Cyber Process Hazards Analysis (PHA) to Assess ICS Cybersecurity Risk
A great session to understand basic safety risk management philosophy and methodology, and then to learn how to adapt it to address cyber related risk.
John Cusimano of aeSolutions brings a lot of PHA and cyber PHA consulting experience and Chris Da Costa of Air Products discusses it from an asset owner perspective. A few highlights:
4:25 How good is good enough with regards to security
19:10 A Cyber PHA worksheet example
20:15 Risk is risk to management. Quantify cyber risk and address it like any other risk
S4: Getting a Handle on Consequences (trimmed)
John Cusimano, vice president of cybersecurity at aeSolutions, was recently featured in a panel at the S4X19 conference exploring the strengths and benefits of conducting a Cyber Process Hazard Analysis (CyberPHA) or Consequence-driven Cyber-informed Engineering (CCE) process. A recent article on isssource.com highlighted some takeaways from that panel: