ICS OT Cyber Security Risk Assessment

ICS OT Cyber Security Risk Assessment

Knowing the risk of the asset is an important step prior to continuing the ICS OT cyber security assurance process. The SWOT analisys of the ICS OT environment can be determined properly by having the ICS OT Cyber Security Risk Assessment. A thorough risk posture of an existing ICS OT environment is one of the goals of having risk assessment in place

The Activities

The simpliefied ICS OT Cyber Security Risk Assessment milestones consist of 4 core segments as per the following

Team development, charter, reference and documentation

A risk assessment workshop is a process to define, analyze, strategize and plan against the assessed risk level that lies in the ICS OT environment. The Risk Register depicts the security posture of the assessed object.

Alt Text

Controls catalog also known as Risk Register as the RA reference for any follow-up action. The responsible party for each action item should be defined and ensure they understand the responsibilities. Review and revise the Controls Catalog (Risk Register) as per system changes/upgrades (in line with RA review) as required. The Controls Catalog (Risk Register) is the baseline reference as the result of the risk assessment workshop, it also determines the strategic planning that covers the future implementation to close the gap findings, and to ensure the risk level is achieved and maintained under the ALARP level

The implementation of Controls Catalog (Risk Register) action items as per agreed by the Risk Assessment team. The sustainability phase is covering the periodic review of risk assessment (depends on the level of the risk), stewardship against the implementation and continuous improvement against the system in place. RA periodic review is based on the risk category (high, medium, low, etc.). The unplanned review can be performed if any crucial changes happened on the system or some incident happened. The owner and custodian should understand and aware regarding system risk status and its Controls Catalog (Risk Register).

The Critical Steps

Please keep in mind that managing the risk in an ICS OT environment is not a “One Man Show“. It is purely a Team Work that works as a team. Assigning the proper personnel to join the Risk Assessment team is a crucial part, while performing the proper Risk Assessment Workshop is one of the critical steps. The result of the RA workshop in the form of Risk Register (Controls Catalog) will be the baseline reference for the next activity on ICS OT Cyber Security assurance

Keep The Pace

Don't Get Loose

The agreed risk as mentioned in the Risk Assessment result is the basis for implementing the Controls Catalog (Risk Register) and some other proposed security controls to put down the risk at the ALARP level. Don’t get loose on the sustainability phase, the Controls Catalog (Risk Register) stewardship and periodic review will be the window to manage the performance

The Risk Register as the reference point for the next ICS OT Cyber Security Assurance activities

Consider it Risky?

Let us help you to perform ICS OT Cyber Security Risk Assessment, to get a better understanding and proper Risk Profiling of your ICS OT environment. The Risk Register as the final deliverable of this process would be very crucial for your next ICS OT Cyber Security Assurance milestone.