Managing IT/OT Cyber Risk in a Large Multinational Firm Using NIST, IEC62443, ISO2700 & More

Wednesday, October 16, 2024

9:20am – 10:20am PT

Location: Roman I

CPE Credits 1

Speaker(s)

Sandra A. Taylor, CCSP CISM CRISC CDPSE ISA/IEC 62443 Cyber Security Expert

Principal
Cyber Critical Solutions Ltd., Canada

In this session, our speaker will explain how cyber risk for both IT and OT (IACS) can be managed enterprise-wide based on one consolidated Cyber Security Governance Framework, comprised of two main elements -- a cybersecurity risk management process and an integrated control framework.

The presenter will explain the main elements of the cyber risk management process and how it can be applied to both IT and OT, reflecting a risk-based approach while at the same time meeting the compliance requirements of various standards and regulations, both global and country-specific. The control framework includes multiple relevant standards such as NIST, IEC/ISA 62443, ISO27001+, multiple countries’ data protection standards (e.g. EU, UK, Canada, Australia, etc), OWASP and PCI DSS

Learning Objectives:

Describe how to create a GRC framework for cybersecurity risk governance and management that can be applied to both IT and OT (IACS), while addressing multiple standards and diverse country and industry requirements.
Describe how multiple cyber regulatory requirements can be incorporated into the governance framework efficiently and flexibly to accommodate the dynamic and expanding regulatory environment, while minimizing duplication.
Describe how both IT and OT cyber risk can be managed by one integrated governance framework across the enterprise, enabling consistent risk management, assessment and reporting against a growing number of requirements including national critical infrastructure.