Podcast: Unsolicited Response (LS 34 · TOP 5% what is this?)
Episode: IACS System Testing and Assessment Rating (STAR) Methodology with Don Weber
Pub date: 2023-10-25

Don Weber joins Dale Peterson to describe his IACS STAR Methodology to score the risk of a vulnerability to an ICS (or IACS in 62443-speak). It is a modification of the OWASP Risk Rating Methodology. Don has modified some of the 16-factors to create IACS STAR. The methodology and code is available on GitHub and a calculator is available on line.

Don and Dale discuss:

• What Don likes about the OWASP Risk Rating
• Potential issues with putting numbers to SME judgment
• Differences between IACS STAR and the OWASP Risk Rating
• The weighting of the 16 factors
• The future of IACS STAR

Links

Slides Discussed In The Show: https://dale-peterson.com/wp-content/uploads/2023/10/IACS-STAR.pdf

IACS STAR GitHub Repo: https://github.com/cutaway-security/IACS_STAR_Methodology

IACS STAR Calculator: https://iacs-star-calculator.com/iacs_star_calculator.html

Cutaway Security Website: https://www.cutawaysecurity.com

ICS-Patch Decision Tree: https://dale-peterson.com/wp-content/uploads/2020/10/ICS-Patch-0_1.pdf

 

The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.