In this episode, we explore the concept of Calculated Risk Rating (CRR) and its importance in OT cybersecurity. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests – Zachary Woltjer, Cyber Data Analyst at Verve, and Lance Lamont – as they discuss how to prioritize and address vulnerabilities in industrial environments. Key Takeaways Calculated Risk Rating helps tailor cybersecurity solutions to specific industrial environments CRR considers both the impact and likelihood of vulnerabilities being exploited The approach helps organizations prioritize their limited resources for maximum security benefit Trust between cybersecurity providers and industrial operators is crucial for effective risk management Active asset inventory solutions provide richer data for more effective risk mitigation strategies Timestamps 00:00 – Introduction and sound check 01:00 – Introduction of guest Zachary Woltjer 02:50 – Explanation of Calculated Risk Rating (CRR) 06:21 – Importance of contextualizing vulnerability information 09:47 – Discussion on EPSS (Exploit Prediction Scoring System) 12:43 – Identifying "crown jewels" in industrial environments 18:48 – Process of assigning criticality and likelihood ratings 26:50 – Importance of defense in depth strategies 31:01 – How Verve's teams work together to implement CRR 35:56 – Benefits of active asset inventory solutions 42:35 – Conclusion and outtro Guest Information Zachary Woltjer: Cyber Data Analyst on the Customer Success team at Verve Industrial Lance Lamont: Creator and Explorer at Verve Industrial Protection, leading the research team in exploring OT devices and their security. Subscribe Follow and Subscribe Get in Touch LinkedIn | YouTube | Twitter/X | Contact Verve

Ver todos los episodios