Evaluating ICS Vulnerabilities - Prioritization and Mitigation Strategies
Offered By: Dragos: ICS Cybersecurity via YouTube
Course Description
Overview
Explore the critical aspects of Industrial Control Systems (ICS) vulnerabilities in this 24-minute conference talk from the DISC-SANS ICS Virtual Conference. Delve into the 2019 vulnerability year in review report with Katherine Vajda, Dragos Senior Intelligence and Vulnerability Analyst. Gain insights on processes and drivers for prioritizing and understanding vulnerability risks within ICS environments. Learn how to maximize return on investment for mitigation efforts. Examine key findings, the Purdue Model, and Dragos' approach to vulnerability assessment. Understand the importance of answering crucial questions about vulnerabilities, prioritization techniques, and the Dragos Threat Score. Analyze specific examples involving Rockwell Automation and General Electric products. Explore patching, mitigation strategies, risk-based approaches, and monitoring techniques. Conclude with valuable recommendations for vendors and ICS-CERT to enhance overall ICS cybersecurity.
Syllabus
Intro
Key Findings
Goofy Venn Diagram
Purdue Model Example
Dragos Process
Dragos Sources
Answer the Three Questions
Do we understand the vulnerability?
Prioritization
Dragos Threat Score
Rockwell Automation Connected Components Workbench
General Electric Communicator
Patching
Mitigation
Risk-Based Approach
Monitoring
Recommendations for Vendors and ICS-CERT
Taught by
Dragos: ICS Cybersecurity
Related Courses
Evaluación de peligros y riesgos por fenómenos naturalesUniversidad Nacional Autónoma de México via Coursera Internet Security
openHPI Planning a Security Incident Response
Microsoft via edX Cyber Security
CEC via Swayam Ethical Hacking
Indian Institute of Technology, Kharagpur via Swayam