This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2018 ICS Cyber Security Conference! (View the full conference website here)  (You can Register for ICS Cyber Security Conference Here
Wednesday, October 24 • 4:15pm - 5:00pm
Demystifying ICS Cyber Risk

Sign up or log in to save this to your schedule and see who's attending!

ICS cyber risk needs to be normalized with mechanical operational risk for it to be better communicated, understood and managed.

When ICS cyber risk is accurately modeled, measured, quantified and normalized with mechanical/industrial operational risk, it is then demystified.

Plant operations management needs to make effective comparisons between ICS cyber risk and the fifty other risk issues they have on their plate, ones with a historical impact on operations, to make well informed risk management decisions. Metrics and financial analysis rule the day, management needs more than cyber risk heat maps and gap analysis against control frameworks to know how much $$ they should care. ICS cyber risk needs to be normalized with operational risk for it to be better communicated, understood and managed.

To make effective comparisons between cyber risk and operational risk, it is necessary to normalize the analysis results through the use of a common model that generates quantitative financial metrics. Once quantified in a common metric, cyber risk can be de-mystified and evaluated against other high-priority operational risk issues. The result of applying limited budget in appropriate amounts to properly prioritized risk issues results in optimal risk management and therefore more reliable and safe operations.

This presentation will demonstrate by case study the evaluation of both cyber risk and operational risk scenarios for a power plant and how risk mitigation options were evaluated and chosen based on their risk-reduction and cost-benefit merits.

The risk model and analysis methodology used to achieve this normalization is published by The Open Group in 2008 as The Open Group Risk Taxonomy (O-RA, Standard C13K) and the Standard for Risk Analysis.

Using these resources, the audience will learn how to answer the most challenging cyber risk management questions facing the plant operations today: How much cyber risk is there? How much less cyber risk will there be if certain measures are taken? What is the cost-benefit impact and how does this compare to my other risk issues I have to manage?

avatar for Mike Radigan

Mike Radigan

OT Strategy | Strategic Partners, Leidos Cyber
Mike Radigan has a 17 year career in the cyber risk management and network security industries. His subject matter expertise in expressing cyber risk in financial or “business terms” provides a unique and highly valued perspective to decision makers. Mike joined Leidos Cyber... Read More →

Wednesday October 24, 2018 4:15pm - 5:00pm
Windsor DE