aeSolutions’ Cyber Risk Assessment Process

Video Overview of the aeCyberPHA Cyber Risk Assessment Methodology

This video shows a good walk through our unique cyber-safety risk assessment methodology that we call aeCyberPHA®. The method links realistic threat scenarios with known vulnerabilities and existing countermeasures and couples that with credible consequences from the PHA to determine cyber risk. Our risk-based approach to developing your cybersecurity program relies on network assessments from level 0 to level 4, zone and conduit diagrams, and gap assessments utilizing existing policies, procedures, and industry benchmarking.

John Cusimano presents on “Cyber Process Hazards Analysis (PHA) to Assess ICS Cybersecurity Risk” at the S4x17 conference.

Cyber Process Hazards Analysis (PHA) to Assess ICS Cybersecurity Risk

A great session to understand basic safety risk management philosophy and methodology, and then to learn how to adapt it to address cyber related risk.

John Cusimano of aeSolutions brings a lot of PHA and cyber PHA consulting experience and Chris Da Costa of Air Products discusses it from an asset owner perspective. A few highlights:

4:25 How good is good enough with regards to security
19:10 A Cyber PHA worksheet example
20:15 Risk is risk to management. Quantify cyber risk and address it like any other risk

John Cusimano featured on “Getting a Handle on Consequences” presented at the S4x19 conference.

S4: Getting a Handle on Consequences (trimmed)

John Cusimano, vice president of cybersecurity at aeSolutions, was recently featured in a panel at the S4X19 conference exploring the strengths and benefits of conducting a Cyber Process Hazard Analysis (CyberPHA) or Consequence-driven Cyber-informed Engineering (CCE) process. A recent article on highlighted some takeaways from that panel: