Apparatus and method for tying cyber-security risk analysis to common risk methodologies and risk levels
First Claim
1. A method to provide an action based on cyber-security risk classifications in an industrial process control and automation system comprising:
- identifying, by a risk manager system, a plurality of connected devices within the industrial process control and automation system that are vulnerable to cyber-security risks;
identifying, by the risk manager system, cyber-security risks in the connected devices;
assigning, by the risk manager system, a risk level to each of the identified cyber-security risks;
for each identified cyber-security risk, comparing by the risk manager system the assigned risk level to a first threshold and to a second threshold based on respective risk zones of the industrial process control and automation system, the first and second thresholds associated with the cyber-security risks in the connected devices, wherein the risks could result in unsafe conditions in the industrial process control and automation system;
based on the comparisons, assigning, by the risk manager system, each identified cyber-security risk to a risk classification;
displaying, by the risk manager system, a user interface that includes a plurality of notifications according to the identified cyber-security risks and the corresponding assigned risk classifications, the plurality of notifications comprising a general notification including a first shape displayed in a first color, a warning notification including a second shape displayed in a second color, and an alert notification including a third shape displayed in a third color, each of the plurality of notifications comprising a display of a number of the identified cyber-security risks for a corresponding one of the assigned risk classifications; and
providing, by the risk manager system, an action based on the displaying of the plurality of notifications to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
This disclosure provides systems and methods for tying cyber-security risk analysis to common risk methodologies and risk levels. A method includes identifying a plurality of connected devices that are vulnerable to cyber-security risks and identifying cyber-security risks in the connected devices. The method includes assigning a risk level to each of the risks and comparing the risk levels to a first threshold and to a second threshold. The method includes assigning each identified cyber-security risk to a risk classification and displaying a user interface that includes a notification according to the identified cyber-security risks and the corresponding assigned risk classifications.
-
Citations
19 Claims
-
1. A method to provide an action based on cyber-security risk classifications in an industrial process control and automation system comprising:
-
identifying, by a risk manager system, a plurality of connected devices within the industrial process control and automation system that are vulnerable to cyber-security risks; identifying, by the risk manager system, cyber-security risks in the connected devices; assigning, by the risk manager system, a risk level to each of the identified cyber-security risks; for each identified cyber-security risk, comparing by the risk manager system the assigned risk level to a first threshold and to a second threshold based on respective risk zones of the industrial process control and automation system, the first and second thresholds associated with the cyber-security risks in the connected devices, wherein the risks could result in unsafe conditions in the industrial process control and automation system; based on the comparisons, assigning, by the risk manager system, each identified cyber-security risk to a risk classification; displaying, by the risk manager system, a user interface that includes a plurality of notifications according to the identified cyber-security risks and the corresponding assigned risk classifications, the plurality of notifications comprising a general notification including a first shape displayed in a first color, a warning notification including a second shape displayed in a second color, and an alert notification including a third shape displayed in a third color, each of the plurality of notifications comprising a display of a number of the identified cyber-security risks for a corresponding one of the assigned risk classifications; and providing, by the risk manager system, an action based on the displaying of the plurality of notifications to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A risk manager system to provide an action based on cyber-security risk classifications in an industrial process control and automation system comprising:
-
a controller; and a display; wherein the controller is configured to; identify a plurality of connected devices within the industrial process control and automation system that are vulnerable to cyber-security risks; identify cyber-security risks in the connected devices; assign a risk level to each of the identified cyber-security risks; for each identified cyber-security risk, compare the assigned risk level to a first threshold and to a second threshold based on respective risk zones of the industrial process control and automation system, the first and second thresholds associated with the cyber-security risks in the connected devices, wherein the risks could result in unsafe conditions in the industrial process control and automation system; based on the comparisons, assign each identified cyber-security risk to a risk classification; present, on the display, a user interface that includes a plurality of notifications according to the identified cyber-security risks and the corresponding assigned risk classifications, the plurality of notifications comprising a general notification including a first shape displayed in a first color, a warning notification including a second shape displayed in a second color, and an alert notification including a third shape displayed in a third color, each of the plurality of notifications comprising a display of a number of the identified cyber-security risks for a corresponding one of the assigned risk classifications; and provide an action based on the presenting of the plurality of notifications to the user. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory machine-readable medium encoded with executable instructions to provide an action based on cyber-security risk classifications in an industrial process control and automation system that, when executed, cause one or more processors of a risk manager system to:
-
identify a plurality of connected devices within the industrial process control and automation system that are vulnerable to cyber-security risks; identify cyber-security risks in the connected devices; assign a risk level to each of the identified cyber-security risks; for each identified cyber-security risk, compare the assigned risk level to a first threshold and to a second threshold based on respective risk zones of the industrial process control and automation system, the first and second thresholds associated with the cyber-security risks in the connected devices, wherein the risks could result in unsafe conditions in the industrial process control and automation system; based on the comparisons, assign each identified cyber-security risk to a risk classification; initiate presentation of a user interface that includes a plurality of notifications according to the identified cyber-security risks and the corresponding assigned risk classifications, the plurality of notifications comprising a general notification including a first shape displayed in a first color, a warning notification including a second shape displayed in a second color, and an alert notification including a third shape displayed in a third color, each of the plurality of notifications comprising a display of a number of the identified cyber-security risks for a corresponding one of the assigned risk classifications; and provide an action based on the presentation of the plurality of notifications to the user. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification