IACS System Testing and Assessment Rating (STAR) Methodology with Don Weber - podcast episode cover

IACS System Testing and Assessment Rating (STAR) Methodology with Don Weber

Unsolicited Response
Oct 25, 202339 minSeason 2023Ep. 32
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Don Weber joins Dale Peterson to describe his IACS STAR Methodology to score the risk of a vulnerability to an ICS (or IACS in 62443-speak). It is a modification of the OWASP Risk Rating Methodology. Don has modified some of the 16-factors to create IACS STAR. The methodology and code is available on GitHub and a calculator is available on line.

Don and Dale discuss:

  • What Don likes about the OWASP Risk Rating
  • Potential issues with putting numbers to SME judgment
  • Differences between IACS STAR and the OWASP Risk Rating
  • The weighting of the 16 factors
  • The future of IACS STAR

Links

Slides Discussed In The Show: https://dale-peterson.com/wp-content/uploads/2023/10/IACS-STAR.pdf

IACS STAR GitHub Repo: https://github.com/cutaway-security/IACS_STAR_Methodology

IACS STAR Calculator: https://iacs-star-calculator.com/iacs_star_calculator.html

Cutaway Security Website: https://www.cutawaysecurity.com

ICS-Patch Decision Tree: https://dale-peterson.com/wp-content/uploads/2020/10/ICS-Patch-0_1.pdf

 

For the best experience, listen in Metacast app for iOS or Android