Vulnerability Assessment & Analysis (VAA) Overview
-
Upload
susan-rantall -
Category
Technology
-
view
623 -
download
0
Transcript of Vulnerability Assessment & Analysis (VAA) Overview
![Page 1: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/1.jpg)
VULNERABILITY ASSESSMENT AND ANALYSIS (VAA)
![Page 2: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/2.jpg)
What is VAA?
Decision support methodology to help identify and prioritize defects for elimination.
What is VAA?
![Page 3: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/3.jpg)
Identifies critical equipment and/or systems
What is VAA?
![Page 4: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/4.jpg)
Identifies key vulnerabilities to deliver safe and reliability operations
What is VAA?
![Page 5: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/5.jpg)
Establishes a prioritized defect list for subsequent functional review and remediation
What is VAA?
![Page 6: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/6.jpg)
How does VAA work?
Based on a Hazop style brainstorming approach
![Page 7: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/7.jpg)
How does VAA work?
Involves small groups of engineering and operating staff, plus individual interviews
![Page 8: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/8.jpg)
How does VAA work?
Produces a substantial amount of information
![Page 9: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/9.jpg)
What’s the purpose of VAA?
To analyze, categorize, and prioritize vulnerabilities
![Page 10: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/10.jpg)
And then what happens?
More detailed information is obtained in subsequent studies
FMEAFault Trees
SIL
Level of Protection Analysis
![Page 11: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/11.jpg)
Why?
To validate the risk issues raised in the qualitative Hazop review
![Page 12: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/12.jpg)
An over-arching methodology
VAA can be used on any process during any phase
![Page 13: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/13.jpg)
An integrated approach
When vulnerabilities are discovered that are not immediately manageable
…the action items flow into the appropriate secondary methodology
![Page 14: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/14.jpg)
Classical Hazop methodology
Team of senior representative
s e.g. design,
project, operating staff
Understanding of the process under study, condition of equipment &
consequences of failure
VAA is a blend
![Page 15: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/15.jpg)
Typical output
![Page 16: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/16.jpg)
Methodology
1) Pre-Assessment
2) Facilitated Assessment & Analysis
3) Post Assessment Phase
![Page 17: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/17.jpg)
Pre-Assessment
- Identifying the VAA objectives-Determining measures of success- Finalizing what elements of the
methodology will be included- Ensuring access to information-Developing an assessment schedule
![Page 18: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/18.jpg)
Pre-Assessment
Objectives and measures of success must be tailored to the organization and its needs
![Page 19: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/19.jpg)
Possible objectives could include:
- Identify all critical vulnerabilities- Identify and rank all key assets based
on a common “vulnerability maturity matrix”
- Develop the business case for making vulnerability reduction investments
- Enhance awareness / make VAA an integral part of business strategy
![Page 20: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/20.jpg)
Facilitated Assessment and Analysis
![Page 21: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/21.jpg)
VAA Facilitation Workflow
![Page 22: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/22.jpg)
Facilitated Assessment and Analysis
VAA starts with the fullest description of the system / process and then questions every part of it
![Page 23: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/23.jpg)
Post Assessment
- Ranking vulnerabilities by risk category- Prioritizing assessment
recommendations- Developing an action plan- Capturing lessons learned and best
practices- Conducting periodic assessments to
report progress
![Page 24: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/24.jpg)
Post Assessment
Risk mitigation activities that are low cost or result in cost savings should get special attention
![Page 25: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/25.jpg)
Post Assessment
Other vulnerabilities might require further assessment using quantitative methods in order to identify appropriate risk reduction actions
![Page 26: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/26.jpg)
Deliverables
The VAA process delivers a comprehensive report documenting the study, resulting assessment and identified actions
![Page 27: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/27.jpg)
Deliverables
A typical report may include:- Visual representation of
vulnerabilities and criticalities- Identification of vulnerabilities by
system or area- Vulnerability by category- Prioritized action list- Action by type
![Page 28: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/28.jpg)
![Page 29: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/29.jpg)
![Page 30: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/30.jpg)
![Page 31: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/31.jpg)
Summary
VAA is an over-arching methodology designed to expose and discover vulnerabilities across a wide segment of possible impacts
![Page 32: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/32.jpg)
Summary
FMEA, Risk Assessment, and RCM have a purpose
But that purpose is best served after the VAA
When VAA comes 1st it delivers focus more broadly on consequences from all parts of the system or process
![Page 33: Vulnerability Assessment & Analysis (VAA) Overview](https://reader035.fdocuments.us/reader035/viewer/2022081420/557cd699d8b42a616b8b4926/html5/thumbnails/33.jpg)
About ARMS Reliability
Since 1995, ARMS Reliability has been at the forefront of proactive asset management strategies for a range of blue chip companies throughout the world
Through a unique blend of consulting, education and software solutions, we enable our clients to make better decisions to improve asset reliability.
www.armsreliability.com