In this episode, we explore the concept of Calculated Risk Rating (CRR) and its importance in OT cybersecurity. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests – Zachary Woltjer, Cyber Data Analyst at Verve, and Lance Lamont – as they discuss how to prioritize and address vulnerabilities in industrial environments.
Key Takeaways
- Calculated Risk Rating helps tailor cybersecurity solutions to specific industrial environments
- CRR considers both the impact and likelihood of vulnerabilities being exploited
- The approach helps organizations prioritize their limited resources for maximum security benefit
- Trust between cybersecurity providers and industrial operators is crucial for effective risk management
- Active asset inventory solutions provide richer data for more effective risk mitigation strategies
Timestamps
00:00 – Introduction and sound check
01:00 – Introduction of guest Zachary Woltjer
02:50 – Explanation of Calculated Risk Rating (CRR)
06:21 – Importance of contextualizing vulnerability information
09:47 – Discussion on EPSS (Exploit Prediction Scoring System)
12:43 – Identifying “crown jewels” in industrial environments
18:48 – Process of assigning criticality and likelihood ratings
26:50 – Importance of defense in depth strategies
31:01 – How Verve’s teams work together to implement CRR
35:56 – Benefits of active asset inventory solutions
42:35 – Conclusion and outtro
Guest Information
Zachary Woltjer: Cyber Data Analyst on the Customer Success team at Verve Industrial
Lance Lamont: Creator and Explorer at Verve Industrial Protection, leading the research team in exploring OT devices and their security.
Subscribe
Get in Touch