RISP™ is a Risk-Informed Security Professional training certification. Learn to be an IACS risk-informed security professional through this "hands-on" training program. This certification benefits your company so that you understand the risk-informed process but also, provides you with the knowldege to identify IACS cyber security risks based on your company's goals and objectives.
CYBER-READY® is a systemmatic risk-informed approach for Industrial Automation and Control Systems (IACS) that has been developed with the premise that cyber security risks must be managed to sucessfully achieve and maintain a company's business goals and objectives. The process identifies, assesses, and supports management of IACS cyber security risks for the IACS lifecycle. CYBER-READY® utilizes a methodology which utilizies risk to provide a more relevant, cost-effective and understandable approach to accomodate the uniqueness of IACS cyber security. For example, if the impact of an asset's compromise is acceptable then why spend resources protecting that asset?
Cyber security risks differ from risks within traditional risk managment programs. The ability to realistically estimate the likelihood of of a specific cyber incident is at best argueable so, the traditional risk equation must be re-evaluated for the likelihood of an event. CYBER-READY® utilizes the following risk equation for cyber security:
CYBER SECURITY RISK = (Asset vulnerability to cyber compromise) X (impact of asset compromise)
The program focuses on the business concerns of the company and is easily integrated within existing plant processes with the following unique characteristics:
1) Focuses on what's important and relevant to the enterprise
2) Reflects plant-specific risks and risk tolerances
3) Avoids unnecessary countermeasures
4) Identifies cost saving opportunities