Comprehensive Integrated Defense Analysis Improves Security Published Nov. 21, 2008 By Heyward Burnette AFRL/RX WRIGHT-PATTERSON AIR FORCE BASE, Ohio -- AFRL researchers developed a new methodology for assessing security risks and are now in the process of developing ForcePRO, a supporting software tool. AFRL's newly established methodology and companion software transform traditional vulnerability assessment into a true risk management process. The new methodology, intended for use at all military installations, accomplishes key elements of the Installation Antiterrorism program as required by Department of Defense and Air Force standards. Focused on risk reduction solutions instead of merely the problems, it brings simplicity and efficiency to a formerly tedious, time-consuming process. In addition, the new methodology complies with current installation antiterrorism standards and also generates installation-specific feedback, promoting safer, more cost-efficient military installations. The AFRL-developed risk assessment methodology encompasses effects-based security, an approach that considers each base's risks, locally and individually, and subsequently employs security tactics, techniques, and procedures specific to that base and its assets. The methodology thus helps installation security officers answer three basic questions: what are this installation's key assets, what genuine threats exist that can damage or destroy these assets, and what current vulnerabilities could allow these threats to successfully attack each asset? By answering these questions in an organized manner, the security officers can not only determine which threats and tactics present the most risk, but also tailor their security activities towards mitigating those risks. To facilitate a less time-consuming and more accurate security risk assessment process, the AFRL researchers developed a Microsoft Access database program that assigns standardized numerical values to each asset, to each threat to the asset, and to each vulnerability allowing an attack against the asset. Using these numerical values, the program then calculates the specific installation's risk factors, ranking them in order from risks that are totally unacceptable and must be reduced to risks that are tolerable. Armed with this information, base commanders can make informed decisions regarding where to spend money and how to best direct other resources to improve security. To date, AFRL researchers have used the new methodology to perform security risk assessments at 14 government installations, including the Statue of Liberty. They have received positive feedback and are currently working to develop an advanced software tool that security officers will be able to use on their own, so that no visit from outside specialists is required.