101.1 Discuss the concept of ORM
- - A decision-making tool used by personnel at all levels to increase effectiveness by identifying, assessing, and managing risks.
- - Increases Navy's ability to make informed decision by providing a standardized ORM process.
- - Minimizes risks to acceptable levels to accomplish the mission.
- - Applies on/off duty, 24/7/365.
101.1 What are the 3 levels of ORM?
- 1. In-depth - ample time to apply the ORM process to the fullest; thorough research and analysis, testing, etc. available
- 2. Deliberate - ample time to apply ORM process to obtain the "best" answer for mission or task
- 3. Time critical - used on daily basis; lack of time for analysis
101.1 What are the 4 principles of ORM?
- 1. Accept risk when benefits outweigh the cost
- 2. Accept no unnecessary risk
- 3. Anticipate and Manage risk by planning
- 4. Make risk decisions at the right level (who can make decision on the risk)
101.2 What are the 5 steps of ORM?
- 1. Identify the hazards
- 2. Assess the hazards
- 3. Make risk decision
- 4. Implement controls
- 5. Supervise (and refine)
101.2 Explain Step 1 of ORM
- 1. Identify the hazards
- - a hazard is any condition with the potential to negatively impact mission accomplishment or cause injury, death, or property damage.
- - Should have the larger portion of the time allotted (can't manage if unknown).
101.2 Explain Step 2 of ORM
- Assess the Hazards
- - determine the associated degree of risk in terms of probability and severity
| Severity || Description |
| Catastrophic I || Loss of ability to accomplish mission; death or disability |
| Critical II || Significantly degraded mission capability, partial disability or severe injury |
| Moderate III || Degraded mission capability, minor injuries |
| Negligible IV|| Little to no advers effect |
| Probability || Description |
| A || Frequent to occur |
| B || Likely |
| C || Occasionally |
| D || Seldom |
| E || Unlikely |
101.2 Explain Step 3 of ORM
- Make Risk Decisions
- Three basic actions to lead to making informed decision:
- - Identify Control Options - develope 1 or more control options (engineering, administrative, or physical)
- -Determine control effects
- - Make risk Decision - are the controls enough to continue
101.2 Explain Step 4 of ORM
- Implement Controls
- -Communicate plan clearly, act on what has been decided, and continue
101.2 Explain Step 5 of ORM
- -Supervise the controls in order to determine effectiveness. Review as necessary.
- Three actions required:
- 1. Monitor effectiveness
- 2. determine the need for further assessment
- 3. capture lessons learned
101.3 Explain the risk assessment matrix and how Risk assessment codes are assigned
101.4 Discuss the fundamentals of Personnel Security
- Relates to the personnel, and need to know regarding classified information.
- Does the person have a clearance? Do they have a need to know? etc.
- Personnel undergo background investigation to determine if eligible to hold a clearance, and are adjudicated following a favorable result.
101.4 Discuss the fundamentals of Information Security
Ensure the information is classified and shared at the appropriate levels
- Information is classified per 4 levels:
- 1. Unclassified
- 2. Confidential - cause damage to the national security.
- 3. Secret - serious damage to the national security.
- 4. Top Secret - exceptionally grave damage to the national security
Information can be further restricted into SCI
101.4 Discuss the fundamentals of Physical Security
Ensure the information/space is properly secured, meets security standards, prevents access of unauthorized personnel, etc.
101.4 Discuss the fundamentals of Communications Security
Utilizing appropriate channels to discuss classified information