scada-risk-management-1
Q1. Patching ICS/SCADA systems are riskier than a traditional IT systems, and the book refers to three fundamentals of patching ICS/SCADA. Find an article about ICS/SCADA patch and /or change management and how it relates to at least one of the fundamentals. How might you use the information you find to an organization such as in your final project.
Q2. Identify, Measure, and Manage Risks
1. Identify risks:
Risk is a function of M, AV, T, and V:
R = f (M, AV, T, V)
R – risk, M – mission importance, AV – asset values, T – threats, V – vulnerabilities
2. “Whatâ€: what is the problem/challenge in managing risks and auditing the ICS? Explain how you might measure
“Whyâ€: why do you need and want to solve the problem?
“Howâ€: how do you economically solve it?
Identify Security Controls
3. Select security controls based on results from “Industrial Control System Processes Employed†and “Profile ICS Devicesâ€:
Reference either ICS CERT CSET or NIST 800-53, Security and Privacy Controls for Federal Information Systems and Organizations,
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf