Upcoming Webinar
Presse- und Medienanfragen
Presse- und Medienanfragen
Für alle Presse- und Medienanfragen wenden Sie sich bitte an unser engagiertes Kommunikationsteam:
What You'll Learn
(Key Technical Takeaways):
Misinterpreting Scope & System Definition:
The dangers of defining the System Under Consideration (SuC) too broadly or too narrowly.
Common mistakes in identifying the boundaries, interfaces, and shared resources within an OT environment.
How an inadequate asset inventory (physical and logical) can cripple your assessment.
Flawed Zone & Conduit Delineation:
Beyond the Purdue Model: Why a superficial application of zones and conduits fails to capture granular risks.
Pitfalls in defining trust boundaries, communication paths, and the impact of improper segmentation.
Overlooking "hidden" conduits (e.g., jump servers, shared maintenance networks, IoT devices) and their impact on attack paths.
Inaccurate Threat & Vulnerability Identification:
Reliance on generic IT threats vs. understanding OT-specific attack vectors (e.g., protocol manipulation, PLC code injection, supply chain attacks).
Failing to account for the human element: Insider threats, human error, and social engineering in OT.
Challenges in identifying vulnerabilities in legacy systems, custom firmware, and embedded devices.
Miscalculating Risk & Security Level Targets (SL-T):
Common errors in qualitative vs. quantitative risk scoring methodologies for OT.
The pitfalls of subjective likelihood and consequence ratings without sufficient data or expert input.
Incorrectly deriving or applying Security Level Targets (SL-T) and their impact on control selection.
Why a "one-size-fits-all" approach to SL-T is dangerous in diverse OT environments.
Ineffective Control Selection & Implementation Planning:
Selecting generic controls without tailoring them to specific OT contexts (e.g., real-time constraints, limited processing power, protocol specifics).
The "checkbox compliance" trap: Implementing controls without verifying their actual effectiveness.
Ignoring operational impacts: Implementing security controls that disrupt critical processes or introduce new safety risks.
Poor planning for residual risk acceptance and continuous monitoring.
Underestimating the Role of People & Process:
Failing to engage the right stakeholders (OT engineers, operators, safety personnel) throughout the assessment.
Lack of clear roles, responsibilities, and accountability for cybersecurity.
The "set it and forget it" mentality: Why risk assessments are not a one-time event but a continuous process.
Inadequate documentation and communication of assessment findings.
Kontaktinformationen
E-Mail: info@shieldworkz.com
Industrial Control System Operators and Technicians
Cybersecurity Risk Managers
Compliance and Audit Professionals
IT/OT Convergence Leaders
Anyone involved in designing, implementing, or managing cybersecurity for industrial environments.
Über Shieldworkz
Date: Tuesday, August 20, 2025
Time: 11:00 AM CST
Duration: 60 Minutes (45 Min Panel + 15 Min Q&A)
Speakers: Joshua Deakin & Sharath Acharya
Bitte füllen Sie das Formular aus, um mit unserem Team in Kontakt zu treten, und wir werden Ihnen umgehend helfen, Ihre Anfrage zu bearbeiten.
Kontaktieren Sie uns noch heute!
Presse- und Medienanfragen
Für alle Presse- und Medienanfragen wenden Sie sich bitte an unser engagiertes Kommunikationsteam:
What You'll Learn
(Key Technical Takeaways):
Misinterpreting Scope & System Definition:
The dangers of defining the System Under Consideration (SuC) too broadly or too narrowly.
Common mistakes in identifying the boundaries, interfaces, and shared resources within an OT environment.
How an inadequate asset inventory (physical and logical) can cripple your assessment.
Flawed Zone & Conduit Delineation:
Beyond the Purdue Model: Why a superficial application of zones and conduits fails to capture granular risks.
Pitfalls in defining trust boundaries, communication paths, and the impact of improper segmentation.
Overlooking "hidden" conduits (e.g., jump servers, shared maintenance networks, IoT devices) and their impact on attack paths.
Inaccurate Threat & Vulnerability Identification:
Reliance on generic IT threats vs. understanding OT-specific attack vectors (e.g., protocol manipulation, PLC code injection, supply chain attacks).
Failing to account for the human element: Insider threats, human error, and social engineering in OT.
Challenges in identifying vulnerabilities in legacy systems, custom firmware, and embedded devices.
Miscalculating Risk & Security Level Targets (SL-T):
Common errors in qualitative vs. quantitative risk scoring methodologies for OT.
The pitfalls of subjective likelihood and consequence ratings without sufficient data or expert input.
Incorrectly deriving or applying Security Level Targets (SL-T) and their impact on control selection.
Why a "one-size-fits-all" approach to SL-T is dangerous in diverse OT environments.
Ineffective Control Selection & Implementation Planning:
Selecting generic controls without tailoring them to specific OT contexts (e.g., real-time constraints, limited processing power, protocol specifics).
The "checkbox compliance" trap: Implementing controls without verifying their actual effectiveness.
Ignoring operational impacts: Implementing security controls that disrupt critical processes or introduce new safety risks.
Poor planning for residual risk acceptance and continuous monitoring.
Underestimating the Role of People & Process:
Failing to engage the right stakeholders (OT engineers, operators, safety personnel) throughout the assessment.
Lack of clear roles, responsibilities, and accountability for cybersecurity.
The "set it and forget it" mentality: Why risk assessments are not a one-time event but a continuous process.
Inadequate documentation and communication of assessment findings.
Kontaktinformationen
E-Mail: info@shieldworkz.com
Industrial Control System Operators and Technicians
Cybersecurity Risk Managers
Compliance and Audit Professionals
IT/OT Convergence Leaders
Anyone involved in designing, implementing, or managing cybersecurity for industrial environments.
Über Shieldworkz
Date: Tuesday, August 20, 2025
Time: 11:00 AM CST
Duration: 60 Minutes (45 Min Panel + 15 Min Q&A)
Speakers: Joshua Deakin & Sharath Acharya
Bitte füllen Sie das Formular aus, um mit unserem Team in Kontakt zu treten, und wir werden Ihnen umgehend helfen, Ihre Anfrage zu bearbeiten.
Kontaktieren Sie uns noch heute!
Presse- und Medienanfragen
Für alle Presse- und Medienanfragen wenden Sie sich bitte an unser engagiertes Kommunikationsteam:
What You'll Learn
(Key Technical Takeaways):
Misinterpreting Scope & System Definition:
The dangers of defining the System Under Consideration (SuC) too broadly or too narrowly.
Common mistakes in identifying the boundaries, interfaces, and shared resources within an OT environment.
How an inadequate asset inventory (physical and logical) can cripple your assessment.
Flawed Zone & Conduit Delineation:
Beyond the Purdue Model: Why a superficial application of zones and conduits fails to capture granular risks.
Pitfalls in defining trust boundaries, communication paths, and the impact of improper segmentation.
Overlooking "hidden" conduits (e.g., jump servers, shared maintenance networks, IoT devices) and their impact on attack paths.
Inaccurate Threat & Vulnerability Identification:
Reliance on generic IT threats vs. understanding OT-specific attack vectors (e.g., protocol manipulation, PLC code injection, supply chain attacks).
Failing to account for the human element: Insider threats, human error, and social engineering in OT.
Challenges in identifying vulnerabilities in legacy systems, custom firmware, and embedded devices.
Miscalculating Risk & Security Level Targets (SL-T):
Common errors in qualitative vs. quantitative risk scoring methodologies for OT.
The pitfalls of subjective likelihood and consequence ratings without sufficient data or expert input.
Incorrectly deriving or applying Security Level Targets (SL-T) and their impact on control selection.
Why a "one-size-fits-all" approach to SL-T is dangerous in diverse OT environments.
Ineffective Control Selection & Implementation Planning:
Selecting generic controls without tailoring them to specific OT contexts (e.g., real-time constraints, limited processing power, protocol specifics).
The "checkbox compliance" trap: Implementing controls without verifying their actual effectiveness.
Ignoring operational impacts: Implementing security controls that disrupt critical processes or introduce new safety risks.
Poor planning for residual risk acceptance and continuous monitoring.
Underestimating the Role of People & Process:
Failing to engage the right stakeholders (OT engineers, operators, safety personnel) throughout the assessment.
Lack of clear roles, responsibilities, and accountability for cybersecurity.
The "set it and forget it" mentality: Why risk assessments are not a one-time event but a continuous process.
Inadequate documentation and communication of assessment findings.
Kontaktinformationen
E-Mail: info@shieldworkz.com
Industrial Control System Operators and Technicians
Cybersecurity Risk Managers
Compliance and Audit Professionals
IT/OT Convergence Leaders
Anyone involved in designing, implementing, or managing cybersecurity for industrial environments.
Über Shieldworkz
Date: Tuesday, August 20, 2025
Time: 11:00 AM CST
Duration: 60 Minutes (45 Min Panel + 15 Min Q&A)
Speakers: Joshua Deakin & Sharath Acharya
Bitte füllen Sie das Formular aus, um mit unserem Team in Kontakt zu treten, und wir werden Ihnen umgehend helfen, Ihre Anfrage zu bearbeiten.
Kontaktieren Sie uns noch heute!
Meet the Panel Experts
