Since the events of September 11, 2001, the increased awareness of security threats to critical infrastructure in the United States has resulted in changes to security processes within many industries and regions.  It became clear that a uniform risk analysis methodology would be necessary to provide consistent results using a common terminology and set of metrics.  The current Framework describes in detail the RAMCAP seven-step process that begins with asset characterization and culminates in a risk management evaluation for the asset, site or system.
 
The purpose of the Framework is to provide an understanding of the RAMCAP process and how it can be used for identifying, prioritizing and coordinating protection of the nation’s critical infrastructure.  The RAMCAP methodology is not a step-by-step guideline for conducting vulnerability assessments in specific industry sectors.  Rather, RAMCAP is a high-level methodology that can be tailored to various sectors, thereby providing a mechanism for comparing risk within a sector and between different sectors.  Sector-specific guidance has already been developed for five industries.  Guidance for additional sectors is currently underway.

Click here to download the RAMCAP Framework for FREE.