Disaster planning for health care delivery systems is a broad and emerging field replete with challenges. For the purposes of this course, we will focus on a critical infrastructure protection approach to addressing these challenges. Furthermore, as is the case in any emerging field, we will continually return to more established fields to inform our understanding. In doing so, we will start with the elements of the federal government's National Infrastructure Protection Program (NIPP) that are founded in the well established field of risk management.

As represented in Figure 1 below, the cornerstone of the NIPP is its risk management framework. This framework establishes the processes for combining consequence, vulnerability, and threat information to produce a comprehensive, systematic, and rational assessment of risk. The risk management framework promotes continuous improvement by focusing on efforts in six areas:

1. Set security goals
2. Identify assets, systems, networks, and functions
3. Assess risk based on consequences, vulnerabilities, and threats
4. Establish priorities based on risk assessments
5. Implement protective programs
6. Measure effectiveness

Figure 1: NIPP Risk Management Framework

(Department of Homeland Security, 2006)

Furthermore, the NIPP notes that "The risk management framework is tailored and applied on an asset, system, network, or function basis, depending on the fundamental characteristics of the individual CI/KR [critical infrastructure/key resources] sectors. Sectors that are primarily dependent on fixed assets and physical facilities may use a bottom-up, asset-by-asset approach, while sectors (such as Telecommunications and Information Technology) with diverse and logical assets may use a top-down business or mission continuity approach" (Department of Homeland Security, 2006).

This distinction between sectors that are primarily dependent on fixed assets and physical facilities and those that are dependent on diverse and logical assets is one way to frame the approach to critical infrastructure protection. Overall the NIPP risk management framework will prove quite valuable as you explore critical infrastructure protection of health care delivery systems. However, since the health care delivery sector straddles both sides of that dichotomy — depending heavily on both physical facilities and logical assets — it is useful to consider other risk management schemas that may inform your analysis throughout the course.