Three types of Security-Improvement Options (SIOs) identified in this study include: process-based, technology-based, and infrastructure- or facility-modification. The SIOs identified are specific to the notional (or hypothetical) rail system analyzed. The analysis captures a point in time; the attractiveness of different SIOs in the prioritization is driven by the current costs for those options and their current perceived effectiveness. As costs change and the effectiveness of different options against threats of concern become clearer, the options will need to be revisited to assess any necessary shifts in priority. Notwithstanding study limitations, the methodology presented is useful for planning rail-security options. To understand the vulnerability of rail systems to the terrorist threat, this study constructed a notional rail system. A vulnerability assessment was conducted identifying 11 potential target locations within a notional rail system and 8 potential attack modes. These targets and attack modes were combined to produce 88 different attack scenarios of concern. The end objective was to identify additional increments to security that could be implemented in a cost-effective manner. The goal of this study was to develop a framework for security planners and policymakers that could be used to guide security planning and operational decisions; a framework that is driven by assessments of the foremost threats to, and vulnerabilities of, passenger-rail systems and of the cost-effectiveness of mitigation strategies for addressing those threats and vulnerabilities. Figures, tables, appendixes A and B, and references