Identifying, assessing and addressing security risk in a rail transit environment requires a process that takes into consideration the likelihood of a threat - or vulnerability of the target to the threat - and the consequence of the incident. It differs from assessing safety risk in that the methodology must consider the element of intent to do harm. Agencies do not have unlimited resources, therefore using a process that helps inform where the greatest potential risk lies can assist in prioritizing the use of those limited resources. It is also critical to understand what elements are actually under the control of the rail agency. Rarely can they impact the threat itself, but they have substantial opportunity to impact the vulnerability of the agency to the threat, and therefore impact the outcome.
1. Define a process and methodology to assess security risk
2. State the prioritization of the application of resources to impact security risk
3. Learn about the elements that comprise risk that are within the agency's control