Keeping Things from Blowing Up: Consequence-Based Risk Management in ICS – with Jim McGlone

Mar 28, 2019

Abstract:

Jim McGlone of Kenexis will lead a discussion of Consequence-Based Risk Management and its use in planning the security of industrial control and automation systems to Keep Things From Blowing Up.

Description:
Manufacturing and process plants with the potential for harm to people, assets, or the environment, need to be protected against very real physical consequences generated from cyber-attack. The starting point for developing a program for cyber security is an assessment of the vulnerability of the process to cyber-attacks.

We will discuss how existing methods for risk analysis can be expanded with an additional “cyber review” called a Security Process Hazard Analysis Review (SPR) to determine if any cyber-attack vectors can cause significant damage and how we can make recommendations to reach the corporate risk tolerance.