Analytical Process Model
The CIP process is an analytical model or template to guide the systematic protection of critical infrastructures. More basically, it is a reliable decision sequence that assists leaders in ultimately determining exactly what really needs protection as well as when the protection should be activated. As a time-efficient and resource-restrained practice, the process ensures the protection of only those infrastructures upon which survivability, continuity of operations, and mission success depend. Through utilization of this process, can make a favorable difference if periodically reapplied by EMS leaders, consisting of the following steps:
- Identifying critical infrastructures essential for mission accomplishment.
- Determining the threats against those infrastructures.
- Analyzing the vulnerabilities of threatened infrastructures.
- Assessing the risks of the degradation or loss of a critical infrastructure.
- Applying countermeasures where risk is unacceptable.
To assist leaders and managers of emergency first responders, the EMR-ISAC developed a CIP Process Job Aid as a user-friendly guide for the implementation of the CIP process. The Job Aid is an easy reading document accessible at the following website: http://www.usfa.dhs.gov/downloads/doc/cipc-jobaid.doc . Questions about CIP or the Job Aid can be directed to the EMR-ISAC at (301) 447-1325 or email@example.com.
When applied by the emergency services, CIP is not a product; it is a process to secure the effective protection of mission critical people and systems. While it may be impossible to prevent all attacks against critical infrastructures, CIP can reduce the chances of future attacks, make it more difficult for attacks to succeed, and mitigate the outcomes in the event they do occur. Thus, among all the important procedures or things involved in emergency preparedness, CIP is possibly the most essential component. Without question, it is a practice that the EMS leadership cannot afford to disregard. 
 EMS means “emergency management services”.
NOTE: As a sidenote, although Infracritical agrees with the need for an all-hazards approach for emergency management services (such as NIMS), we foresee that ‘CIP’ will have a far more extensive role as an applied business framework model that may be applied through a critical infrastructure sector-protected organization.