Technology & Critical Infrast
Develop the skills to best allocate a given budget and to protect an infrastructure against damage.
According to Lewis (2006), “Budgeting is complicated by the fact that the cost of reducing vulnerabilities varies with different kinds of failure modes, and the total bill for reducing vulnerabilities to zero might be too high. For example, a cyber-security fault may be completely remedied for $5 million, whereas physical security may cost $10 million to improve, but not eliminate.” (p. 147)
According to Lewis (2006) here are four strategies that we may consider when attempting to analyze our critical node, on a limited budget:
Manual risk reduction – Establish your own allocation: Policy maker decides the best way to allocate funds.
Ranked order risk reduction – Reduce the worst case: Funds the highest ranked components of a node first, working down the ranked order list, until money runs out.
Optimal risk reduction – Mathematically minimal: Reduce the mathematical vulnerability or risk by allocating funds such that vulnerability or risk is minimized.
Appropriated risk reduction – Spread allocation across threats: Attempt to spread the money across all threats, reducing each one by an amount that maximizes the sum-of-squares of the difference between risks before and after allocation. (Read more on these strategies in chapter 6, p. 163)
Thus far we have selected our sector and identified components as well as vulnerabilities, that if compromised could have a massive effect on our critical node. What strategy do you believe would be the best method that would reduce vulnerabilities within your sector, while also bearing in mind any budget and available funds? Why?
How would you best fund any improvements, in order to reduce the overall vulnerability?