Hi Experts,
Anyone configured Risk Assessment Methodologies to assess OT Risks?
The methodology should compramise with Business Impact Assessment (not BIA in BCM module) and Control Assessment.
BIA is asking the the consequence types such as Business Interruption, Environmental, Health, Safety & Security and the Impact Rating to be provided from 1-5. Based on this Target Security Level (TSL1, TSL2, TSL3 or TSL4) to be updated.
In control assessment, every control should have ASL value (which populated from the answers received for Control Attestation). In addition to that, Control Effectiveness also will be selected by Assessor.
The Risk Rating to be populates from BIA and Control Assessment.
Any idea or any one aleady configured RAM for these kind of scenarios?
