Video Overview of the aeCyberPHA Cyber Risk Assessment Methodology
This video shows a good walk through our unique cyber-safety risk assessment methodology that we call aeCyberPHA®. The method links realistic threat scenarios with known vulnerabilities and existing countermeasures and couples that with credible consequences from the PHA to determine cyber risk. Our risk-based approach to developing your cybersecurity program relies on network assessments from level 0 to level 4, zone and conduit diagrams, and gap assessments utilizing existing policies, procedures, and industry benchmarking.
Cyber Process Hazards Analysis (PHA) to Assess ICS Cybersecurity Risk
A great session to understand basic safety risk management philosophy and methodology, and then to learn how to adapt it to address cyber related risk.
John Cusimano of aeSolutions brings a lot of PHA and cyber PHA consulting experience and Chris Da Costa of Air Products discusses it from an asset owner perspective. A few highlights:
4:25 How good is good enough with regards to security
19:10 A Cyber PHA worksheet example
20:15 Risk is risk to management. Quantify cyber risk and address it like any other risk
S4: Getting a Handle on Consequences (trimmed)
John Cusimano, vice president of cybersecurity at aeSolutions, was recently featured in a panel at the S4X19 conference exploring the strengths and benefits of conducting a Cyber Process Hazard Analysis (CyberPHA) or Consequence-driven Cyber-informed Engineering (CCE) process. A recent article on isssource.com highlighted some takeaways from that panel: