ICS Cyber Security Risk Management

ICS Cyber Security Risk Management

Knowing the risk of the asset is like knowing "ourself" prior to go to the battle. The SWOT security posture of the ICS environment can be determined well by having proper risk security posture, and this is why we need the ICS Cyber Security Risk Assessment & Management

The ICS Cyber Security Risk Assessment milestones consist of 4 core segments as per the following list:

Preparation

Team development, charter, reference and documentation

Risk Assessment Workshop

Risk evaluation on the assessed ICS object to define, analyze, strategize and plan against the risk level that is being measured. The Risk Register depicting the security posture of the ICS environment will be the output from this workshop. Following is the summary of the RA workshop sequence:
integrated risk assessment

Controls Catalog

Controls catalog or known as Risk Register as the RA reference for any follow-up action. The responsible party for each action item should be defined and ensure they understand the job at their hands. Review and revise the Controls Catalog (Risk Register) as per system changes/upgrades (in line with RA review) as required. Since Controls Catalog (Risk Register) has the function as the reference point based on the risk assessment workshop, it will also determine the strategic planning that covers the future implementation to fix the gap findings and to ensure the risk level is achieved and maintained under the ALARP level

Implementation and Sustainability

The implementation of Controls Catalog (Risk Register) action items as per agreed by the Risk Assessment team. The sustainability phase is covering the periodic review of risk assessment (depends on the level of the risk), stewardship against the implementation and continuous improvement against the system in place. RA periodic review is based on the risk category (high, medium, low, etc.). The unplanned review can be performed if any crucial changes happened on the system or some incident happened. The owner and custodian should understand and aware regarding system risk status and its Controls Catalog (Risk Register).

The Critical Steps

Please keep in mind that managing the risk in an ICS environment is not “One Man Show“. It is purely a Team Work that works as a team. Recruiting the proper personnel to join the Risk Assessment team is a crucial part while doing the proper Risk Assessment Workshop is also seemed as critical. The result of the RA workshop in form of Risk Register (Controls Catalog) will be the basic reference for the next activity of ICS Cyber Security assurance

Keep The Pace

Don't Get Loose

The agreed risk as mentioned in the Risk Assessment result is the basis for implementing the Controls Catalog (Risk Register) and some other proposed security controls to put down the risk at the ALARP level. Don’t get loose on the sustainability phase, the Controls Catalog (Risk Register) stewardship and periodic review will be the window to manage the performance

The Risk Register as the reference point for the next ICS Cyber Security Assurance activities

Consider it Risky?

Let us help you to perform ICS Cyber Security Risk Assessment, therefore you will have a better and proper Risk Profile and Risk Register for your next ICS Cyber Security Assurance milestone

Contact us for more consultation