应对运营风险中的后果：为什么威胁和安全并不那么重要.pdf

1、Addressing Consequence within Operational RiskWhy threats and security are just not that important2024 Aviation Cybersecurity Conference O.T.Gagnon III(Ollie),CISSP,CPP,PSPChief Homeland Security AdvisorIdaho National Laboratory Transportation-Aviation-Airport Dependency Profile(What is the most imp

2、ortant airport infrastructure?)Image source:INL.gov*Source:https:/www.cisa.gov/what-are-dependenciesElements of Risk Threat:A natural or manmade occurrence,individual,entity,or action that has or indicates the potential to harm.Vulnerability:A physical feature or operational attribute that renders a

3、n entity open to exploitation or susceptible.Consequence:The effect of an event,incident,or occurrence.Can your team list the top three critical systems,including their priorities,cyber and physical dependencies(internal/external),degree of IT/OT convergence,key stakeholders(internal/external),and t

4、he incident response and recovery plans?How well do you know your operational risks?Vulnerabilities Operational RiskThreatsConsequencesOperational RiskConsequences Captures“the uncertainties and hazards a company faces when it attempts to do its day-to-day activities.”Results from“breakdowns in inte

5、rnal procedures,people,and systems,”and focuses on“how things are accomplished within an organization.”Determined by analyzing the consequences,vulnerabilities,and threats within its procedures,workforce,and systems.ThreatsOperational RiskVulnerabilities Before an organization can consider vulnerabi

6、lities within and threats to its operations,it must first have a solid understanding of the consequences existing inside its infrastructure environment.Operational Risk(cont.)HumanCyberPhysicalConsiderations:Infrastructure vs.Critical Infrastructure Security vs.Resilience Dependency vs.Interdependen