Risk Management Requires Effective Collaboration
- You need to have a holistic picture of how everything in the OT environment works to truly understand the full range of vulnerabilities that may exist.
- An engineer will always be able to provide a logical explanation as to why an asset was configured in a particular way, but at the end of the day you still need to make a calculation as to the risk it poses.
“You need to understand how your assets are architected because that becomes important when you do risk and vulnerability assessments.”
As information security manager at North Oil Company in Qatar, Craig Morris is currently focused on leading the company’s information security strategy and governance for enterprise and IT/OT systems.