Process Control System Security Technical Risk Assessment: Analysis of Problem Domain
January 2006
Peter Kertzner, The MITRE Corporation
Deborah Bodeau, The MITRE Corporation
Robert Nitschke, Idaho National Laboratory
Jim Watters, The MITRE Corporation
Mary Louise Young, Sandia National Laboratories
Martin Stoddard, Pacific Northwest National Laboratory
ABSTRACT
This research report describes an initial approach to PCS technical
security risk assessment, with attention to the problem of effective
risk communication. This document lays the foundation for advancement
of a process that focuses on the methodical assessment of risk such
that the assessment results will be readily and easily communicable.
The intended audience for the concepts and methods presented in this
document includes both (1) the risk assessment team who must gather
the data at the lowest levels and translate it into a form meaningful
to corporate officers; and (2) the corporate officers who must understand
and have confidence in the means used to obtain and present the information
to them. Being able to communicate risk effectively, e.g., between a
PCS LAN security manager and a corporate general manager, is essential
to making the business case for improving PCS security.
» Download Paper [PDF, 518KB]
Additional Search Keywords
N/A
|
