Introduction to Critical Infrastructure Preparedness Homeland Security Presidential Directives (HSPD) What Is Critical Infrastructure? What Is the Private Sector? What Is the Public Sector? What Is Critical Infrastructure Protection? What Is Critical Infrastructure Preparedness? Critical Infrastructure Functions Origins of Critical Infrastructure Regulations and Legislation What Are the Categories of the Laws Listed? Border Security and Immigration Communications and Network Security Cyberterrorism Infrastructure Domestic Safety and Security Economic and Financial Security Emergency Preparedness and Readiness Medical and Health Care Security Transportation Security (Includes Maritime Security) Hazardous Materials National Response Plan (NRP) What Is the National Response Plan (NRP)? NRP Training How Does the NRP Tie in with Emergency Management? NRP Subcategories Emphasis on Local Response What Is the Purpose of the NRP? Tie between NRP and NIMS Multiagency Command Structure Coordination Coordination Responsibilities Updates to the NRP Incident Command Structure of the NRP Levels of Authority Key Concepts in the Implementation of the NRP Roles and Responsibilities Roles of the Federal Government NRP Emergency Support Functions (ESFs) Scope of ESFs National Incident Management Systems (NIMS) What Is NIMS? Compliance Flexibility Standardization NIMS Represents Best Practices Components of NIMS Command and Management Preparedness Benefits from Using NIMS Resource Recovery Communications and Information Management Supporting Technologies Ongoing Management and Maintenance Command Structuring under NIMS Incident Command System (ICS) ICS Features Common Terminology Organizational Resources Manageable Span of Control Accountability Integrate Communications Capabilities Incident Action Plan Management Command, Coordination, and Control Structures Unified Command Area Command Multiagency Coordination Systems Emergency Operations Centers Incident Responsibilities Postincident Responsibilities Public Information Systems Joint Information Systems (JIS) Joint Information Centers (JIC) JIC Levels JIC Organizational Structure Preparedness and Readiness Preparedness Organizations Preparedness Planning and Coordination Types of Preparedness Plans Emergency Operations Plan Training and Exercise Drills Personnel Qualification and Certification Equipment and Hardware Certification Mutual-Aid Agreements Standby Contracts Publication Management Resource Management Effectively Managing Resources Communications and Information Management Principles Incident Command Systems (ICS) What Is NIMS and ICS? What Is an Incident? What Is an Incident Command System (ICS)? What Is NIMS ICS? History of ICS FIRESCOPE National Interagency Incident Management System (NIIMS) Weaknesses Addressed by Using an ICS Benefits of Using an ICS ICS Framework Applications for the Use of ICS ICS Management Characteristics Understanding the ICS Organization ICS Management Functions ICS Sections What Is Span of Control? ICS Position Titles ICS Organizational Components Unified Command The Incident Commander Command Staff General Staff Operations Section Planning Section Incident Action Plan Logistics Section Finance/Administration Section ICS Area Command Communications within the ICS Incident Facilities Differences between NIMS ICS and FIRESCOPE/NIIMS ICS NIMS ICS Training How ICS Integrates with Critical Infrastructure Emergency Preparedness and Readiness (EMR) Office for Domestic Preparedness First Responder First Responder Classifications Guideline Classifications North American Emergency Response Guidebook ( NAERG ) Awareness Level Guidelines Performance Level Guidelines Operational Levels Defined Level A: Operations Level Level B: Technician Level Know Protocols to Secure, Mitigate, and Remove Hazardous Materials Additional Protective Measures Understand Development of the Incident Action Plan Know and Follow Procedures for Protecting a Potential Crime Scene Know Department Protocols for Medical Response Personnel National Fire Prevention Association 472 Occupational Safety and Health Administration Hazardous Waste Operations and Emergency Response Skilled Support Personnel Specialist Employee Department of Transportation (DOT) Hazardous Materials (HAZMAT) Classifications Importance of Implementing an Emergency Response Plan Security Vulnerability Assessment (SVA) What Is a Risk Assessment? Methods of Assessing Risk Threat Risk Equations Comparison of Quantitative vs. Qualitative Risk Assessments Challenges Associated with Assessing Risk Other Factors to Consider When Assessing Risk What Is an SVA? Reasons for Having an SVA What Is a Threat? What Is Vulnerability? Countermeasures Vulnerability Assessment Framework (VAF) Reasons for Using the VAF Federal Information Systems Control Auditing Manual (FISCAM) General Methodologies of FISCAM Auditing What Are General Controls? What Are Application Controls? Caveats with Using an SVA How the SVA Is Used Audience of an SVA Initial SVA Plan Necessary Steps of an SVA Critical Success Factors VAF Methodology Initial Steps of the VAF VAF Step 1: Establish the Organization Minimum Essential Infrastructure (MEI) VAF Step 2: Gather Data to Identify MEI Vulnerabilities VAF Step 3: Analyze, Classify, and Prioritize Vulnerabilities Standards and Guidelines About the National Fire Prevention Association (NFPA) North American Electric Reliability Council (NERC) American Gas Association (AGA) Instrumentation, Systems, and Automation Society (ISA) American Petroleum Institute (API) Chemical Industry Data Exchange ISO 15408 NIST PCSRF Health Insurance Portability and Accountability Act (HIPAA) Patient Safety and Quality Improvement Act (PSQIA) Gramm-Leach-Bliley Act (GLBA) Sarbanes-Oxley Act The American National Standards Institute (ANSI) Federal Information Processing Standards (FIPS) National Standards Systems Network BSR/ASCE/AEI XX-2006 BSR T1M1-27-200X BSR X9.49-200X ASTM F1756-97A (2002) Information Sharing and Analysis Centers (ISAC) What Is a Critical Infrastructure Asset? What Is an ISAC? Advantages of Belonging to an ISAC Access to ISAC Information Expanded ISAC Services Surface Transportation ISAC (ST-ISAC) Public Transportation ISAC (PT-ISAC) American Public Transportation Association (APTA) Association of American Railroads (AAR) Transportation Technology Center, Inc. (TTCI) Railinc Water ISAC Association of State Drinking Water Administrators (ASDWA) Water Environment Research Foundation (WERF) Association of Metropolitan Water Agencies (AMWA) Association of Metropolitan Sewage Agencies (AMSA) National Association of Water Companies (NAWC) American Water Works Association (AWWA) AWWA Research Foundation (AWWARF) Financial Services ISAC (FS-ISAC) Science Applications International Corporation (SAIC) Electricity Sector ISAC (ES-ISAC) Emergency Management and Response ISAC (EMR-ISAC) Information Technology ISAC (IT-ISAC) National Coordinating Center for Telecommunications (NCC-ISAC) Communications Resource Information Sharing (CRIS) Government Emergency Telecommunications Service (GETS) Telecommunications Service Priority (TSP) Shared Resources High Frequency Radio Program (SHARES) Network Reliability and Interoperability Council (NRIC) National Security Telecommunications Advisory Committee (NSTAC) Wireless Priority Services (WPS) Alerting and Coordination Network (CAN) Energy ISAC Chemical Sector ISAC (CHEM-ISAC) Chemical Transportation Emergency Center (CHEMTREC) Healthcare Services ISAC (HCISAC) Highway ISAC Cargo Theft Information Processing Systems (CargoTIPS) American Trucking Associations (ATA) HighwayWatch Food and Agriculture ISAC Food Marketing Institute (FMI) Multi-State ISAC (MS-ISAC) ISAC Council (ISAC-ISAC) World Wide ISAC (WW-ISAC) Real Estate ISAC (RE-ISAC) The Real Estate Roundtable Research and Educational Networking ISAC (REN-ISAC) Biotechnology and Pharmaceutical ISAC (BioPharma ISAC) Maritime ISAC (M-ISAC) Maritime Security Council (MSC) Marine Transportation System National Advisory Council Supervisory Control and Data Acquisition (SCADA) What Are Control Systems? Types of Control Systems Components of Control Systems Vulnerability Concerns about Control Systems Adoption of Standardized Technologies with Known Vulnerabilities Connectivity of Control Systems to Unsecured Networks Implementation Constraints of Existing Securi.