Risk Analysis and Management for Critical Asset Protection (RAMCAP)

Developer/Partners: American Society of Military Engineers (2006)

Relevant Hazard/Threat(s): All hazards

Intent: Critical infrastructure risk analysis methodology that calculates risk as a product of consequence, vulnerability, and threat. RAMCAP is comprised of the seven steps and is designed to assist infrastructure owners/operators with identifying risk and applying countermeasures to avert or alleviate the “worst reasonable consequences” stemming from disruption or destruction of system assets

RAMCAP is a seven-step process that assesses risk for a given asset as a product of threat, vulnerability, consequence, resilience, and applied countermeasures. To make RAMCAP uniformly applicable across infrastructure sectors, its creators incorporated a reference set of forty-one threat and hazard scenarios to guide estimations of its terms. The scenarios help guide owners/operators through RAMCAP’s seven steps in estimating values for consequence, threat, vulnerability, and resilience. The use of Reference Scenarios helps RAMCAP meet NIPP risk assessment core criteria for documentation, reproducibility, defensibility, and completeness.

RAMCAP is more of an academic process and not a centralized tool. Interested parties must search for literature online that outlines studies that utilized RAMCAP for their systems.