Why ISA/IEC 62443 Risk Assessment should be the first step in your OT Security program

November 13, 2024 @ 15:10 - 15:45

  • Main Track

About Session

Technical Level: Intermediate

ISA/IEC 62443 is all about risk management. But we see from experience that the risk assessment process is often neglected, and people jump straight to securing their systems with a security level that might be based on the wrong context, that could potentially have a serious impact on its effectiveness. From asset inventory to zones & conduits, security levels, and how to meet them, the ISA/IEC 62443 standard has a lot of technical and organizational requirements with multiple stakeholders. Doing the steps in the correct order might have several benefits as your organization matures within the field of security. Some examples are budgeting, planning, maintenance and supply chain management. We will go through the process on where to start using ISA/IEC 62443-3-2 for securing your industrial control systems using real world examples, that could benefit the community to better understand the “complexity” of the standard. And we will touch upon how this specific part of the standard(s) is tied to other parts such as the 3-3, 4-2 and 2-1, and of course some use cases towards existing security technologies once you have the basics in place.


Tommy Evensen

Tommy Evensen

Director, Omny AS