Deploying Transportation Security Practices in State DOTs (2023) / Chapter Skim
Currently Skimming:
Pages 109-127
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 109... ...
E-1 Appendix E: Toolkit Category 1: Risk Assessments Best Practice 1.1 - The DOT conducts rigorous and candid threat / hazard assessments and consults external stakeholders or peers for review.
|
From page 110... ...
E-2 Absent Practice to Underdeveloped U.S. Department of Homeland Security: TRIPwire TRB: A Self-Study Course on Terrorism-Related Risk Management of Highway Infrastructure U.S.
|
From page 111... ...
E-3 Category 2: Leadership Best Practice 2.1 - The DOT has a leader or coalition of leaders that enforce security policies and model the corresponding behaviors.
|
From page 112... ...
E-4 Category 3: Reporting Incidents Best Practice 3.1 - The DOT has a Safe Reporting Procedure for employees to follow once they detect a possible threat or a potential security breach which may lead to an incident.
|
From page 113... ...
E-5 Absent Practice to Underdeveloped CISA: The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard CARVER+Shock Vulnerability Assessment Tool RAND Corporation Vulnerability Assessment Method Pocket Guide Security Planning and Budgeting Module Underdeveloped to Mostly Developed USAID: Developing a Risk Management Plan Mostly Developed to Fully Developed Emerging Threats and Security Planning Best Practice 4.2 - The DOT delivers targeted training and education to employees annually.
|
From page 114... ...
E-6 Absent Practice to Underdeveloped Staff Skills Inventory (for Emergency Management Planning) Underdeveloped to Mostly Developed Turn Your Employees into Security Advocates How Cybersecurity Advocates Overcome Negative Perceptions of Security Selecting Security Champions Empower Your Employees to Be the First Line of Defense Against Cyber Threats Mostly Developed to Fully Developed Every Security Team Needs an Ace Up the Sleeve.
|
From page 115... ...
E-7 Category 5: Incident Discovery and Response Best Practice 5.1 - Following a security incident occurring within the transportation realm or with stakeholders, the DOT analyzes the attack including actor(s) , motivations, methods, and mitigation failures to identify areas for future prevention.
|
From page 116... ...
E-8 Best Practice 5.3 - The DOT has a Continuity of Operations Plan (COOP) for incidents with a large, sustained impact to operations (e.g., floods)
|
From page 117... ...
E-9 Absent Practice to Underdeveloped FEMA IS-906: Workplace Security Awareness Transportation Research Board: System Security Awareness for Transportation Employees Underdeveloped to Mostly Developed Guidance on Physical and Cyber Security and Reporting of Suspicious Behavior, Activity, and Cyber Incidents Security Awareness Video: 7 Tips for your employees to be able to identify and avoid risks How to Keep Your Workplace Secure Security Awareness Video: Workplace Security Department of Transportation Security Awareness Training Security Training and Education Module Mostly Developed to Fully Developed NIST SP 800-53 Security Awareness Training Best Practice 6.2 - The DOT conducts an Insider Threat Program annually, including updated case studies from both the transportation realm and industry.
|
From page 118... ...
E-10 CDSE: Turning People Around, Not Turning Them In. S1/E2: "Check Out My New Ride" CDSE: Turning People Around, Not Turning Them In.
|
From page 119... ...
E-11 Absent Practice to Underdeveloped DOT Departmental Cybersecurity Policy Fundamental Capabilities of Effective All-Hazards Infrastructure Protection, Resilience, and Emergency Management for State Departments of Transportation Ready.gov All Hazards Planning FEMA National Preparedness Guidelines AASHTO, Fundamental Capabilities of Effective All-Hazards Infrastructure FEMA Comprehensive Preparedness Guide (CPG) 101 Realistic and Effective Exercises Module Underdeveloped to Mostly Developed Job Description Template Mostly Developed to Fully Developed Homeland Security Exercise and Evaluation Program FEMA IS-130.A: How to be an Exercise Evaluator Security Tabletop - Incident Response Planning CISA Tabletop Exercise Package TSA Intermodal Security Training and Exercise Program Guidance for Planning, Conducting and Evaluating Transportation Emergency Preparedness Tabletops, Drills and Exercises Guidelines for Transportation Emergency Training Exercises HSEEP Policy and Guidance Best Practice 7.2 - The DOT exercises crisis response training with potential "black swan" events.
|
From page 120... ...
E-12 Underdeveloped to Mostly Developed The Black Swan: The Impact of the Highly Improbable Exercise: Scenario Planning Mostly Developed to Fully Developed Scenario Planning Video A Pre-Event Recovery Planning Guide for Transportation FHWA Scenario Planning and Visualization in Transportation Scenario Planning Step-by-Step Category 8: Budgeting Best Practice 8.1 - The DOT assesses their budget bi-annually to address emergent security challenges. If necessary, the budget is reworked to minimize impacts on security.
|
From page 121... ...
E-13 Crisis Communications Plan Ten Keys to Improving Emergency Alerts, Warnings & Notifications The Handbook of Crisis Communication Crisis Communication Module Underdeveloped to Mostly Developed Crisis Communications Messaging Best Practices Communication Under Pressure; 8 best practices for managing a crisis Using Mass Notification to Respond to a Terrorist Incident A FEMA Pro Talks Emergency Communications Final Mostly Developed to Fully Developed Testing and Exercising the Crisis Communication Plan Best Practice 9.2 - The DOT prepares social media and messages to the press with statements for various scenarios, ready for immediate distribution during a crisis situation.
|
From page 122... ...
E-14 Absent Practice to Underdeveloped Media Relations: Everything You Need to Know Social Media Module Crisis Communication Module Underdeveloped to Mostly Developed 3 Keys to Successful Media Relations for Federal Communicators Mostly Developed to Fully Developed The PIO-Journalist Relationship: A Relationship Management Perspective on State Government Media Relations Eight Ways to Maintain Beneficial Relationships with Journalists and Reporters Best Practice 9.4 - The DOT decides who will be the "face" of the organization during a crisis, and provides the individual(s) with professional training to properly engage the press and on social media.
|
From page 123... ...
E-15 5. Has your organization made any preparations in case a security incident results in the worksite becoming a crime scene and thus temporarily unusable?
|
From page 124... ...
E-16 How to Proactively Prevent Cybersecurity Threats What is Proactive Cyber Defense? Active, Proactive or Reactive?
|
From page 125... ...
E-17 Bomb Threat Response Module Defense in Depth Module 2b. Does your organization have multiple layers of security in place (layered defense)
|
From page 126... ...
E-18 1. Does your organization invest in and implement physical access controls at worksite locations, e.g., locks and/or security alarms?
|
From page 127... ...
E-19 Underdeveloped to Mostly Developed NIST SP 800-53 Visitor Access Records Visitor Logbook Mostly Developed to Fully Developed FEMA IS-916: Critical Infrastructure Security: Theft and Diversion – What You Can Do Useful Measures to Prevent Unauthorized Access Category 12: Cybersecurity Best Practice 12.1 - The DOT utilizes relevant NIST publications to enhance the cybersecurity posture.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.