[Watch Now] Operationalized Risk Management in OT
Last week we've talked with Paul Gaynor from Radiflow on the topic of operationalized risk management in OT, especially in the context of NIS2. Listen him in the webinar excerpt below.
Paul touched on several important topics.
First, risk management is a cyclical process involving diverse stakeholders, both tech and non-tech people. That's why communication with a broad audience is a key aspect of the process.
And NIS2 is making this even more relevant by involving management and emphasizing its pivotal role - approving measures, supervising implementation, and ensuring accountability, up to a level of personal liability and fines in case of non-compliance.
Second, to adapt companies need to operationalize risk management: automate data collection and asset visibility, align with standards like IEC 62443, define zones and systems under consideration, and understand impact/likelihood of adverse events for each zone.
Ultimately, the goal is minimizing risk by balancing between wastefulness and negligence, which involves targeted and reasonable measures, prioritizing resources, continuously monitoring and communicating risk status to all stakeholders.
More in the short excerpt video from our last week's webinar: