Evaluating ICS Vulnerabilities - Prioritization and Mitigation Strategies
Offered By: Dragos: ICS Cybersecurity via YouTube
Course Description
Overview
Explore the critical aspects of Industrial Control Systems (ICS) vulnerabilities in this 24-minute conference talk from the DISC-SANS ICS Virtual Conference. Delve into the 2019 vulnerability year in review report with Katherine Vajda, Dragos Senior Intelligence and Vulnerability Analyst. Gain insights on processes and drivers for prioritizing and understanding vulnerability risks within ICS environments. Learn how to maximize return on investment for mitigation efforts. Examine key findings, the Purdue Model, and Dragos' approach to vulnerability assessment. Understand the importance of answering crucial questions about vulnerabilities, prioritization techniques, and the Dragos Threat Score. Analyze specific examples involving Rockwell Automation and General Electric products. Explore patching, mitigation strategies, risk-based approaches, and monitoring techniques. Conclude with valuable recommendations for vendors and ICS-CERT to enhance overall ICS cybersecurity.
Syllabus
Intro
Key Findings
Goofy Venn Diagram
Purdue Model Example
Dragos Process
Dragos Sources
Answer the Three Questions
Do we understand the vulnerability?
Prioritization
Dragos Threat Score
Rockwell Automation Connected Components Workbench
General Electric Communicator
Patching
Mitigation
Risk-Based Approach
Monitoring
Recommendations for Vendors and ICS-CERT
Taught by
Dragos: ICS Cybersecurity
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network