Risk Assessment Standards for ICS Environments
The number of Internet connected Industrial Control System (ICS) environments is increasing over time, but their cyber security is still lacking. This lack of cyber security creates risks, and dealing with these risks is often treated as an IT task. However, using classical IT risk assessment methodologies can have adverse effects on ICS functionality and safety. This is why cyber security risks have to be assessed differently in ICS environments. This white paper on "Risk Assessment Standards for ICS Environments" is written by one of our experts Stash Kempinski and discusses a selection of risk assessment standards and compares them to highlight their key differences. The following standards are discussed due to their generality, or their applicability to ICS environments:
- ISO/IEC 31010:2009: Risk management
- IEC 62443-3-2:2020: Security for industrial automation and control systems
- NIST SP 800-30r1: Guide for Conducting Risk Assessments
Each standards has its own pros and cons in practice. While one single standard may turn out to be sufficient to accommodate to
any cyber security needs of an organization, combining different
standards creates a more robust risk assessment. It is also important
to note that the applicability of each standard differs per
organization. This white paper also provides a high-level overview on
the differences in applicability & the decision factors, which makes
it more clear what standard is the most suitable for you as an ICS
manufacturer. Read the white paper to learn more.
More on ICS Security & Standards
Industrial Control Systems (ICS) form the backbone of everyday life, underpinning everything from critical infrastructure to building automation. At Secura, we offer a broad range of services to help you secure your ICS enviroments. Would you like to know more about security testing and/or certifying your ICS/SCADA product or process? Contact us today to discuss our services in more detail and find out which service fits your ICS product best.
Alongside our services, we also offer an Industrial Control Systems (ICS) Security Training, which is a course that is designed to provide attendees with insight into
the ICS security landscape in order to equip them to assess and defend
industrial systems.
Download our Risk Assessment Standards for ICS Enviroments white paper below.
White papers
Risk Assessment Standards for ICS Environments
Download white paper file_downloadFact sheets
ICS SCADA Security Testing & Compliance
Overview of our ICS SCADA Testing & Certification services
Download fact sheet file_download