Skip To Content
PRM-104 Developing Risk Mitigation Strategies (8 CPE) is a Course

PRM-104 Developing Risk Mitigation Strategies (8 CPE)

Started Mar 29, 2021

$99 Enroll

Full course description

PRM-104 Developing Risk Mitigation Strategies

This course provides a high-level overview of risk assessment and mitigation. It will guide you through the process of assessing risk and developing mitigation strategies. You will learn how to complete your risk assessment using a formula to develop a risk score that incorporates threat, vulnerability, and consequences. You also learn how to use your risk score to inform your mitigation options.

If you have not taken NISRU courses PRM-101 Assessment of Threats and Hazards, PRM-102 Determining Vulnerabilities, and PRM-103 Assessing Consequences and Calculating Risk, PRM-104 assumes you have some prior knowledge or work experience in assessing threats and hazards, determining vulnerabilities, and assessing consequences.

 

Course Learning Outcomes: 

Upon completion of this course, you will be able to:

  • Be able to identify core principles associated with risk assessment that are common to the different methods outlined in this course
  • Understand the FEMA Risk Assessment methodology and Explain how Consequences Rating, Threat Rating and Vulnerability Rating for a specific threat scenario are used as a function of Risk
  • Understand mitigation strategies outlined by FEMA and how to use the risk score to inform your mitigation options
  • Identify hazard mitigation measures that can be taken against various hazards and terrorist attacks

 

Course Reading Materials: 

The following documents, articles, standards, and other reference materials will be used as a basis for this course and are considered mandatory reading for completion of the course. Content from any of these sources may be used as part of the quizzes and other assessments. Specific reading assignments from these sources are included with each Learning Module. Where possible, reading materials are linked from within each Module to the online Course Library; otherwise, external sources will launch in a new window/tab. [NOTE: The use of any private company’s or vendor’s resources are strictly for illustrative purposes and information provided about the Module topic and does not imply any endorsement or recommendation of such vendor or their products or services by InfraGard (INMA) or NISRU.]

 

Required Readings: are referenced below and associated with each learning module.

 

Assignments/Exercises:

For the assignment/exercise in each Learning Module, if you choose to do something related to your own business, you have two choices – (1) use only non-proprietary and non-confidential information actually from your business or (2) use similar information from a fictitious company that you create or that an instructor provides through a description and a series of assumptions. 

 

Learning Module #1:  Risk Assessment – Methodological Approaches

Module Description: In this module certificate candidates will learn to view risk assessment from multiple vantage points. Risk assessment is an important function of risk management. Thus, dozens of risk assessment methodologies and approaches exist. To illustrate the point that there is no one “correct” way to assess risk, this module provides an overview of several approaches to risk assessment that focus on threats and hazards associated with the Homeland Security mission.   Included in this module is the RAND Corporation report which describes the risk assessment methodology it developed for the U.S. Department of Homeland Security (DHS), Office of Policy—Strategy, Plans, Analysis, and Risk (SPAR).  It provides a summary of threats and hazards intended to inform DHS risk management priorities.

Also included in your reading material is an overview of one of the early models of risk assessment, The HLS-CAM.™  It is characterized as a grass roots bottom-up effort, developed by Emergency Responders for Emergency Responders. Being one of the early models it is simplistic in nature and illustrates the different approaches to assessing risk. This is important because it was developed by first responders. To broaden your perspective, we have also provided two additional approaches to risk assessment developed external to the U.S: the “Caribbean Handbook on Risk Information Management,” and the "Risk assessment Fact Sheet" developed by the Canadian Center for Occupational Health and Safety . 

Upon completion of this module the learner will be able to:

  • Understand the differences in risk assessment approaches and their role in protecting critical infrastructure
  • Explain how the RAND National Defense Research Institute (NDRI) risk assessment methodology can improve the Homeland Security approach to infrastructure protection
  • Articulate how the HLS-CAM™ Homeland Security Comprehensive Assessment Model aligns with the RAND approach
  • Be able to identify core principles associated with risk assessment that are common to the different methods outlined in this module

Required Reading:

To complete this module, you should read the following: 

Required Website and Framework Exploration:

Critical Thinking Questions: The following questions are intended to spur your thinking beyond just this topic, how it may relate to the other topics, and how it might be applied to an organization or a Critical Infrastructure Sector.

  • How would your choice of Risk Assessment methods differ if you were assessing risk for a small to medium sized company versus a County of 200,000 people?
  • Which of the methodologies presented in this module would you choose for each? And Why?

Module #1 Assignment/Exercise:

It is important to think of risk as influenced by the nature and magnitude of a threat or hazard, the vulnerabilities to that threat or hazard, and the consequences that could result. Compare and contrast the core components of the  methodologies presented in your readings. In doing so you should outline the Core components; Strengths; Weaknesses and the ideal type of threat or hazard that each should be used for. 

Use no more than two pages to document your findings.

Guidelines for completing your assignment

Apply the concepts from your reading material to support your exercise.

 

Mod 2 FEMA Risk Assessment Methodology

Learning Module #2 – FEMA Risk Assessment Methodology

Module Description: in this module you will be introduced to the FEMA  risk assessment methodology.  Using your knowledge of Consequences Rating,  Threat Rating and Vulnerability Rating for a specific threat scenario, you will learn to calculate a risk score and to use that risk score to prioritize risks.  This involves determining the risk rating using  the Data Collection Form provided by FEMA and tabulating the risk rating using the Risk Scoring Worksheet found in your readings. The values for each of the risk factors determined on the risk rating for each threat scenario is then computed as the product of consequences rating (C), threat rating (T), and vulnerability rating (V), where consequences rating, threat rating and vulnerability rating are threat-specific and building or enterprise-specific. The overall risk assessment rating for the building is then computed using the Equation R = C x T x V, where R is Risk, C is Consequences, and V is Vulnerability.   

Upon completion of this module the learner will be able to:

  • Understand the FEMA Risk Assessment methodology
  • Explain how Consequences Rating, Threat Rating and Vulnerability Rating for a specific threat scenario are used as a function of Risk
  • Calculate a risk score for a building or enterprise
  • Prioritize risks as a prelude to mitigation

Required Reading:

To complete this module, you should read the following:

Required Website and Framework Exploration:

Critical Thinking Questions: The following questions are intended to spur your thinking beyond just this topic, how it may relate to the other topics, and how it might be applied to an organization or a Critical Infrastructure Sector.

  • The “Risk Assessment Reference Manual…”depicts the assessment process used to identify the best and most cost-effective terrorism protective measures for a building’s unique security needs. Consider how you might use this model to assess risk for a given building or enterprise.
  • Which features would work best and which would you opt not to use if the assessment was for a small business. 
  • How would the assessment differ if the hazard was a natural hazard and not a terrorist event?

Module #2 Assignment/Exercise:

Using a building of your choice create  total risk rating tables similar to Tables  4-8 and 4-9 in the FEMA STEP 4: RISK ASSESSMENT document.  Developing a risk rating is the last step in conducting a risk assessment. Your understanding of how to calculate threat, vulnerability, and consequences is critical to being able to complete this exercise. Those topics were covered in other courses and modules.

Guidelines for Conducting Your Assessment and Creating the Table

In creating the tables, you should do the following.

  • Replace “asset value” with “consequences”.
  • The tables provided are simply an example of the functions and infrastructure and are not necessarily meant to be used in an absolute way. You should provide functions and infrastructure that are unique to your building or enterprise.  For example, your building might not have “ daycare” or “ food service” or some of the other functions outlined in the example but might have some sort of processing center where certain kinds of work is performed by employees.  Thus, you should delete the functions that are not applicable and use those associated with the building or enterprise you are assessing. 
  • Since the tables are simply an example of the functions and infrastructure feel free to replace any of those functions or infrastructure elements.
  • As you think about the functions and infrastructure components make sure to include only those that correspond to what exists in your selected building.    
  • And remember the formula: Risk = Threat x Consequences x Vulnerability…use it to do your final calculations of risk    

 

Mod 3 Mitigation Strategies

Learning Module #3 – Mitigation Strategies – A Macro Perspective

Module Description: this module addresses mitigation from a macro perspective. It provides certificate candidates with a high-level overview of mitigation strategies beginning with a review of the 2019 National Preparedness Report which discusses mitigation as one of the mission areas. According to the Congressional Budget Office, the Nation can expect to suffer around $54 billion in annual economic losses that result from damage inflicted by hurricane wind and storm-related flooding. To address these challenges, the Nation is directing additional attention towards mitigation-funding efforts, which includes making fundamental changes to how it approaches building and sustaining mitigation-related capabilities to help reduce the impacts of disasters.

This module also touches on the Global Assessment Report on Disaster Risk Reduction for 2019 produced by The United Nations.  The key to this report is understanding that mitigation efforts are part of disaster risk reduction.  That report touches on how development can be a major driver of disaster risk. For example, locating populations and economic assets in exposed geographic areas, the accumulation of risk in urban areas due to rapid and unplanned developments, and more.

Upon completion of this module the learner will be able to:

  • Understand the FEMA mitigation mission area and associated activities during 2019
  • Explain the Disaster Recovery Reform Act (DRRA) of 2018 and the implications of mitigation through transformational shifts in mitigation policy and funding priorities
  • Use the information outlined in the U.N. Global Assessment Report on Disaster Risk Reduction for 2019 to better understand the nexus between mitigation and disaster risk reduction
  • Understand state mitigation strategies outlined by FEMA and implications for mitigations efforts throughout the country.

Required Reading:

To complete this module, you should read the following:

Required Website and Framework Exploration:

Critical Thinking Questions: The following questions are intended to spur your thinking beyond just this topic, how it may relate to the other topics, and how it might be applied to an organization or a Critical Infrastructure Sector.

  • How would mitigation activities associated with a potential terrorist attack differ from the mitigation activities associated with a natural hazard?
  • What steps would you take if you were engaging in mitigation planning for both a terrorist attack and a natural disaster and how would what we covered in this module apply to a small business enterprise or local government? 
  • Do you think the mitigation efforts in preparation for a terrorist attack, in terms of cost, would be  greater or lesser than the cost of mitigation efforts in preparation for a natural hazard for a small to medium size commercial enterprise?

Module #3 Assignment/Exercise:

Research at least two major hazardous incidents that have occurred, a terrorist attack and a natural hazard,  in any part of the world. In no more than 3 pages, compare the mitigation efforts that should have been required of each.  For each of the incidents you have chosen,  discuss the  mitigation efforts you might recommend in terms of the implications for economics, death and injury, and other personal human cost.

Guidelines for Conducting Your Assessment

Remember to pay special attention to mitigation efforts that might impact or lessen disruptions and the indirect consequences, especially issues like supply chain disruption, psychological impact that could affect commerce, the effect on business, etc. 

 

Mod 4 FEMA Mitigation, Techniques and Tools

Learning Module #4 – FEMA Mitigation, Techniques and Tools

Module Description: In this course, certificate candidates will learn methods for using the results of your risk assessment to identify and prioritize mitigation actions.   Your learning will focus on FEMA mitigation tools and techniques and will be driven by your readings which were all produced by FEMA.  The first document is “Mitigation Ideas…A Resource for Reducing Risk to Natural Hazards.”  The purpose of this document is to provide a resource that communities can use to identify and evaluate a range of potential mitigation actions for reducing risk to natural hazards and disasters. This document covers many natural hazards, but the focus of your readings will be on two of the more prevalent natural hazards experienced in the U.S., flooding and wildfires.

The second reading comes from FEMA “STEP 5: CONSIDER MITIGATION OPTIONS”  This guide will help you to identify and evaluate various mitigation options that are directly associated with and responsive to losses identified.  This document also refers to and includes the use of software called “HAZUS-MH” which is available from FEMA. While this course does not require the downloading and use of this software, this overview may be helpful for those who wish to use it. Mitigation efforts can be completed without the use of this software. Using the methods outlined in this reading, losses are estimated based on the cost to repair or replace damage to, or loss of, the building inventory. As you have learned in other modules and courses, there is more to loss than economic loss, and the cost to replace or repair damaged facilities. While this reading provides a unique perspective focusing on that type of loss, it emphasizes mitigation measures that can reduce the destructive effects of three natural hazards: earthquakes, floods, and hurricanes.

The third reading “Buildings and Infrastructure Protection Series Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings,”  focuses on mitigation actions against terrorist attacks on buildings. One of the objectives of this assigned reading is to provide the tools and guidance to reduce physical damage to structural and nonstructural components of buildings and related infrastructure and to reduce resulting casualties caused by conventional bomb attacks and attacks using Chemical, Biological and Radiological (CBR) weapons.  This document is voluminous (over 500 pages); it is impractical for course like this to assign the entire document as reading material. Thus, your reading assignment focuses on risk management which embodies mitigation efforts and certain aspects of site security design strategies.  Optionally, to further your knowledge, you are encouraged to read other chapters of the document to broaden your perspective concerning mitigation strategies. 

Upon completion of this module the learner will be able to:

  • Understand the FEMA resources available to communities to help them identify and evaluate a range of potential mitigation actions for reducing risk to natural hazards and disasters.
  • Identify and evaluate various mitigation options that are directly associated with, and responsive to, losses resulting from earthquakes, floods, and hurricanes.
  • Identify hazard mitigation measures that can be taken against terrorist attacks on buildings
  • Identify the FEMA tools and guidance available to reduce physical damage to structural and nonstructural components of buildings and related infrastructure and to reduce resulting casualties caused by conventional bomb attacks and attacks using Chemical, Biological and Radiological (CBR). 

Required Reading:

To complete this module, you should read the following:

Required Website and Framework Exploration:

Critical Thinking Questions: The following questions are intended to spur your thinking beyond just this topic, how it may relate to the other topics, and how it might be applied to an organization or a Critical Infrastructure Sector.

  • Which FEMA resources would you recommend to communities to help them identify and evaluate a range of potential mitigation actions for reducing risk to natural hazards and disasters?
  • Which FEMA mitigation options would you recommend for potential losses resulting from earthquakes, floods, and hurricanes, if they were to occur in your geography?
  • How would you use  the FEMA tools and guidance available to mitigate the effects of a potential terrorist attack using a conventional bomb? 

Module #4 Assignment/Exercise:

  • Choose a building (can be fictional or real) that is part of the critical infrastructure.  Using the information obtained from your readings in this module, develop a mitigation strategy to protect your building from a potential conventional bomb attack and an attack using a Chemical, Biological or Radiological (CBR) weapon.  In four pages or less, outline  the differences in your approach to mitigate each type of attack.

Guidelines for Conducting Your Assessment

 

  • For this assignment you should draw a schematic of your building site, displaying the appropriate layers of defense for the different types of attacks outlined above.
  • Remember to include protective measures associated with the different layers of defense.
  • Incorporate security zones where applicable.