With cyber risk insurance as the fastest growing segment in property/casualty insurance, the discussion around industrial cyber security has moved from one of best practices and compliance to one of risk management. The emergence of debt rating agency resiliency requirements, regulations and industry standards, boards have increasingly prioritized cyber security as a top enterprise risk.
Too many organizations opt to start with standards based frameworks or maturity models to define their ICS security programs. Adopting these models can actually add risk and often fail to prioritize the most critical enterprise threats. Likewise, relying upon the opinions of Subject Matter Experts to take decisions where data is scarce can create more harm than good in the establishment of ICS security programs.
This talk will focus on using robust methods to define organizational risk tolerances and methods to measure and track programs to prioritized areas of risk. This approach allows ICS security program stewards and stakeholders to more easily demonstrate real improvements in security posture, achieved with security related expenditures.
With more organizations creating dedicated operational technology security structures and responsible executive leaders, the development and maintenance of a mature ICS security program is vital.Sponsored By: Honeywell