October 25, 2023

IACS System Testing and Assessment Rating (STAR) Methodology with Don Weber

Listen Later

39 minutes

Don Weber joins Dale Peterson to describe his IACS STAR Methodology to score the risk of a vulnerability to an ICS (or IACS in 62443-speak). It is a modification of the OWASP Risk Rating Methodology. Don has modified some of the 16-factors to create IACS STAR. The methodology and code is available on GitHub and a calculator is available on line.

Don and Dale discuss:

What Don likes about the OWASP Risk Rating
Potential issues with putting numbers to SME judgment
Differences between IACS STAR and the OWASP Risk Rating
The weighting of the 16 factors
The future of IACS STAR

Links

Slides Discussed In The Show: https://dale-peterson.com/wp-content/uploads/2023/10/IACS-STAR.pdf

IACS STAR GitHub Repo: https://github.com/cutaway-security/IACS_STAR_Methodology

IACS STAR Calculator: https://iacs-star-calculator.com/iacs_star_calculator.html

Cutaway Security Website: https://www.cutawaysecurity.com

ICS-Patch Decision Tree: https://dale-peterson.com/wp-content/uploads/2020/10/ICS-Patch-0_1.pdf

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Unsolicited Response

By Dale Peterson: ICS Security Catalyst and S4 Conference Chair

4.9

1414 ratings

October 25, 2023

IACS System Testing and Assessment Rating (STAR) Methodology with Don Weber

Listen Later

39 minutes

Don Weber joins Dale Peterson to describe his IACS STAR Methodology to score the risk of a vulnerability to an ICS (or IACS in 62443-speak). It is a modification of the OWASP Risk Rating Methodology. Don has modified some of the 16-factors to create IACS STAR. The methodology and code is available on GitHub and a calculator is available on line.

Don and Dale discuss:

What Don likes about the OWASP Risk Rating
Potential issues with putting numbers to SME judgment
Differences between IACS STAR and the OWASP Risk Rating
The weighting of the 16 factors
The future of IACS STAR

Links

Slides Discussed In The Show: https://dale-peterson.com/wp-content/uploads/2023/10/IACS-STAR.pdf

IACS STAR GitHub Repo: https://github.com/cutaway-security/IACS_STAR_Methodology

IACS STAR Calculator: https://iacs-star-calculator.com/iacs_star_calculator.html

Cutaway Security Website: https://www.cutawaysecurity.com

ICS-Patch Decision Tree: https://dale-peterson.com/wp-content/uploads/2020/10/ICS-Patch-0_1.pdf

...more

More shows like Unsolicited Response

Security Now (Audio) by TWiT

Security Now (Audio)

1,966 Listeners

Risky Business by Patrick Gray

Risky Business

359 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

628 Listeners

Hacked by Hacked

Hacked

180 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,014 Listeners

Click Here by Recorded Future News

Click Here

394 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,849 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

167 Listeners

The Industrial Security Podcast by PI Media

The Industrial Security Podcast

20 Listeners

@BEERISAC: OT/ICS Security Podcast Playlist by Anton Shipulin / Listen Notes

@BEERISAC: OT/ICS Security Podcast Playlist

7 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

117 Listeners

(CS)²AI Podcast Show: Control System Cyber Security by Derek Harp

(CS)²AI Podcast Show: Control System Cyber Security

2 Listeners

Ukraine: The Latest by The Telegraph

Ukraine: The Latest

1,753 Listeners

Det Store Bildet by Brandpeople og Bauer Media

Det Store Bildet

10 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

33 Listeners