Critical infrastructure risk assessment depends on evaluating threats, vulnerabilities, and consequences of potential attacks. Quantitative risk analysis assigns numerical values to allow comparisons between infrastructure, while qualitative analysis uses matrices to examine likelihood and impacts. Comprehensive risk assessment considers realistic worst-case scenarios to guide affordable and achievable responses, and evaluates assets at different levels to properly allocate resources.

1. HLSC 720-DISCUSSION 2-REPLY 1
The thread must be a minimum of 250 words. MINIMUM OF TWO SOURCES BESIDES THE
TEXTBOOK. Must cite at least 2 sources in addition to the Bible.TEXTBOOK: Bennett, B. T.
(2018). Understanding, assessing, and responding to terrorism: Protecting critical
infrastructure and personnel (2nd ed.). Hoboken, NJ: John Wiley & Sons, Inc. ISBN:
9781119237785.**FRANK**Critical infrastructure analysis, evaluation, and emergency
response ultimately depend upon its established risk assessment, weighing the value of
attack versus potential target vulnerability (Bennett, 2018). Bennett (2018) defines risk as,
a quantified measure of the possibility that a critical asset will suffer some degree or harm
or loss (Bennett, p. 203, 2018). Risk in its simplest form is a combination of three elements,
when discussing critical infrastructure, a threat toward the asset, any potential asset
vulnerabilities, and the resulting consequences of an attack (Bennett, 2018). Liu & Song
(2020) expanded upon this intentionally simplistic risk definition by including cyber
networks, big data, and telecommunications, encompassing risk assessment into the virtual
arena. Risk, increasingly, has moved beyond physical planning for actual critical
infrastructure response and into server management or cyber security (Liu & Song, 2020).
Quantitative/Qualitative Determining a true number to categorize risk based on
mathematical calculations which weigh a combination of risk-related elements briefly
describes quantitative risk analysis (Bennett, 2018). An essential aspect of quantitative risk
analysis is the establishment of an actual numerical value, allowing for a comparative scale
between multiple critical infrastructures across America (Lyu et al., 2019). For example, if
all libraries with open access were garnering a 3 on the risk scale, a library with partial
open access and metal detectors would be anointed a 2 on the risk scale, assuming the top is
a higher risk (Lyu et al., 2019). If a potential threat was intended upon using explosive
devices in each library, and each library had 50 employees, then the mitigated difference
between potential losses, determined from security differences, from the first to the second
library would establish its quantitative risk rating (Bennett, 2018). Critical Infrastructure
and its individualization denotate specific elements which increase or decrease their overall
risk assessment number, thereby, creating a quantitative risk assessment (Lyu et al.,
2019). Qualitative risk analysis, on the other hand, utilizes a matrix developed from
an event-descriptive scalable table exploring the ratio of hazard likelihood versus
consequences (Bennett, 2018). Although expansive, innately more complex and time-
consuming qualitative risk analysis is implemented more frequently in America,
particularly because it identifies changeable weak points (Bennett, 2018). For example,

2. Zimek & Hromada (2020) reviewed several consumer malls and shopping centers across
the world utilizing a lens of qualitative risk analysis. The research indicated that reducing
varying access points across the facilities could prevent terrorists easy access, limiting the
ease by which the attack could be carried out (Zimek & Hromada, 2020). Eventually, Zimek
& Hromada (2020) determining multiple entrances, exits, and hallways should be locked or
sealed to the general public, utilizing qualitative risk to improve upon weaknesses.
Comprehensive Risk/Worst Case Scenario Ascertaining the prominent factors in risk
requires a renewal of priorities, it appears the classic doomsayers or worst-case scenario
planners can, at times, prompt more action, however, operating within this theoretical full-
scale disaster mode often results in unrealistic expectations upon businesses or public
entities (Bennett, 2018). For example, if every military base, law enforcement agency, or
private hard target critical infrastructure attempted to incorporate anti-missile technology,
preventing nuclear attacks, the resulting cost and time expended would be inconceivable
(Gao & Deng, 2019). Therefore, researchers like (Gao & Deng) argue for a more achievable
risk assessment methodology, utilizing a comprehensive risk matrix to guide America, and
other world superpowers, toward affordable, achievable, and plausible risk-based
responses and changes. Levels of Analysis Layers of analysis must exist within a
comprehensive risk assessment, identifying the value of an asset through evaluation
becomes paramount to this process (Bennett, 2018). For example, a large urban police
station and a small town hall have completely different levels of value, and corresponding
risk assessment metrics (Bennett, 2018). The assets portfolio or services provided needs to
be weighed amongst its relative value, the urban police station keeps hundreds of
thousands of people safe, while the town hall is responsible for executive and clerical
decisions regarding tens of thousands of people (Gao & Deng, 2019). When viewing the
differences between the two targets in this light it becomes easy to determine a
comparative system-level assessment, hopefully, placing funds, personnel, and resources in
the proper track (Bennett, 2018). The allocation of resources versus risk
management, assessment, and analysis empowers many of Gods passages and messages,
For God gave us a spirit not of fear but of power and love and self-control (English Standard
Version, 2001/2016 2 Timothy 1:7). References Bennett, B. (2018). Understanding,
Assessing and Responding to Terrorism. John Wiley & Sons, Inc. Hoboken, NJ. English
Standard Version. (2016). Bible hub. Retrieved from https://biblehub.com (Original work
published 2001). Gao, S., & Deng, Y. (2019). An Evidential Evaluation of Nuclear Safeguards.
International Journal of Distributed Sensor Networks.
https://doi.org/10.1177/1550147719894550 Liu, W., & Song, Z. (2020). Review of
Studies on the Resilience of Urban Critical Infrastructure Networks. Reliability Engineering
& System Safety. 193. https://doi.org/10.1016/j.ress.2019.106617 Lyu, X., Ding, Y., & Yang,
S. (2019). Safety and Security Risk Assessment in Cyber-Physical Systems. IET Cyber-
Physical Systems: Theory & Applications. 4(3). https://doi.org/10.1049/iet-
cps.2018.5068 Zimek, O., & Hromada, M. (2020). Risk Analysis of Selected Soft Targets.
SGEM. 2(1). https://doi.org/10.5593/sgem2020/2.1/s07.037