(2 in 3 series) Once an organization implements an inventory discovery process, the next step is to identify and prioritize cyber security controls based on potential risk. No amount of security control completely eliminates risk. Rather, the proper application of cybersecurity controls reduces residual risk to an acceptable level for the business.
The stakes are high for industries with process control networks, as the consequences of a successful cyber attack can be particularly devastating – resulting in lost production, damage to equipment, injury or death. Even a small interruption to an industrial control system can mean millions of dollars for an oil refinery or a chemical plant. Therefore, it is critical for process control focused industries to approach cybersecurity controls as a business process, architecting security controls for the PCN based on severity of the business outcome.
In this webinar, we present a methodology for documenting and prioritizing the security threats to the PCN.