Critical Infrastructure Protection
“Homeland security assistance should be based strictly on
an assessment of risks and vulnerabilities.....
...It [Homeland Security] should supplement state and local
resources based on the risks and vulnerabilities that merit
-9/11 Commission Report
Risk & Vulnerability
Applicable to all National Critical Infrastructures:
POSTAL AND SHIPPING
BANKING AND FINANCE
The nation’s Critical Infrastructures face a myriad
of physical and technical threats.
These threats, whether natural, man-made, accidental
or intentional, each carry a certain level of risk that
could compromise national security, public safety, and
Critical Infrastructure owners/operators and U.S.
Government ofﬁcials at all levels have a responsibility
to take action to mitigate these risks.
IIT’s Subject Matter Experts The ﬁrst step in securing Critical
have conducted RVAs of :
Infrastructures is the performance of
Freight and Passenger Rail a full spectrum Risk and Vulnerability
Systems Assessment (RVA).
Ports An RVA is an assessment of an
HAZMAT Transportation organization’s critical assets and the impact
of their degradation, their vulnerability to
exploitation, and the nature and likelihood of
Emergency Operations Centers
and Homeland Security
Installations The successful execution of an RVA requires
U.S. Government and highly skilled, knowledgeable, and trained
Military Installations personnel.
IIT is committed to Critical
Infrastructure Protection. IIT has
IIT, a leader in the Risk Management and
established, and operates 24/7, Information Security ﬁeld, has developed
Information Sharing and Analysis a comprehensive and cost effective Risk
Centers (ISACs) for three Critical
Infrastructure Sectors and the
& Vulnerability Assessment Training
Operations Center (security and Program to meet these needs.
intelligence) for the North American
Freight Railroad Industry.
Gary Williams (email@example.com) or Keith Kennedy (firstname.lastname@example.org)
IIT’s Risk & Vulnerability Assessment Training Provides:
Long-term Security Solution
Immediate Realization of Increased Protection
Turn-Key Operation Complete With Procedures, Policies, and Assessment Formats
Proven, Documented, and Repeatable Risk and Vulnerability Assessment Process
Comprehensive Physical and Technical Risk and Vulnerability Assessment Approach
Hands On Training - Students Learn By Doing
Trained Risk and Vulnerability Assessment Team Consisting of Your Own Personnel
Assessments of Two Critical Infrastructures
Authoritative Response to Proposed / Actual Government Regulations and Inspections
GSA Approved Rates and Schedule; DHS and Emergency Management Performance Grants
The IIT Training Team consists of experienced Subject Matter Experts. IIT’s RVA
process relies upon the U.S. Government, Intelligence Community, Military, and
International “Security Best Practices.” These practices encompass both physical
and technical Risk Management and Vulnerability Assessment methodologies and
RVA Training Curriculum
The Risk and Vulnerability Assessment Program Consists of Two Phases.
CD based interactive training that introduces the methodologies,
techniques, and tools to conduct an RVA.
Three-day classroom instruction focusing on the analytical tools
through a series of practical exercises and case studies.
Seven-day practical application of skills by conducting an RVA
of an actual Critical Infrastructure.
Phase I: Self-Paced Instruction
A 40-hour Interactive CD provides the foundation of the methodologies, tools, and
pertinent guidelines to conducting a Risk and Vulnerability Assessment. Phase I is a
mandatory prerequisite to the second phase of resident training. Subjects include:
Assessment Methodologies and Planning
Vulnerability Assessment Legal Landscape
Critical Infrastructure Interdependencies and Contingency Planning
Analytical Risk Management
Information Systems Architecture and
Gary Williams (email@example.com) or Keith Kennedy (firstname.lastname@example.org)
Phase II: Resident Instruction
A. Classroom Practical Exercises
Days one through three present a series of practical exercises that address the
fundamental skills and tools necessary to conduct an RVA.
Critical Infrastructures and their Interdependencies
Analytical Tools and Techniques
Blast Mitigation Primer
Introduction to Crime Prevention through
Environmental Design (CPTED) Principles Sample Adversary Logic Diagram
B. Vulnerability Assessment Exercise
During days four through ten, student teams conduct an actual Risk and Vulnerability
Assessment of a critical infrastructure. IIT Subject Matter Experts guide the students
through all phases of the assessment:
Assessment Planning and Coordination
Data Collection and Aggregation
IIT TRAINING TEAM
RVA Subject Matter Experts
Gary Williams – Program Manager, Critical Infrastructure Protection
Gary Williams is a Physical and Operational Security RVA Subject Matter Expert. Over the past
decade, he has established an authoritative, comprehensive set of Private Infrastructure, U.S.
Government, Military, and International “Security Best Practices” and methodologies. Mr. Williams
has been instrumental in the execution of RVA’s for the North American Class 1 Freight Railroads,
the Passenger Railroads, Public Transportation, and the Chemical Industry. As a Program Manager
for Critical Infrastructures, he has continued to reﬁne RVA methodologies and develop numerous
distance learning and resident CIP training programs. Retired from 22 years of service with U.S.
Army Special Operations Forces, Mr. Williams has continued to protect the Critical Infrastructure
of the United States through his work conducting Risk and Vulnerability Assessments. Currently
possesses a U.S. Government Top Secret/SCI clearance.
Keith Kennedy - Senior Analyst
Mr. Kennedy is an expert in intelligence analysis and critical infrastructure protection. His recent
efforts include Counter-Terror Information Analysis for Water Utilities, the Class 1 Freight and
Passenger Railroads, and Public Transportation Organizations. Mr. Kennedy is a former U.S.
Amry Intelligence Analyst with experience in information analysis, link analysis, and vulnerability
assessments. Mr. Kennedy performed vulnerability assessments worldwide for the United States
Army. Mr. Kennedy has been instrumental in developing analytical methods and information
sharing initiatives that greatly enhance the security of our critical infrastructure. He co-authored
the comprehensive Risk and Vulnerability Assessment Curriculum. Currently possesses a U.S.
Government Top Secret/SCI clearance.
Craig Thompson – Senior Technical Security Engineer
Mr. Thompson is responsible for technical & cyber vulnerability assessments. His recent efforts
include vulnerability assessments for the Defense Department, Federal Agencies, Water Utilities,
the Class 1 Freight Railroads, and Passenger Railroads. Mr. Thompson is a former U.S. Army
Counterintelligence (CI) Special Agent, whose assignments ranged from leading and conducting
specialized media and network forensics investigations to training CI personnel to perform this
mission. Mr. Thompson is a current member of the National Guard, leading and conducting
advanced security, Computer Defense Assistance Program (CDAP), and vulnerability assessments
(VA), as well as training National Guard soldiers to perform the VA mission. Currently possesses a
U.S. Government Top Secret/SCI clearance.
To coordinate your RVAT course and for more information contact:
IIT CORPORATE PROFILE
EWA Information and Infrastructure Technologies, Inc. (IIT) provides the private and public
sectors with vendor-neutral risk management and information security solutions that are advanced,
comprehensive, and complete.
A wholly owned subsidiary of Electronic Warfare Associates, IIT, was established in 1997
to provide Information Operations and Information Assurance support to both Government
and Commercial customers. Early and continued success has allowed for steady growth and
diversiﬁcation. Today, IIT’s core business areas include Critical Infrastructure Protection,
Homeland Security, Information Operations, Information Technology, Intelligence, Systems
Security Engineering, and Training and Certiﬁcation. With annual revenues of over $30 million,
IIT is a recognized leader in the security ﬁeld.
Dedicated to providing its clients with the highest level of service and support, IIT recruits
and retains only top quality personnel. IIT professionals have extensive problem solving and
intelligence experience. In addition, over 90% have U.S. Government Top Secret security
clearances. Headquartered in Herndon, VA, with employees working in corporate ofﬁces around
the globe, IIT is well equipped to provide a variety of services to protect information, assets, and
Through its collaboration with standards boards such as the International Organization for
Standardization (ISO), and its active participation in national and international professional
organizations, IIT is directly involved in major developments within the security community.
For further information please visit:
EWA Information & Infrastructure Technologies, Inc.
13873 Park Center Road, Suite 200
Herndon, VA 20171