ICS cyber security supply chain risk management initiatives sparked by NERC CIP and other compliance frameworks are the rage. The security industry has come to the rescue with a menu of solutions each promising to have the perfect security questionnaire so you can gather the information needed to manage supply chain risk.
Sadly, we all know questionnaires don’t really help you manage ICS security risk. But what if they could? What would you ask if you could only ask 10 questions?
In this session we propose a new approach to ICS security questionnaires. Questions are quick to the point with specific context to reference architecture and defensive objectives. The presentation will deep dive on a few questions for emphasis on generating actionable information with minimal friction.