster is a catastrophic event caused by the natural
processes of the earth.
Earthquakes, tornadoes, droughts, heat waves, hail, hurricanes,
landslides, wildfires, and famines are examples of natural disasters.
Disasters most common here in the Northeast- Severe blizzards/ice
storms, hurricanes, and tornadoes.
A natural disaster is measured by the severity and the impact.
Number of deaths, capability to repair/rebuild, and economic loss are
ways to measure the severity of a catastrophic event.
11. Natural Event
Likelihood: 0 Impact: 1
Pre-event Measures: Identify the hazards, have an all
hazards emergency guide, put together a crisis team,
develop transportation protocols, practice routines, staff
faculty emergency planning, and have insurance.
Post-event Measures: bring in companies to restore
the infrastructure of all buildings affected.
Cost x Probability = Impact
$101,234,700 x .05 = 5,061,735
12. Impact Breakdown
Property insurance deductible: $50,000
Loss of Revenue/reputation (enrollment goes down 20%): Average
tuition= $38,577 av. tuition x 5,500 students = $212,173,500
5,500 students x 20% decrease in enrollment = 4,400 students
4,400 students x $38,577 av. tuition = $169,738,800, so
$212,173,500 - $169,738,800 = $ 42,434,700
Liability: death of 10 students x $4,000,000 = $40,000,000
75 students injured x $250,000 = $18,750,000, so $40,000,000 +
$18,750,000 = $58,750,000
Cost: $101,234,700 Probability: .05
13. Domestic Terrorism
Any form of mass violence (mass shooting, bombing)
targeted at Saint Joseph’s University students, faculty
and/or property
The Source of violence is Domestic not International
Attacker commits murder and injuries on a number of
students / faculty
Example: Terrorist decides to aim on students in Library.
Example: Terrorist places and detonates a bomb in the
Hagan Arena.
14. Domestic Terrorism
Likelihood: 0 Impact: 2
Pre-event measures: Heighten security (Public Safety) protocols
on campus, Implement evacuation drills, University taking online
threats or rumors very serious, CAPS, Placing metal detectors in
most frequented facilities (Library, Campion Student Center, Hagan
Arena), Insurance.
Post-event measures: Lockdowns vs. Lockouts, Amplify CAPS
and psychological services for the university as a whole, Rebuild
infrastructure of buildings if destroyed (bombings).
Impact: $ 5,435,485 (If 15 killed, 20 injured, and enrollment down
20%)
15. Impact Breakdown
Property Insurance Deductible: $50,000
Loss of Revenue, Enrollment down 20%:
Average tuition= $38,577 av.tuition x 5,500 students =
$212,173,500
5,500 students x 20% decrease in enrollment = 4,400 students
4,400 students x $38,577 av. tuition = $169,738,800
$212,173,500 - $169,738,800 = $ 42,434,700
15 students killed= $4 million per student.
20 students injured= $300,000 per student
Counseling and psychological services=$75,000
Security and metal detectors: $150,000
TOTAL:108,709,700 X .05(Likelihood 0)= 5,435,485
Editor's Notes
A cyber attack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks and/or personal computer devices. This is done by various means of malicious, and in some cases non-malicious, acts usually originating from an anonymous source. The attacker steals, alters, or destroys a specified target by hacking into a susceptible system.
Saint Joseph’s University has a significant amount of information including billing information from donors and students, health information from it’s health center, and other personal information including its staff and faculty’s investments. An example of a malicious attack would be a hacker attacking the SJU database and taking banking information of students that was used to pay tuition. An example of a non-malicious cyber attack would be an administrator unintentionally forwarding a document containing private information to an email list. SJU has billing, health, and other personal information from its students, faculty, and donors.
Malicious:
Hacker attacks the SJU database and obtains banking information of students used to pay tuition
Non-malicious:
Administrator unintentionally forwards a document containing private information to an email list
FERPA and HIPPA
Based on our Class Discussion Cyber had a likelihood of 1 and Impact 2. Pre-Event measures:1 based on my sources I did not find any evidence that SJU has a Cyber policy (they should heavily consider buying one), 2 Creating established and actionable plans and procedures for managing and responding to a cyber intrusion can help organizations limit the damage to their computer networks and minimize work stoppage. It also helps law enforcement locate and apprehend the perpetrators, 3 Having a pre-existing relationship with federal law enforcement officials can help facilitate any interaction relating to a breach. It will also help establish a trusted relationship that cultivates bi-directional information sharing that is beneficial to both the organization and law enforcement, It may be cost prohibitive to protect the entire enterprise. Before creating a cyber incident plan, an organization should determine which of its data, assets and services warrant the most protection. The Cybersecurity Framework produced by the National Institute of Standards and Technology (NIST) provides excellent guidance on risk management planning and policies and merits consideration. Post Event measures: 1 Many companies have been reluctant to contact law enforcement following a cyber incident due to concerns that a criminal investigation might disrupt their business. However, the FBI and U.S. Secret Service cause as little disruption to an organization’s normal operations as possible. These agencies will also attempt to coordinate statements to the news media concerning the incident, ensuring that information harmful to a company’s interests are not disclosed, 2 Follow your plan you created Pre Event and Establish procedures addressing what steps you need to take after an attack. This includes identifying who is responsible for different elements of an organization’s cyber incident response, having the ability to contact critical personnel at all times, knowing what mission critical data, networks or services should be prioritized for the greatest protection and how to preserve data related to the incident in a forensically sound manner, Ideally, the victim of a cyber attack will make a forensic image of the affected computers as soon as the incident is detected. Doing so preserves a record of the system for analysis and potentially for use as evidence at a trial. Organizations should restrict access to these materials in order to maintain the integrity of the copy’s authenticity. Safeguard these materials from unidentified malicious insiders and establish a chain of custody, 3 To prevent an attack from spreading, you must take steps to stop ongoing traffic caused by the perpetrator. Preventative measures include: rerouting network traffic, filtering or blocking a Distributed Denial of Service attack or isolating all or parts of the compromised network, 4 Contacting other potential victims through law enforcement is preferable to contacting them directly. Doing so protects the initial victim from potentially unnecessary exposure and allows law enforcement to conduct further investigations, which may uncover additional victims.