Risk assessment for ICS or SCADA?
Assign topic to the user
Answer:
From my point of view, NIST 800-82 is a security guide for the Industrial Control Systems (ICS) and SCADA systems, but this standard does not define how to perform a risk assessment.
ISO 27005 is a code of best practices that can help you to develop your own methodology for the risk assessment & treatment, but remember that is focused in information security, and is very global, but from my point of view you can use ISO 27005 using also the list of threats/vulnerabilities of NIST 800-82 (which are specific focused to ICS and SCADA systems) and on this way you can develop your own methodology (with NIST 800-82 and ISO 27005).
Anyway, with this article you can also develop your own methodology “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/, although it doest not include threats/vulnerabilities related to ICS and/or SCADA, but you can use NIST 800-82 for this.
Finally, our online course can be also interesting for you because we give more information about the risk assessment & treatment “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 15, 2016