Should Cybersecurity Risk Assessments Consider Likelihood? | exida

exida Recorded Webinars

  1. exida
  2. Webinars
  3. Recordings
  4. Should Cybersecurity Risk Assessments Consider Likelihood?

Should Cybersecurity Risk Assessments Consider Likelihood?

Recording Date: July 2021

As the number of major cybersecurity incidents in 2021 continue to rise many organizations are looking at assessing their cybersecurity risks with an increased focus. There are several methodologies outlined for conducting cybersecurity risk assessments including the IEC 62443-3-2 standard (for more information on the IEC 62443-3-2 methodology for risk assessment see: https://gca.isa.org/blog/cybersecurity-risk-assessment-according-to-isa-iec-62443-3-2) and Consequence-driven Cyber-informed Engineering (CCE) outlined by the Idaho National Laboratory (https://inl.gov/cce/ ). While the IEC 62443-3-2 provides options for considering or not considering likelihood, CCE is a fully consequence driven approach. This raises the question of whether or not cybersecurity risk assessments should consider likelihood? In this webinar we will compare the two different approaches to cybersecurity risk assessment looking at the advantages and disadvantages of each approach to provide practical guidance on cyber risk assessment best practices.

View Webinar   

About the Presenter:

Patrick O'Brien

Patrick O’Brien Patrick O’Brien is the Assistant Director of Engineering at exida, LLC, where he helps lead a team of engineers in delivering functional safety, cybersecurity, and alarm management services. He has led cybersecurity risk assessments, training courses, and other lifecycle activities for many different applications, including oil and gas, specialty chemical, critical infrastructure, machinery, and robotics. In addition to his cybersecurity role, he also provides consulting services in the areas of process safety, functional safety, and machine safety. He is a coauthor of Implementing IEC 62443: A Pragmatic Approach to Cybersecurity and the principal author of the CCPS concept book Managing Cybersecurity in the Process Industries – A Risk-based Approach. Patrick represents exida on the International Society of Automation Global Cybersecurity Alliance (ISAGCA). Mr. O’Brien graduated from the Pennsylvania State University with a Bachelor of Science in Chemical Engineering and a Bachelor of Science in German Language and Culture.