The ICM can be used by security professionals to examine actual and potential loss-producing incidents. A loss-producing incident is "an undesired event that results in harm to people or loss to property or process." The structure of the ICM is a pyramid. At the top of the pyramid is the loss. Below it in descending order are the incident (violation), opportunities, and management failures. Analysis of the loss from the incident may encompass lost time, increased operating costs, property losses, and loss of business. The event that precipitates the loss is the incident, which often stems from a combination of violations. The opportunities for an incident are the circumstances present in a situation at or immediately prior to the conduct that produced the incident. Opportunities are nonsecure situations. In the ICM, the primary focal point for analysis and corrective action is at the base of the pyramid, i.e., management failures. Management failures occur in the promulgation of policy and work rules and especially in the setting of standards. When using the model as a tool for factfinding and preventing recurrence of the incident, the security practitioner starts with an examination of the incident and works downward through the pyramid. Proactive analysis, however, begins at the bottom of the pyramid and works toward the top. 7 references