Skip To Content
PRM-102 Determining Vulnerabilities (8 CPE) is a Course

PRM-102 Determining Vulnerabilities (8 CPE)

Started Mar 29, 2021

$99 Enroll

Full course description

PRM-102 Determining Vulnerabilities

This vulnerability assessment course will help you to understand and assess the vulnerability of your specific infrastructure through the lenses of the National Infrastructure Protection Plan (NIPP). You will learn several approaches to vulnerability assessment which will enable you to conduct a vulnerability assessment from an all-hazards perspective focusing on a facility’s susceptibility to specific threats or hazards.  

This course will guide you through the process of assessing vulnerability and provide detail regarding considerations for assessing the vulnerability of critical infrastructure assets. You will also learn how to incorporate vulnerability information in your risk assessment.

A background in infrastructure protection and/or Vulnerability Assessment is unnecessary to succeed in this course. An understanding of threats and hazards will be helpful to those taking this course.

Course Learning Outcomes: 

Upon successful completion of this course, you should be able to:

  • Describe the principles of assessing vulnerabilities
  • Identify the steps in conducting a vulnerability assessment
  • Recognize and understand the different tools and methodologies that can be used to conduct a vulnerability assessment
  • Understand how to implement the vulnerability assessment process

Course Reading Materials: 

The following documents, articles, standards, and other reference materials will be used as a basis for this course and are considered mandatory reading for completion of the course. Content from any of these sources may be used as part of the quizzes and other assessments. Specific reading assignments from these sources are included with each Learning Module. Where possible, reading materials are linked from within each Module to the online Course Library; otherwise external sources will launch in a new window/tab. [NOTE: The use of any private company’s or vendor’s resources are strictly for illustrative purposes and information provided about the Module topic and does not imply any endorsement or recommendation of such vendor or their products or services by InfraGard (INMA) or NISRU.]

Required Readings: are referenced below and associated with each learning module.

Assignments/Exercises:

For the assignment/exercise in each Learning Module, if you choose to do something related to your own business, you have two choices – (1) use only non-proprietary and non-confidential information actually from your business or (2) use similar information from a fictitious company that you create or that an instructor provides through a description and a series of assumptions. 

 

Mod 1 Building and Infrastructure Vulnerability

Learning Module #1 – Buildings, infrastructure vulnerability

Module Description: In this course, certificate candidates will learn methods for identifying the critical assets and functions within buildings. After determining the threats to those assets, which is covered in “Assessing Threats and Hazards” a related course available via National Infrastructure Security and Resilience U (NISRU),”  assessing vulnerabilities associated with those threats is another step in conducting a Risk Assessment. This course provides methods presented in a FEMA How-To Guide as a means of understanding the vulnerability aspect of assessing the risk to the assets and to enable risk-based decisions on how to mitigate those risks. While this course does not address mitigation, also covered in a related course available via NISRU, it does inform the mitigation process. The scope of the methods presented includes providing a method of assessing vulnerability. This is a precursor to mitigating physical damage to structural and non-structural components of buildings and related infrastructure, and reducing resultant casualties during conventional bomb attacks, as well as chemical, biological, and radiological (CBR) agents. While the content of this module presents five steps and multiple tasks within each step that will lead you through a process for conducting a risk assessment and selecting mitigation options, the focus is on assessing vulnerabilities. The risk and mitigation information is presented to enhance students’ understanding of the concepts associated with assessing vulnerabilities.    

Upon completion of this module the learner will be able to:

  • Explain the Integrated Rapid Visual Screening of Buildings (IRVS) methodology and its relationship to vulnerability assessment
  • List and describe the vulnerability assessment characteristics
  • Understand and use the data collection methods outlined in IRVS to inform the vulnerability assessment
  • Discuss the steps in assessing infrastructure vulnerabilities associated with buildings

Required Reading: To complete this module, you should read the following:

Required Website and Framework Exploration:

Critical Thinking Questions: The following questions are intended to spur your thinking beyond just this topic, how it may relate to the other topics, and how it might be applied to an organization or a Critical Infrastructure Sector.

  • How would you use the IRVS methodology to assess vulnerabilities? 
  • What type of personnel would you include as part of your team to assess vulnerabilities of a given structure?
  • Think about the critical infrastructure that you would like to protect. Which aspects of that asset’s structure would you be most concerned about in assessing vulnerabilities?

Module #1 Assignment/Exercise:

  • Choose a building (can be fictional or real) that is part of the critical infrastructure. Choose one of the Vulnerability assessment characteristics outlined in the IRVS and document the attribute options. Create a two-column table of no more than three pages to document your findings.

Module #1 Quiz: Complete the quiz for this module

 

Mod 2 CPTED and Vulnerability Insights

Module Description: In this module, you will be introduced to a methodology called crime prevention through environmental design (CPTED). While the focus is on crime prevention there is a nexus between it and the prevention of more nefarious attacks such as terrorism. CPTED consist of a variety of strategies, the application of which would depend on the site condition, the functional requirements, and the desired programming of the space as well as design intent. The value of exposing students to this method is to enhance awareness of potential vulnerabilities by focusing on aspects of environmental design, outlined in this method, that will provide insight into vulnerabilities that should be accounted for in any vulnerability assessment. It should be combined with other vulnerability assessment methods to provide a more integrated approach to vulnerability assessment. 

Given the uniqueness of schools and their vulnerability to recent attacks, we will cover how CPTED can be used as a primer for schools in understanding their vulnerability. Beyond CPTED, this module provides guidelines for conducting a vulnerability self-assessment developed by the North Carolina Department of Agriculture and Consumer Services to be used as a general tool by organizations to conduct a terrorism vulnerability self-assessment. It outlines areas of inquiry, questions to be asked, and topics to be covered in conducting a terrorism vulnerability self-assessment. This example should be used as a “real-world” reference when conducting a terrorism vulnerability self-assessment.

Upon completion of this module the learner will be able to:

  • Explain the CPTED methodology and its application to vulnerability assessment.
  • List and describe the CPTED principles useful in vulnerability assessment.
  • Understand and apply the unique characteristics of a CPTED assessment for a school.
  • Discuss the major aspects of conducting a vulnerability assessment. 

Required Reading:

Required Website and Framework Exploration and Suggested Readings:

Critical Thinking Questions: The following questions are intended to spur your thinking beyond just this topic, how it may relate to the other topics, and how it might be applied to an organization or a Critical Infrastructure Sector.

  • What information gathered from a CPTED evaluation would inform a hazard vulnerability assessment? 
  • What aspects of the checklists provided as part of this module could be combined as part of a more comprehensive vulnerability assessment?
  • How would you use the information provided in this module to begin a vulnerability assessment?

Module #2 Assignment/Exercise:

  • Choose a building (can be fictional or real) that is part of the critical infrastructure. What steps would you take to assess the facility’s vulnerability to a lone shooter, using ballistics as an attack method? Using the CPTED principles, describe the top ten action items you would take to assess the facility’s vulnerability.   

Module #2 Quiz: Complete the quiz for this module

 

Learning Module #3 – Natural and Man-made hazards and Vulnerability

Module Description: In this course, certificate candidates will be exposed to different methods for assessing vulnerability to natural hazards. Much of the information presented is at the macro level, covering communities, states, and nations. It represents the overarching concerns regarding vulnerability to natural hazards. In that context, the specific areas of focus and steps taken by these jurisdictions/communities are provided to help to inform the process of assessing vulnerabilities at the community or jurisdictional level.

According to FEMA, Vulnerability is defined as any weakness that can be exploited by an aggressor or, in a non-terrorist threat environment, make an asset susceptible to hazard damage. Implicit in FEMA’s definition, vulnerability must always be considered within the context of the threat. This course is too brief to consider every possible vulnerability to every threat or hazard. In this module, we will examine vulnerability from a non-terrorist threat perspective, specifically related to man-made and natural hazards.

While many different methods of assessing vulnerability exist, the method should be driven by the threat or potential hazard. When assessing vulnerability to natural hazards, for example, assessing vulnerability to a flood will be different than assessing vulnerability to an earthquake. Thus, it is important to understand the specific hazards that could affect your geography, community, facility, etc. The ideal place to begin your vulnerability assessment process is to access The National Risk Index  (Links to an external site.)recently published by FEMA. It is included in your reading material. “The National Risk Index (The Index) is an online tool to help illustrate the nation’s communities most at risk of natural hazards. It is made possible through a collaboration between FEMA and dozens of partners in academia; local, state and federal government; and private industry. The Index leverages best available source data to provide a holistic view of community-level risk nationwide by combining multiple hazards with socioeconomic and built environment factors. It calculates a baseline relative risk measurement for each United States county and census tract for 18 natural hazards, based on Expected Annual Loss, Social Vulnerability, and Community Resilience.”

Your reading also includes a recent report “All-Hazards-Vulnerability-Assessment” created by the City of Charleston SC. It is a real-life document that provides insight into the vulnerabilities. It can serve as a guide for you to assess vulnerabilities; however, the required reading is limited to the following natural and man-made hazards: Extreme Heat, Hazardous Materials, Earthquakes, Tidal Flooding, and Storm Surge. Other hazards are included in the report. They are suggested but not required reading.  

Upon completion of this module the learner will be able to:

  • Explain how The National Risk Index can be used in the vulnerability assessment process for natural hazards
  • Understand the steps a city or jurisdiction can take to assess vulnerabilities to natural and man-made hazards
  • Grasp the concept of using science, i.e., earth science, engineering, and social science, to help drive policy decisions regarding vulnerability reduction
  • Develop an awareness of the implications of natural disasters for vulnerable communities

Required Reading: To complete this module, you should read the following and view the presentation:

Required Website and Framework Exploration:

 

Critical Thinking Questions: The following questions are intended to spur your thinking beyond just this topic, how it may relate to the other topics, and how it might be applied to an organization, a critical infrastructure sector, or even a community.

  • Describe the first step you would take in conducting a vulnerability assessment
  • What type of people would be involved in that process?
  • Consider your main sources of information and how would they inform the process?

Module #3 Assignment/Exercise:

Choose a building (can be fictional or real) that is part of the critical infrastructure or a community in general. Select two likely hazards. Develop a 4-column table or matrix, the first column should be the hazard/threat, followed by three specific areas of vulnerability low, medium, and high. In each of those columns add the specific vulnerabilities with which you are most concerned.

 

Learning Module #4 – FEMA Vulnerability Assessment Methodology

Module Description: In this course, certificate candidates will learn FEMA methods for identifying Vulnerability. According to FEMA, “a vulnerability assessment is an in-depth analysis of the building functions, systems, and site characteristics to identify building weaknesses and lack of redundancy, and determine mitigations or corrective actions that can be designed or implemented to reduce the vulnerabilities.” Vulnerability assessment is the ongoing process to help identify areas of weakness, associated with a given hazard, that could have negative consequences for the facility. 

This module provides an overview of the steps in the FEMA vulnerability assessment process, which can be used to help plan and execute the process. It includes an explanation of how to perform a rapid visual screening of a building, which can be one of the first steps in the process. Students will also be introduced to the DHS vulnerability assessment checklist which can be used to accompany a vulnerability assessment conducted in the field. The information presented focuses on vulnerabilities associated with terrorist attacks. However, the methods can be expanded to incorporate the techniques for assessing vulnerability to other than terrorists’ hazards, which are presented in previous modules. 

Upon completion of this module the learner will be able to:

  • Understand and explain the FEMA Rapid Visual Screening process and its use in helping to identify vulnerabilities
  • Identify the tasks in the FEMA vulnerability assessment process
  • Use the FEMA vulnerability assessment checklist as a screening tool for a preliminary design vulnerability assessment
  • Gather sufficient information to be able to assign a vulnerability rating

Required Reading: To complete this module, you should read the following:

Required Website and Framework Exploration:

Critical Thinking Questions: The following questions are intended to spur your thinking beyond just this topic, how it may relate to the other topics, and how it might be applied to an organization or a Critical Infrastructure Sector.

  • Think about the types of hazards that would prompt you to use the FEMA Rapid Visual Screening process
  • When would you recommend a rapid visual screening be conducted?
  • How could the DHS vulnerability assessment checklist be incorporated in an assessment?

Module #4 Assignment/Exercise:

Choose a building (can be fictional or real) that is part of the critical infrastructure. Choose two significant hazards. In two pages or less, provide a summary of the steps you would take to assess vulnerability of your building or complex. Include the titles of the people you would ask to be part of the assessment team.