On page 24 of the Generic SCADA Risk Management Framework, there is an example of a threat /risk assessment which is part of a risk management program. Using any ONE of the case-study incidences from the following,
Blackout of 2003
Bellingham incident
Maroochy Shire Sewage Spill case study
Davis-Besse Nuclear Power Plant
please create a threat matrix (See example below). Your assessment must include what you feel is the threat to the incident you selected with the following columns:
Asset ID: (select at minimum 4 asset ID’s, for example, People, Process and Software (which become your rows), Vulnerability, Consequence (your rating), Likelihood and Treatment (Mitigation).
Example Matrix:
|
Asset ID |
Vulnerability |
Consequence |
Likelihood |
Treatment |
|
People |
|
|
|
|
|
Software |
|
|
|
|
|
Process |
|
|
|
|
Your matrix must be filled out so that a risk assessment/mitigation strategy for identified asset is clearly stated with relevant information.
No responses yet