"In the long run luck is given only to the efficient" (Helmuth von Moltke)

    Mitigation is a type of long-term, pre-disaster planning which involves repeated expenditures on structural and non-structural issues in an attempt to reduce or eliminate future risks. Mitigation in practice usually considers the medium or long term prospects of safety, and mitigation is the cornerstone of emergency management as it is practiced today.  In many ways, it is the classic example of thinking ahead, using common sense, and doing whatever it takes to achieve some payoff in the future.  Terminologically, mitigation is related to two other concepts of long-term planning: reconstruction and preparedness.  Reconstruction means repair or rebuilding, and preparedness means getting ready or practicing to respond.  Mitigation drives preparedness.  Mitigation involves thinking of ways to lessen the effects of damage to certain structures and planning so that any impact from a future disaster will be ameliorated, or eliminated, if possible.  Amelioration means to change things for the better, and impact can be understood as the consequences, or likelihood, of something happening in the first place.

    Some simple examples of mitigation activities that an emergency manager might do include: promoting flood insurance, urging the structural redesign of buildings, raising or moving homes from flood zones, or just making sure there are appropriate building codes within certain communities.  Mitigation planning involves an assessment of the threats facing a community, such as the likelihood of a terrorist attack, and an assessment of possible targets.  Terrorist mitigation is a somewhat controversial phrase which implies special plans and practices for terrorism need to supplement an all-hazards approach (Bullock et. al. 2005).  Mitigation planning is an ongoing process, with continual reassessments as necessary to ensure proper preparedness.  Some experts argue that there is such as thing as post-disaster mitigation, and that pre-disaster mitigation ought to be called prevention.  The usual division of mitigation into two (2) categories -- (1) structural and (2) non-structural (Alexander 2002) -- is intended to denote the importance of integrated planning in mitigation; that is, the kind of planning which efficiently balances a combination of engineering solutions (like moving homes) with political solutions (like changing the zoning abatements for a community).  Some solutions only have a short window of opportunity to capitalize on public and political support.  Non-structural solutions are often brought in when engineering solutions have become very costly and/or have not resulted in a substantial reduction in losses.  Evacuation planning is sometimes considered a type of non-structural mitigation, but evacuation, as a topic, is more suitable for a discussion about response and recovery.  At this point, it might be helpful to outline the four phases of disaster management (along with their definitions, more precisely defined by Waugh 2000) which make up the topics for this and the subsequent lecture.

Four Phases of Disaster Management

"the reduction or elimination of future risk"

"a practiced state of readiness to respond"

"an immediate reaction or relief that saves lives"

"the process of repair and restoration"

    Mitigation is the buzzword that gets a city or county pass-through federal grant money every year, either under an Act of Congress which specifically mentions the word "mitigation" or any other disaster relief or performance grant.  The amount of money the nation invests in mitigation is not all that great.  The baseline minimum for any community is $12,000 and there are formulas for getting more depending upon population size.  Some communities cannot afford to even have a mitigation specialist, or usually rollover the job function into that of a "planner" position.  Often, a community invests some of its own funds.  Overall, the total national expenditures for mitigation are little more than $165 million per year, and this money is frequently used for all sorts of administration purposes: e.g., conferences, scenario development, planning, exercises, EOC enhancements, testing response plans, public education and outreach, and hazard or vulnerability assessment.  The trick to successful grant-writing for mitigation purposes involves two essential ingredients: (1) involving a wide range of community stakeholders into the planning process; and (2) carrying out a comprehensive risk and vulnerability assessment.  While there are many issues (including conflict of interest issues) surrounding the involvement of stakeholders in mitigation planning, this lecture ignores most of the politics and tries to provide some basic understanding of the theories and purposes.  


    There are many attempts but no good definitions of risk.  Theoretically, philosophically, and historically, risk means the same thing as fortune, fate, or luck.  It can be good or bad.  It is an old Middle Eastern concept (introduced by Arab traders to Europeans in the Middle Ages) and even before then, symbolized by the Roman Goddess Fortuna, the horoscope sign of Virgo, and/or certain metaphors of justice.  Risk is something which is considered ubiquitous (happening all the time and everyday).  It represents life's capriciousness.  The idea that sometimes bad things just happen is the idea of risk.  There is a certain amount of superstition embedded in the concept, in that risk is supposed to govern a society's destiny as well as its prosperity.  In the field of public management, there is consensus that the government ought to be the risk manager of last resort.  The concept of risk is different from the concept of fear, although the terms are closely similar.  A risk is also different from a threat, the latter involving something that is always coercive and negative.  Further, risk is different from hazard, the latter being something that has the potential of causing harm or emergency.  The basic formula is as follows:

(Threat x Vulnerability) x Consequences = Risk

    Most people in the homeland security field regard risk as the product of danger or threat that a tangible impact could occur, the vulnerability of people and things involved, and the degree of exposure to the consequences of the perceived danger or threat.  A couple of quick definitions include risk as “the potential interaction of hazard and vulnerability for a given exposure of the items at risk" or "the likelihood of a given threat attacking a vulnerability and the resulting impact."  There are many specialized fields of study where the word "risk" is the first-word adjective before some other word.  For example, risk management is an integral part of what many professionals call project management, and involves the application of control or monitoring techniques to anything which represents uncertainty and/or can produce failure.  Such loss-control techniques are a common part of auditing and due diligence in the business community.  Another term, risk assessment, refers to a more detailed application of the control techniques to a specific concrete problem, with the problem usually expressed as a quantitative or qualitative value in terms of the perceived likelihood or occurrence of an event.  It is primarily a term found in the fields of safety and security engineering, although it has made inroads into forensic science (e.g., toxicology and epidemiology) as well as emergency management.  Risk analysis involves a comparison of different risks, investigation of their causes, and the context of overall risks, in an effort to prevent or minimize the way they can jeopardize goal accomplishment or mission success.

    Risk can be mathematically expressed as the evaluation of hazard, vulnerability and probabilities, the likelihood of damage or loss multiplied by the number of items at risk; e.g., buildings and personnel.  Mitigation of risk is a function carried out by all people since collectively and individually we live in a risk/threat universe.  Minimizing risk is the fundamental reason why individuals and organizations carry out security measures. All security related activities are a part of risk management.  Risk assessment is the determination of acceptable levels of risk. Any kind of analysis that ties-in specific threats to specific assets with an eye toward determining the costs and/or benefits of protecting that asset is called RISK ASSESSMENT.  Risk is usually a calculated assumption made based on past occurrences.  Threat, on the other hand (as opposed to risk), is a real, instant danger.  Any person, act, or object that poses a danger to security is called a THREAT. Any kind of policy, procedure, or action that recognizes, minimizes, or eliminates a threat is called a countermeasure, and if a countermeasure becomes fairly automated, it is usually called a control.  Controls play an important role in threat analysis.  Risk assessment, however, is usually directed more toward vulnerabilities than threats.  VULNERABILITY is any kind of asset that is mission-critical or essential to vital functions, and anything short of being called a vulnerability is just called a weakness.  The following diagram illustrates the various options that are laid on in a risk matrix based on degrees of impact and probability:

The Risk Management Model
High probability High
Contain and control
Prevent and protect
Safely ignore
Insurance or backup plan
Low probability

    The above model is one way of looking at a RISK ASSESSMENT matrix.  It's the kind of model you'll find in any discipline, whether business, criminal justice, or zookeeping.  Some threats are High impact, which means they have tremendous costs (in dollars to repair or replace).  Others are Low impact, which means they can't do permanent harm.  Some threats have High probability, which means they happen frequently. Others have Low probability.  You'll note that most control procedures are applied in Area I, reflecting a growing penchant for automated procedures with high probability/low impact events.  Far more important, however, is the need to concentrate on Area II, where the high probability/high impact events occur. This area, Area II, or Prevention and protection is the area where most security and prevention efforts need to be directed.  Another more common way of presenting the risk assessment matrix is as follows:


    However, PROBABILITY (of occurrence) and (consequence) of IMPACT SEVERITY may not be the only things to worry about.  The standard risk assessment matrix is only a two-dimensional model.  Time must be considered to make the model three-dimensional.  This is especially important with certain kinds of threats which are detected on short notice, examples ranging from "ticking bomb" terrorism scenarios to impending asteroid collisions.  In such cases, a different kind of risk matrix is needed, as illustrated below:

    Note that when an immediately impending threat is immanent, Area IV becomes just as "risky" as Area II.  This is because we are considering how quickly a threat could appear and how fast we can deal with it.  High risk can be associated with low probability as much as high probability.  Prevention and protection plans should be developed for scenarios in which time inhibits both slow and quick response.  Quick response may not even be possible in some instances, but it is wise to plan for it.  In many ways, this is a fundamental task of the homeland security function and requires envisioning zero-hour projects long before the need for conceiving of such projects.


    Risk analysis (as opposed to risk assessment) usually involves the systematic study of risk conditions and the probable impacts of future events, incidents and disasters. It involves comparison of different risks, investigation of their causes and refinement of estimates with longer-term trends lines or projections. One assumption inherent in most risk analysis is that there must be some concern for the overall context of risks.  In fact, those who argue that terrorist mitigation is "different" usually make the point that the context to be concerned about is the impact of counterterrorism on civil liberties.  However, there are larger concerns, as any urban planner knows.  An area may be susceptible to floods and landslides, but there are also risks from car accidents or aviation crashes, from specific diseases or environmental conditions, and from unemployment or crime.  In fact, risks can come from different directions at any given time.  A needs analysis should be done.  Comparison of all the possible risks is essential in risk analysis, and comparison may reveal that certain risks are much less significant than others, no matter how important they seemed when viewed in isolation.  Risks that the analyst believes are relatively insignificant and must be tolerated are called "residual" risks.  Risks that the analyst believes are likely, given the absence of any event-specific intelligence, should be ranked from "most probable" to "least probable."  The following diagram shows an example of how to put together a comprehensive checklist:

A Checklist of Hazards


Airplane crash


Sustained power failure


Dam failure








Epidemic (biological attack)


Train derailment








Volcanic eruption






Hazardous material spill/release


Winter storm




Workplace violence




Other ______________________




Other ______________________


Mass fatality incident


Other ______________________


Radiological release


Other ______________________

     Hazards have dispersed impact (sometimes called the scale or scope of impact), and are very much dependent upon the type of hazard one faces.  This is all the more reason to be comprehensive, since a cascading effect may occur when multiple hazards impact.  However, in the end, one cannot prepare for everything at once, so prioritization is needed.  The example below illustrates what special event planners use to anticipate the types of threats to be considered in security preparations at Olympic Games, for instance:

Major Event Incidents in Order of Probability (from Most to Least Probable)

1. Hoaxes and threats
2. Minor medical injuries
3. Intellectual property rights violations
4. Crime - pickpockets, frauds, pranks
5. Vehicle and pedestrian movement problems
6. Fire code violations
7. Weather related problems
8. Public health concerns
9. Demonstrations, some potentially violent
10. Attacks on cyber systems
11. Attempts to extort sponsors
12. Natural disasters
13. Bombings by individuals or groups
14. Attacks on vital infrastructure
15. Terrorist attack

  It is impossible to plan for everything; but it is possible to plan for a wide range of possibilities.  Litman (2005) lists the scope of impact factors that are typically raised with a variety of hazards (below):

  Scale Warning Evacu-
Search &
Hurricane Very large Days X X X   X
Earthquake Large None X X X   X
Tsunami Very large Short X X X   X
Flooding Large Days X X X   X
Forest fire Small to large Usually X X X   X
Volcano Small to large Usually X X X   X
Blizzard/ice storm Very large Usually          
Building fire Small Seldom   X X   X
Explosion Small to large Seldom X X X   X
Radiation/chemical Small to large Sometimes X X X X  
Plague Small to large Usually   X   X  
Riot Small to large Sometimes X X      
War Small to large Usually X X     X
Landslide/avalanche Small to medium Sometimes X X X   X

    Quantitative methods are frequently used to do risk analysis.  Casual investigation, simulations, and rigorous research methods may help clarify why risks exist and indicate the means by which they can be reduced. The analysis of data on risk levels can transform a vague qualitative idea of risk into a more precise quantitative, probabilistic one. A full-fledged probabilistic approach (Bedford & Cooke 2001) involves sophisticated notions of release (rate at which the hazard strikes), exposure (vulnerability of populations per unit time), dose rate (impact per person), and background levels (inherent natural risk levels).  However, simpler methods exist which take advantage of logical extensions on most definitions of risk.  The simplest method involves calculations are done with specific risks as a function of the likelihood of a hazardous event (sometimes called the threat probability) times the impact of the event (the scope of impact factor).  Before you can even get to a threat probability, however, you need to know the odds of each risk.  The Risk Quiz at Harvard's Center for Risk Analysis illustrates this, with some pre-calculated odds of dying below:

Annual Odds of Dying Each Year by Specific Cause (odds: 1 in)

Heart Disease
Vehicle Accident
Injury at work
Food poisoning
Bicycle accident

    Impact is simply calculated as scope (how many people involved).  Calculating the likelihood of a hazardous event, or its "threat probability," is a matter of odds-comparison with other risks.  What you end up with when you multiply the odds for any one risk times the expected impact size of the population at risk is something called the "Relative Level of Risk Determination" which, for double-checking purposes, is always a function of threat analysis times impact analysis. [see explanatory table below]

Summary of Risk Assessment Formulas (* =multiplication)

Relative Risk analysis likelihood of hazard * impact of event.
Vulnerability analysis likelihood of threat * scope of impact
Threat analysis scope of impact * source identification * control weaknesses
Mitigation cost to mitigate * level of risk reduction + residual risk

    Vulnerability analysis also makes use of odds-ratios or likelihoods.  A basic rule of thumb is that threats are always examined on the basis of their likelihood, and impacts are always evaluated on the basis of their scope.  Vulnerability is essentially determined in the same way as "relative risk" except that for "threats," the motivations and resources of an attacker (if human) must be considered along with a range of ways to circumvent security around a target.  The range of attacks to be considered on a target ("what if" scenarios or penetration tests) should begin with simple "brute force" or "front door" attacks and then progress to "insider" or "sophisticated" attacks which are not generally known.  The average, or mean, likelihood of success (across all attack scenarios) usually determines the likelihood of threat.  Vulnerability is then simply the product of this times the expected impact (or scope).

    Threat analysis involves scope but also involves calculating the likelihood of precisely knowing the threat source (source identification).  There are man-made sources, natural sources, and common or combined sources of threats.  Intelligence for source identification can sometimes be had using open-source methods, like examining the media, but it behooves the threat analyst to examine as many intelligence sources as possible.  Sometimes, a record of previous attacks that fit the modus operandi become the sole basis for source identification, but more generically (and in the non-human context), any circumstance that has the potential to cause harm should be considered a threat-source.  If the threat-source is already known, all that's needed is to assess the scope of impact along various vulnerabilities (and this is called impact analysis, by the way).  It should be remembered that without a vulnerability, a threat-source does not present a risk, so threat analysis assumes that vulnerability analysis has already been done.  Threat analysis goes beyond vulnerability analysis by looking at weaknesses in the control mechanisms or countermeasures for identified threats.  Control weaknesses may be technical, operational, or management-related, and it might be best to admit here that assessment of control weaknesses is often a subjective matter of judgment, although in recent years, there has been a tendency to evaluate control by the principles of information assurance and security, for which there are five (availability, integrity, authentication, confidentiality, and non-repudiation) according to NSA information assurance guidelines.

    Finally, cost obviously enters into the process of deciding which mitigation efforts to pursue.  The "best" mitigation plan or activity is the one that is cost-effective; i.e. provides an acceptable reduction in risk at the lowest cost, with the least amount of residual risk.  The amount of acceptable risk to absorb is always a management decision.  The amount of cost to mitigate may be something the emergency planner or manager can lobby for.  Once a decision has been made, the emergency planner may want to start calculating "opportunity costs" for the directions not taken.  It's also a good idea to keep track of how security policies tend to change by themselves over time, as sometimes, these "savings" can be the impetus for pursuing even greater risk mitigation.


    Resilience is a concept usually associated with the coordination issues presented by impact, or in other words, by the notion that a system will still continue functioning in at least a rough homeostasis resembling how the system worked before an attack.  RESILIENCE is the up-and-coming buzzword in emergency management as well as terrorism prevention.  It has the potential to deter terrorism.  In theory, if a nation shows extreme resilience by recovering very fast, then to an outside observer (and to terrorists), it looks as if that nation was not laid low at all.  Theoretically, this is supposed to demoralize terrorists.  Sometime around 2005, DHS officials embraced the concept most likely as a way to avoid what happened in Spain during 2004 when terrorists were able to influence the elections there by the Madrid bombings.  Resilience as a strategy hopes to rob terrorists of the one thing they value most when it comes to an attack -- the impact.  Resilience is given prominent mention in Flynn's (2007) book, and as a grand strategy by Palin (2010).

    Related or component parts of the resilience concept are many, and include diversity, redundancy, efficiency, autonomy, and strength.  The resilience concept acknowledges uncertainty and unpredictability in ways that closely resemble a kind of fuhgeddaboudit and move along reaction.  Resilience is about the only game in town when it comes to preparedness for unexpected hazards and/or the adaptive moves of clever adversaries or enemies who will just keep attacking and re-attacking.  Intelligence analysis tends to take on a short-term (100-day) form under a resilience framework, and greater attention is paid to target hardening, of course.  It is expected that an attack will come, or that disaster will strike, but the consequences don't have to be all that tragic.  Neither total success nor total failure should be expected.  In fact, it is possible for a system to learn from failure more than success -- and that is a key aspect of resilience -- to absorb or buffer the attack, observe and adapt to it, and learn from it how to increase capacity before the next attack.  Let's consider some definitions of resilience provided by Armitage (2008):

Definitions of Resilience

1. The ability of a system to absorb or buffer disturbances and still maintain its core attributes 2. The ability of a system to quickly re-organize itself by improving its capacity for learning, adaptation, and change

    Clearly, resilience has got some good aspects to it, but resilience alone cannot win a war on terror.  It only dissipates the impact.  There are strategies for war and strategies for peace (Hart 1967), and resilience as strategy seems to be a protectionist concept with elements of self-preservation suitable for both war and peace.  Time will tell if the concept has staying power.


    Structural engineers are building experts who are often involved in construction safety investigations.  Buildings, bridges, and other man-made structures are not supposed to fail, but, sometimes they do, because of fire, earthquakes, high winds, errors in design and construction, flaws in materials or workmanship, or terrorist attacks.  There are numerous organizations associated with structural engineering and the many contributions it can make to mitigation, particularly in the area of terrorist mitigation; e.g., ACI, AISC, ASCE, IFMA, NAE, NFPA, SEA, the U.S. Army's ERDC, and DoD's DTIC to name a few, but at least since 2002, one agency stands out as an investigator of major structural failures -- NIST (National Institute of Standards and Technology). The 2002 National Construction Safety Team Act, under which NIST operates in the homeland security realm, is modeled somewhat after the pattern by which the NTSB (National Transportation Safety Board) investigates transportation accidents.  The field of criminal justice, by comparison, has few forensic science disciplines that match this level of expertise in engineering and failure analysis.  NIST has conducted or led the following investigations:

Examples of NIST Investigations

Building, Fire & Structural Failures

Natural Disasters

  • Nightclub fire, W. Warwick, Rhode Island, 2003
  • Terrorist attack, Pentagon, 2001
  • Apartment fire, New York City, 1998
  • Terrorist bombing, Murrah Federal Building, 1995
  • Building fire, Happyland Social Club, Bronx, 1990
  • Tank failure, Ashland Oil Co., Pittsburgh, 1988
  • Building fire, First Interstate Bank Building, Los Angeles, Calif., 1988
  • Building fire, Dupont Plaza Hotel, San Juan, 1986
  • Highway ramp failure, East Chicago, 1982
  • Condominium collapse, Cocoa Beach, 1981
  • Cooling tower collapse, Willow Island, W.Va., 1978
  • Apartment building collapse, Bailey’s Crossroads, Va., 1973
  • Earthquake, Kocaeli, Turkey, 1999
  • Tornado, Oklahoma City, Okla., 1998
  • Hurricanes Mitch (Central America) and Georges (Caribbean), 1998
  • Earthquake, Kobe, Japan, 1995
  • Earthquake, Northridge, Calif., 1994
  • Hurricane Andrew, Florida, 1992
  • Loma Prieta Earthquake, Santa Cruz, Calif., 1989
  • Earthquake, Armenia, 1988
  • Earthquake, Mexico City, Mexico, 1985


    Besides conducting neutral, "third-party" investigations into disasters like the WTC tragedy, the basic pattern of the government model for the services of a federal disaster assistance agency like NIST can be to provide guidance and "best practices" on topics like the following:

    Granted, much in the above list draws agencies like NIST into areas of non-structural mitigation, but indeed, there are important scientific facts every individual, family member, first responder, and community ought to know.  Family-based disaster planning should not be overlooked or understated.  To cite just a few examples of scientific facts everyone ought to know (Bullock et. al. 2005), vehicles are not airtight enough to withstand a chemical hazard, certain homemade nose and mouth filters may withstand a biological attack, and some stable-looking buildings are not so stable in a nuclear attack.  On some of the other topics in the list above, there is little question that the involvement of disaster scientists in criminal justice, criminalistics, and fire safety is a good thing.  Scientific or engineering expertise is rarely brought to bear, however, on community issues.  An "opportunities" approach tends to characterize the government's pattern in this regard, as exemplified by various volunteer CERT groups and the like.  However, it remains to be seen if good mitigation springs from these organizations or they simply fulfill a desire to be prepared.  Nevertheless, the potential for such initiatives is great, and it is perhaps academia who is dropping the ball here, as the sociological phenomenon of civic voluntarism has yet to be jumped on by researchers.  There is nothing wrong with local communities trying to improve their homeland security capabilities, and they should be assisted in as many ways as possible.     


    One area where more extensive work is needed is in the area of reciprocal aid.  Reciprocal aid (or mutual aid) agreements are formal agreements with neighboring jurisdictions to furnish mutual or reciprocal aid.  Reciprocal aid agreements also play a key role in how civilian authorities can use military resources.  A reciprocal aid agreement should specify several things very clearly and, if necessary, in separate form for each of the jurisdictions involved. Exactly what is to he provided in given circumstances should be spelled out in terms of manpower, equipment, vehicles and supplies, as appropriate. The duration of such external assistance should be specified, along with any limitations to be placed on it. Unless the financial burden of supplying reciprocal aid is deemed to he roughly equal between the parties, arrangements may have to be spelled out for financial compensation. It may also be appropriate to state the conditions in which mutual aid is not expected to be furnished. Finally, there are cases in which mutual aid is best mapped out at a conference attended by various jurisdictions, in order to ensure that the assistance is efficiently planned, rather than provided for in a series of bilateral agreements that tend to duplicate resources or lead to imbalances.  According to Alexander (2002), sociologists have classified five (5) organizations that operate in disasters:



    Preparedness in the field of emergency management can best be defined as "a state of readiness to respond to a disaster, crisis, or other emergency situation."  General, or long-term preparedness encompasses the marshalling of resources in the areas of prediction, forecasting and warning against disaster events.  It also involves education and training initiatives, and planning to evacuate vulnerable populations from threatened areas. It often takes place against a background of attempts to increase public and political awareness of potential disasters and to garner support for increased funding of mitigation efforts.  Short-term preparedness means to prepare for certain disasters once they have begun or begin to occur.  In this latter sense, preparedness means to prepare as much as possible for known disasters, and the best preparations are always about what we know best.  The best preparation is to get ready, plan, organize, set up, and practice some drill or test.  Good preparedness means proper planning, resource allocation, training, and simulated disaster response exercises.  It is important to conduct exercises to ensure that skills, equipment, and other resources can be effectively coordinated when an emergency occurs.  Exercises also provide a good opportunity to identify organizational and departmental shortcomings and take corrective action before an actual event takes place.


    Airports, hospitals, and other healthcare facilities must conduct an exercise once every 2 years to maintain their certification or license to operate, and many employers are required by OSHA (Occupational Safety and Health Administration to have an emergency action plan that is in accordance with OSHA guidelines.  The NRC (Nuclear Regulatory Commission) also requires nuclear power plants test their disaster plans yearly, and conduct a full-scale exercise every two years.  The U.S. Department of Justice also plays a doctrinal role in how state-level Departments of Homeland Security ought to engage in exercise planning and management.


    There are five (5) kinds of exercises that can be conducted in the name of emergency preparedness: (1) orientation; (2) drill; (3) tabletop exercise; (4) functional exercise; and (5) full-scale exercise.  The difference between the last two is that a full-scale exercise usually involves people playing the role of victims, and the word "scenario" is usually applied to any exercise which has lots of enhancements or props to make it seem realistic.  Good planning for the exercise may take up to three months prior to the event, but recommendations or "lessons learned & Best Practices" should be finished no later than three weeks afterwards.  An exercise doesn't really "end" with a fixed stopping point until the person or persons playing the role of evaluator have collected enough information.       

    The simplest example of a preparedness exercise would be an evacuation drill, or more precisely, an orientation on the location of escape exit routes with estimated clearance times.  The NFPA (National Fire Protection Association) sells manuals on how to conduct evacuation drills.  A good drill would include the routes people should take, where stockpiles of medical supplies are stored, how emergency and medical personnel should deploy, and a test of hospital capability to handle certain patients or injuries.  Advanced disaster simulations or scenarios can be done utilizing a National Guard Bureau's J5 (IA) Unit, or any of the state National Guard units which have an elite WMD-CST (weapons of mass destruction, civil support team).  The National Response Center, staffed 24 hours a day by the Coast Guard, is also a place where elite training is done, and foremost among the many lessons learned from training exercises include the biannual TOPOFF (Top Officials) drills.  FEMA supports many simulation exercises, and in fact has a Master Curriculum Guide at the EMI (Emergency Management Institute) website, and also collects "Smart Practices" that exemplify good local preparedness activities.  Some of the lessons learned from conducting disaster simulations at the national or international level include the following:

    Clearly, emergency response drills and simulation exercises are worth the effort.  Exercises help evaluate an organization’s capability to execute one or more portions of its response plan or contingency plan, and research has shown that people generally respond to an emergency in the way that they have trained.

A Plague on Your City: Observations from TOPOFF (pdf)
A Primer on Disaster Preparedness for Records Management
American Planning Association
CDC Emergency Preparedness Website
Dartmouth College's Institute for Security Technology
DHS National Incident Management System Best Practices
Disaster Mitigation Act of 2000: A New Beginning
EKU's Online Programs in Fire & Safety Science
FEMA Guide to Citizen Preparedness
FEMA Mitigation Division Homepage

FEMA Mitigation Planning How-To Guide
George Washington Univ. Institute for Disaster Management
Harvard Center for Risk Analysis
Heritage Emergency National Task Force
Library of Congress Emergency Preparedness Plan
National Council on Readiness and Preparedness
National Law Enforcement & Corrections Technology Center (NLECTC)
National Safety Council's Emergency Preparedness Website
NIST Building & Fire Research Laboratory
NIST Report on World Trade Center Collapse
Protecting Buildings from Bomb Damage
Society for Risk Analysis
Univ. of Sydney Report on WTC Collapse

Alexander, D. (2002). Principles of emergency planning and management. NY: Oxford Univ. Press.
Armitage, D. (2008). "Governance and the commons in a multi-level world." International Journal of the Commons 2(1): 7-32.
Bannister, J. (1997). How to manage risk. London: LLP Limited.
Bedford, T. & Cooke, R. (2001). Probabilistic risk analysis. NY: Cambridge Univ. Press.
Bellavita, C. (2007). "Changing homeland security: A strategic logic of special event security." Homeland Security Affairs III, no. 3 (September).
Biggs, J. (1964). Introduction to structural dynamics. NY: McGraw Hill.
Broder, J. (1999). Risk analysis and the security survey. NY: Butterworth-Heinemann.
Bullock, J., Haddow, G., Coppola, D., Ergin, E., Westerman, L. & Yeletaysi, S. (2005). Introduction to homeland security. Boston: Elsevier.
Cameron, G. (1998). "The likelihood of nuclear terrorism," Journal of Conflict Studies (Fall): 5-28.
Chavas, J. (2004). Risk analysis in theory and practice. San Diego: Academic Press.
Defense Research LLC. (2004). Terrorism preparedness. Washington DC: Defense Research LLC.
Erickson, P. (1999). Emergency response planning for corporate and municipal managers. San Diego: Academic.
Flynn, S. (2007). The edge of disaster. NY: Random.
Godschalk, D. (1986). Mitigation strategies and integrated emergency management. Chapel Hill: Univ. of NC Press, Center for Urban and Regional Studies.
Godschalk, D., Beatley, T., Berke, T., Brower, D. & Kaiser, E. (1999). Natural hazard mitigation. Washington DC: Island Press. [sample excerpt]
Gordon, J. (2002). Comprehensive emergency management for local governments. NY: Rothstein Associates.
Haddow, G. & Bullock, J. (2003). Introduction to emergency management. Boston: Elsevier.
Hart, B.H.L. (1967). Strategy, 2e, reprint. NY: Frederick A. Praeger.
Herrmann, D. (2001). A practical guide to security engineering and information assurance. Boca Raton, FL: CRC Press.
Hopkins, L. (2001). Urban development: The logic of making plans. Washington DC: Island Press.
Jerolleman, A. & Kiefer, J. (Eds.) (2012). Natural hazard mitigation. Boca Raton: CRC Press.
Kaplan, S. (1997). "The words of risk analysis." Risk Analysis 17(4): 407-418.
Kaiser, E., Godschalk, D. & Chapin, S. (1995). Urban land use planning. Champaign-Urbana: Univ. of Illinois Press.
Kelly, E. & Becker, B. (2000). Community planning. Washington DC: Island Press.
Kelly, R. (1989). Industrial emergency preparedness. NY: Wiley.
Krauthammer, T. (2004). “Conventional blasts, ballistic attack, and related threats.” The Construction Specifier (May): 73-84. [author's website]
Leflar, J. & Siegel, M. (2013). Organizational resilience. Boca Raton: CRC Press.
Leonard, B. (1988). Guide to exercises in chemical emergency preparedness programs. NY: Diane Pub. Co.
Litman, T. (2005). "Lessons from Katrina." Victoria, BC: Victoria Transport Policy Institute.
Longinow, A. (1995). "The threat of terrorism: Can buildings be protected?" Building Operating Management (July): pages unknown.
Molak, V. (1996). Fundamentals of risk analysis and risk management. Chelsea, MI: Lewis Publishers.
Nicholson, J. (2003). "Design of public buildings." Pp. 61-64 in R. Kemp (ed.) Homeland security: Best practices for local government. Washington DC: ICMA.
Nudell, M. & Antokol, N. (1988). The handbook for effective emergency management. Lexington, MA: Lexington Books.
Omika, Y., Fukuzawa, E., Koshika, N., Morikawa, H. & Fukuda, R. (2005). "Structural responses of world trade center under aircraft attacks." Journal of Structural Engineering 131(1): 6-15.
Palin, P. (2010). “Resilience: The Grand Strategy.” Homeland Security Affairs 6, issue 1 (January),
Perry, R. (1985). Comprehensive emergency management. Greenwich, CT: JAI Press.
Rodriguez, H., Quarantelli, E. & Dynes, R. (Eds.) (2006). Handbook of disaster research. NY: Springer.
Quarentelli, E. (1979). Studies in disaster response and planning. Newark: Univ. of Delaware Disaster Research Center.
Schneid, T. & Collins, L. (2000). Disaster management and preparedness. Chelsea, MI: Lewis Publishers. [sample excerpt]
Veenema, T. (2003). Disaster nursing and emergency preparedness for chemical, biological, and radiological terrorism. NY: Springer.
Vose, D. (2000). Risk analysis: A quantitative guide. NY: Wiley.
Waugh, W. (2000). Living with hazards: Dealing with disasters: An introduction to emergency management. NY: M.E. Sharpe.
White, Jonathan. (2004). Defending the homeland. Belmont, CA: Wadsworth.

Last updated: Jan. 19, 2014
Not an official webpage of APSU, copyright restrictions apply, see Megalinks in Criminal Justice
O'Connor, T.  (2014). "Mitigation and Preparedness," MegaLinks in Criminal Justice. Retrieved from