They say “knowledge is power.” Therefore, knowing what assets you have, knowing where your vulnerabilities are (and fixing them), and knowing how to handle an incident and respond when your assets are compromised and vulnerabilities are exploited would seem to be a powerful advantage in cyber risk management. We know these are not the only programs for a successful ICS cyber risk management strategy, but one could argue they are foundational. In case you missed it, we cover all that and more in WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities. However, we are not the only ones passionate about ICS cyber risk management. As such, we found three recent posts by industrial cybersecurity experts that discuss each program in more detail.

1. For more on knowing what assets you have, read What is OT/ICS Asset Management? by Ralph Langner.
2. Not sure what to do with the results of your vulnerability assessment, Verve Industrial’s So Your Vulnerability Assessment is Finished… Now What? might have a tip or two.
3. Not to be cliché, but it is not if, but when you will need to respond to a cybersecurity incident. Preparing for Incident Handling and Response in ICS by Dragos is sure to help with incident response planning.