A Calculated Risk | OT After Hours, An OT Security Podcast
Verve is now Rockwell Automation SecureOT - Podcast recorded Pre-Acquisition
In this episode, we explore the concept of Calculated Risk Rating (CRR) and its importance in OT cybersecurity. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests – Zachary Woltjer, Cyber Data Analyst at Verve, and Lance Lamont – as they discuss how to prioritize and address vulnerabilities in industrial environments.
Key Takeaways
-Calculated Risk Rating helps tailor cybersecurity solutions to specific industrial environments
-CRR considers both the impact and likelihood of vulnerabilities being exploited
-The approach helps organizations prioritize their limited resources for maximum security benefit
-Trust between cybersecurity providers and industrial operators is crucial for effective risk management
-Active asset inventory solutions provide richer data for more effective risk mitigation strategies
Timestamps
00:00 – Introduction and sound check
01:00 – Introduction of guest Zachary Woltjer
02:50 – Explanation of Calculated Risk Rating (CRR)
06:21 – Importance of contextualizing vulnerability information
09:47 – Discussion on EPSS (Exploit Prediction Scoring System)
12:43 – Identifying "crown jewels" in industrial environments
18:48 – Process of assigning criticality and likelihood ratings
26:50 – Importance of defense in depth strategies
31:01 – How Verve's teams work together to implement CRR
35:56 – Benefits of active asset inventory solutions
42:35 – Conclusion and outtro
Guest Information
Zachary Woltjer: Cyber Data Analyst on the Customer Success team at Verve Industrial
Lance Lamont: Creator and Explorer at Verve Industrial Protection, leading the research team in exploring OT devices and their security.