This paper is built around ASTM E 2506, Standard Guide for Developing a Cost-Effective Risk Mitigation Plan for New and Existing Constructed Facilities. E 2506 establishes a three-step protocol—perform risk assessment, specify combinations of risk mitigation strategies for evaluation, and perform economic evaluation—to insure that the decision maker is provided the requisite information to choose the most cost effective combination of risk mitigation strategies. Because decisions associated with low-probability, high-consequence events involve uncertainty both in terms of appropriate evaluation procedures and event-related measures of likelihood and consequence, NIST developed a Risk Mitigation Toolkit. This paper uses (a) a data center undergoing renovation for improved security, and (b) a PVP-related failure event to illustrate how to perform the E 2506 three-step protocol with particular emphasis on the third step—perform economic evaluation. The third step is built around the Cost-Effectiveness Tool for Capital Asset Protection (CET), which was developed by NIST. Version 4.0 of CET is used to analyze the security- or failure-related event with a focus on consequence estimation and consequence assessment via Monte Carlo techniques. CET 4.0 includes detailed analysis and reporting features designed to identify key cost drivers, measure their impacts, and deliver estimated consequence parameters with uncertainty bounds. Significance of this economics-based intelligence (EI) tool is presented and discussed for security- or failure-consequence estimation to risk assessment of failure of critical structures or components.

This content is only available via PDF.
You do not currently have access to this content.