Cyber Security Risk Management
Effective risk management is at the heart of industrial cyber security best practice. Adopting a risk-based approach allows you to assess the strengths and weaknesses of security decisions within a complex operational environment. There are many standards, frameworks and regulations which need to be considered when implementing a cyber security risk management program; these can be challenging even for the most experienced professionals.
Understanding the Cyber Risk
Industrial control systems (ICS) are often considered to be isolated systems, shielded from the risks of cyber-attack. However, with the advent of the Industrial Internet of Things (IIoT) and the convergence of the Information Technology (IT) and Operational Technology (OT) domains, increasingly industrial control systems are becoming exposed to the same security vulnerabilities as IT systems.
Yokogawa's Plant Security Program helps you create a risk assessment for your Operational Technology (OT) domain which consists of three risk assessment stages:
- Technical Risk Assessment (TRA):
A TRA assesses the security vulnerabilities, actual security level and the gap between the actual and target security level following the IEC-62443. Also, any risks associated with network assets (e.g. software, network, and computers) are determined. Additionally, we can perform a detailed scan of your network for in-depth asset visibility and complete threat analysis for your network and connected assets.
- Operational Risk Assessment (ORA):
The ORA defines the security risk associated with the organisation and processes (e.g. incident management) and determines the risk associated with your Cyber Security Management System.
- Business Risk Assessment (BRA):
The BRA determines the security risk associated with uncertain conditions from the OT domain that could be a threat to your business continuity.
Additionally, we can perform a detailed scan of your network for in-depth asset visibility, and complete a full threat analysis for your network and connected assets.
The outcome of the Risk Assessment is referred to as the OT cyber security baseline. We consider this baseline as the starting point and a prerequisite for the development of an OT security program.
Looking for more information on our people, technology and solutions?Contact Us