Board Room Decisions: How to Use Threat-Informed Industrial Risk Management-Jason Christopher

Over the past couple of years, cyber risk management has embraced the notion that industrial organizations need to know the impacts of a cyber security incident. How bad is your worst bad day? This can be measured in production outage minutes, health and safety impacts, environmental damages—even in dollars and cents. While this is absolutely one of the best ways to start your organization’s discussions for risk management, it will, over time, not be enough.

Every day you do not suffer from your “worst day,” begs the question “how often will this worst day occur?” Which is quickly followed by, “are we investing in our security program smartly?” Following up from previous SANS ICS Summit talks on industrial risk management, this presentation will explore how to improve your qualified risk assessments with actionable information from threat intelligence to answer executive and board room questions around feasibility for risk-based attack scenarios.

Jason D. Christopher (Certified SANS Instructor and co-author for ICS418: ICS Security Essentials for Managers, and Director of Cyber Risk for Dragos Inc.) will outline practical solutions for measuring threat capabilities mapped to potential industrial attacks that can be built into a sustainable risk management process. Using real-world use cases from actual asset owners, learn how to mature your industrial organization’s risk metrics to both increase security budgets and influence the overall culture to prevent, detect, and respond to cyber threats.

View upcoming Summits: http://www.sans.org/u/DuS

Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE

Видео Board Room Decisions: How to Use Threat-Informed Industrial Risk Management-Jason Christopher канала SANS Institute