SANS 5 ICS Critical Controls for Oil and Natural Energy - Control 5 - Risk-Based Vulnerability Management
This 5th and final control involves understanding which cyber digital controls are deployed and what device operating conditions aid in risk-based vulnerability management decisions to patch vulnerabilities. This enables appropriate safety-informed mitigations to the impact and monitoring for possible attack exploitation internal to the control network.
Oil and natural energy consideration—Passively (safely) leverage control network traffic analysis to discover unpatched engineering asset vulnerabilities and prioritize mitigation and patching based on exploitability, while planning to mitigate high-rated vulnerabilities in upcoming scheduled downtime or maintenance windows.
Watch All Parts in This Series:
