Case Study: Silver Star Mines

Case Study: Silver Star Mines

• fictional operation of global mining company
• large IT infrastructure
• both common and specific software
• some directly relates to health & safety
• formerly isolated systems now networked
• decided on combined approach
• mining industry less risky end of spectrum
• management accepts moderate or low risk

Assets

• reliability and integrity of SCADA nodes and net
• integrity of stored file and database information
• availability, integrity of financial system
• availability, integrity of procurement system
• availability, integrity of maintenance/production system
• availability, integrity and confidentiality of mail services

Threats & Vulnerabilities

• unauthorized modification of control system
• corruption, theft, loss of info
• attacks/errors affecting procurement system
• attacks/errors affecting financial system
• attacks/errors affecting mail system
• attacks/errors maintenance/production affecting system

Risk Register

Summary

• detailed need to perform risk assessment as part of IT security management process
• relevant security standards
• presented risk assessment alternatives
• detailed risk assessment process involves
• context including asset identification
• identify threats, vulnerabilities, risks
• analyse and evaluate risks
• Silver Star Mines case study