The Risk Analysis and Management for Critical Asset Protection (RAMCAP) approach is designed to provide guidance on approaches and methodologies for the following:
- Analyzing risks associated with adversary attacks
- Identifying and developing countermeasures and consequence-mitigation strategies to reduce risks
- Evaluating countermeasures and consequence-mitigation strategies using benefit-cost and other methods to inform resource allocation decisions.
The RAMCAP approach is intended to be a broadly applicable framework for all critical infrastructure sectors. Sector-specific features and examples can be added to fine-tune the approach for a specific sector. The approaches and methodologies employed by RAMCAP are designed to be general in nature and should only be used by experienced risk-analysis practitioners and decision-makers. Existing asset assessments or new asset assessments based on qualitative methods can be used with this approach.