Leveraging ISA 62443-3-2 For IACS Risk Assessment and Risk Related Strategies

In this white paper, "Leveraging ISA 62443-3-2 For IACS Risk Assessment and Risk Related Strategies," author Hal Thomas provides the reader with an overview of ISA 62443-3-2, “Security Risk Assessment for Design,” as well as a summary of some methodologies that can be used to assist execution of the industrial automation control system (IACS) cyber security risk assessment work process requirements detailed in the standard.

The major steps include:

  • Identification of the System under Consideration (SuC)
  • Perform an Initial Cyber Risk Assessment
  • Partition the SuC into Zones and Conduits
  • Perform a Detailed Level Cyber Risk Assessment
  • Document Updated Cyber Security Requirements for Detailed Design

This white paper is available at no cost. Request your copy by submitting the form to the right, and we'll email you a link to download the file.

Untitled-Project (3)

Learn

Risk assessment work processes are applicable to many sectors, including the industrial process sector, building automation, medical devices, transportation sectors, electrical production, water treatment, and more.
Untitled-Project (2)

Discover

What are the benefits of using a risk-based standards approach? This paper explains how the ISA/IEC 62443-3-2 standard can enhance security across businesses.
Untitled-Project

Stay Up-to-Date

You'll find summaries on the various methodologies for the performance of both vulnerability and risk assessments, as well as guidance on using the standard.
LEVERAGING ISA 62443-3-2 FOR RISK ASSESSMENT
Request Your Copy
Hal Thomas white paper

PERFORMANCE-BASED STANDARDS

The ISA/IEC 62443-3-2 standard defines general requirements and links those requirements to examples of common best practices, such as how to rank risk. You'll learn this and more by downloading "Leveraging ISA 62443-3-2 For IACS Risk Assessment and Risk Related Strategies."
Cyber risk assessments should address uncertainty (at least qualitatively if not quantitatively) since not considering uncertainties can produce misleading and potentially dangerous decisions.
Hal Thomas, author of the guide on behalf of the ISA Global Cybersecurity Alliance