S4: Getting a Handle on Consequences – updated with full video

“In a CyberPHA we leverage processes we had around process safety to bring it into cybersecurity,” Cusimano said. “How do we decide on what consequences could be caused by cyber and drill down on how that could happen. No one person in a facility will understand threats and consequences, it takes a team.”

In a CyberPHA, the user can: • Document the system • Conduct a vulnerability assessment • Partition the system • Conduct a risk assessment • Create mitigation planning

“We identify the worst case consequences and understand how that could happen,” Cusimano said. “That presents a nice picture of an attack scenario.”

UPDATED 09/06/2019 : Full panel is now on YouTube

The entire ISS Source article can be found below: https://www.isssource.com/s4-getting-a-handle-on-cosequences/

#cyberpha #cyberpha #cybersecurity #risk

Learn more about aeCyberSolutions industrial cybersecurity offerings at https://www.aesolutions.com/aecybersolutions

Or jump straight to our assessment offerings, aeCyberPHA - A proven methodology that links realistic threat scenarios with known vulnerabilities and existing countermeasures and couples that with credible consequences from the PHA to determine cyber risk. https://www.aesolutions.com/aecyberpha