BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsides-cymru-2023-2022//speaker//79AJ89
BEGIN:VEVENT
UID:pretalx-bsides-cymru-2023-2022-QKGJMM@pretalx.com
DTSTART:20230211T111500Z
DTEND:20230211T112500Z
DESCRIPTION:Dependency modelling (DM) is a standardised approach proposed b
 y the Open standard Institute as a methodology to manage risk and build tr
 ust between inter-dependent enterprises .  This approach aligns with the N
 ational Cyber Security Centre (NCSC)’s advocacy of system-driven risk an
 alysis.  measures risk as the degree of uncertainty - uncertainty that a s
 ystem will be at a required (desired) state. DM is expressed as the probab
 ility of achieving the desired state of a goal and how it is impacted by t
 hings beyond the control\, predictability or understanding of the system/p
 rocess owner. These probabilities of events (nodes) change when the probab
 ilities of some other events change. However\, there exist limitations in 
 the current expressions of DM that hinder its complete adaptation for risk
  identification in a complex environment such as ICS. This research invest
 igates how the capability of DM could be extended to address the identifie
 d limitations and proposes additional variables to address phenomena that 
 are unique to ICS environments. The proposed extension is built into a sys
 tem-driven\, ICS dependency modeller\, and we present an illustrative exam
 ple using a scenario of a generic ICS environment. We reflect that the pro
 posed technique supports an improvement in the initial user data input in 
 the identification of areas of risk at the enterprise\, business process\,
  and technology levels.
DTSTAMP:20260421T141851Z
LOCATION:Track 2  -  Foxhunter
SUMMARY:Extending the capabilities of Dependency Modelling for Risk Identif
 ication in an ICS environment - Ayo Rotibi
URL:https://pretalx.com/bsides-cymru-2023-2022/talk/QKGJMM/
END:VEVENT
END:VCALENDAR