This research report describes an initial approach to PCS technical security risk assessment, with attention to the problem of effective risk communication.
Process Control System Security Technical Risk Assessment: Analysis of Problem Domain
Download Resources
PDF Accessibility
One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.
This research report describes an initial approach to PCS technical security risk assessment, with attention to the problem of effective risk communication. This document lays the foundation for advancement of a process that focuses on the methodical assessment of risk such that the assessment results will be readily and easily communicable. The intended audience for the concepts and methods presented in this document includes both (1) the risk assessment team who must gather the data at the lowest levels and translate it into a form meaningful to corporate officers; and (2) the corporate officers who must understand and have confidence in the means used to obtain and present the information to them. Being able to communicate risk effectively, e.g., between a PCS LAN security manager and a corporate general manager, is essential to making the business case for improving PCS security.