When first entering the security program development process, we should be mostly concerned with uncovering architectural or fundamental flaws in the system design. These are issues found in technical area 1 - ICS Network Architecture - of the policy discussion activities. By addressing these fundamental issues first, the path is cleared to unveil more nuanced risk.
A gap analysis, involving a network architecture drawing review can function as a first-pass, initial risk assessment. It can uncover potential high-impact or low-hanging fruit mitigation efforts as well as reveal any glaring system-level vulnerabilities and/or ...