研讨会 - OT网络安全风险评估.pdf

《研讨会 - OT网络安全风险评估.pdf》由会员分享，可在线阅读，更多相关《研讨会 - OT网络安全风险评估.pdf（43页珍藏版）》请在三个皮匠报告上搜索。

1、OT CYBER SECURITY RISK ASSESSMENTSWorkshop:Paul PiotrowskiWorkshop:Paul PiotrowskiINTRODUCTIONPaul Piotrowski ICS410 Certified InstructorPrincipal OT Cyber Security Engineer Shell22+years in Shell in various security roles including network operations,risk governance and compliance,audit,incident ma

2、nagement,forensics,project management and capital projectsHelped create the GICSP Cert(#50)Consult on Global Capital Projects and support Shells Operated and Non-Operated Assets globallyInvolved with SANS over the last 15 years on various initiativesHobbies:family,adventure riding,sports,traveling,c

3、ulinaryInvolved in over 50 ICS Cyber Security Risk AssessmentsCerts:GICSP,GRID,GCIP,CISSP,CRISCCONTEXT AND GROUNDINGINTRODUCTION Being able to perform OT Cyber Security Risk Assessments for an organization is important;With the changing cyber threat landscape,it is becoming more critical for organiz

4、ations to be able to execute risk assessments,understand and mitigate their OT Cyber Risk.Drivers to do assessments vary depending on industry and organization:Understanding operational risk Regulatory Requirement(s)driven by industry(i.e.IEC 61511-1 requires it for SIS)Providing internal and extern

5、al assurance Justifying(non)investment decisions(secondary)What are the consequences of not performing an assessment?Undetected or unmanaged OT Cyber Security risk may exist within your asset and/or Cyber security controls may be deployed that are not necessary Resulting in Financial Business Loss,i

6、ncreased support costs and undetected Cyber vulnerable HSSE risk scenariosIEC 62243-3-2 METHODOLOGY AND GOALMany organization struggle to be able to complete an assessmentWhy?It is a new requirement,and the skill level required to be able to successfully facilitate an assessment is unique and rareWe