Keeping an ICS security program and accompanying risk management activities accurate and up-to-date requires a cyclic sequence of activities:
The illustrated activities are:
- Assessing risk: To verify the completeness of the applied security controls and mitigation and to assess against the newest standards and policies, re-occurring risk assessment should be scheduled. The assessment can become increasingly more involved as the overall security program evolves to uncover more detailed and harder-to-spot vulnerabilities. A risk assessment should be completed once a ...