当前位置:首页 > 报告详情

研讨会 - OT网络安全风险评估.pdf

上传人: 可*** 编号:991852 2025-12-07 43页 2.83MB

1、OT CYBER SECURITY RISK ASSESSMENTSWorkshop:Paul PiotrowskiWorkshop:Paul PiotrowskiINTRODUCTIONPaul Piotrowski ICS410 Certified InstructorPrincipal OT Cyber Security Engineer Shell22+years in Shell in various security roles including network operations,risk governance and compliance,audit,incident ma

2、nagement,forensics,project management and capital projectsHelped create the GICSP Cert(#50)Consult on Global Capital Projects and support Shells Operated and Non-Operated Assets globallyInvolved with SANS over the last 15 years on various initiativesHobbies:family,adventure riding,sports,traveling,c

3、ulinaryInvolved in over 50 ICS Cyber Security Risk AssessmentsCerts:GICSP,GRID,GCIP,CISSP,CRISCCONTEXT AND GROUNDINGINTRODUCTION Being able to perform OT Cyber Security Risk Assessments for an organization is important;With the changing cyber threat landscape,it is becoming more critical for organiz

4、ations to be able to execute risk assessments,understand and mitigate their OT Cyber Risk.Drivers to do assessments vary depending on industry and organization:Understanding operational risk Regulatory Requirement(s)driven by industry(i.e.IEC 61511-1 requires it for SIS)Providing internal and extern

5、al assurance Justifying(non)investment decisions(secondary)What are the consequences of not performing an assessment?Undetected or unmanaged OT Cyber Security risk may exist within your asset and/or Cyber security controls may be deployed that are not necessary Resulting in Financial Business Loss,i

6、ncreased support costs and undetected Cyber vulnerable HSSE risk scenariosIEC 62243-3-2 METHODOLOGY AND GOALMany organization struggle to be able to complete an assessmentWhy?It is a new requirement,and the skill level required to be able to successfully facilitate an assessment is unique and rareWe

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,以下是全文关键点的概括: 1. **作者背景**:Paul Piotrowski,Shell的OT网络安全工程师,拥有22年以上网络安全经验,参与过50多次ICS网络安全风险评估。 2. **风险评估重要性**:随着网络威胁的演变,组织执行风险评估、理解并减轻OT网络安全风险变得越来越重要。 3. **风险评估驱动因素**:理解运营风险、满足行业法规要求、提供内部和外部保证、证明(非)投资决策。 4. **风险评估后果**:未检测或未管理的OT网络安全风险可能导致财务损失、增加支持成本和未检测的网络安全风险。 5. **IEC 62243-3-2方法论**:提供准备、执行和报告风险评估的建议和最佳实践。 6. **案例研究**:Windsor Industries的OT网络安全风险评估,包括识别系统、初步风险评估、确定区域和通道、详细风险评估、控制识别和选择、报告结果。 7. **风险评估团队**:包括控制/安全系统工程师、操作员、网络工程师、网络安全专家、IT(取决于组织)、治理、风险、审计、业务/财务分析师等。 8. **风险评估结果**:建议的控制措施是可行的,提高了对ICS风险的理解,并有兴趣在其他单位进行进一步的风险评估。 9. **最终思考**:OT网络安全风险评估具有挑战性,但通过迭代方法可以完成,建议建立内部能力,必要时寻求外部帮助。
揭秘风险!" "如何打造安全的工业控制系统?" 你了解多少?"
客服
商务合作
小程序
服务号
折叠