METHOD FOR ASSESSING AND MANAGING SECURITY RISK FOR SYSTEMS

摘要

A method for assessing and managing security risks in an iterative fashion. The method is adaptable for use in virtually any system that has embedded targets that are accessible to a security threat. A particular adaptation includes use of the method to secure risks in the food manufacturing, production, processing and distribution industries. Using the inventive process, a risk to the system exists if a threat has access to a security target. The method provides an iterative process by which the system is initially divided into discrete and manageable sections and all known security targets are identified within each section. Then, on a section-by-section basis all known threats to each individual target are identified and it is determined whether the individual threat has access to the associated target. lf access is present, a risk level is assigned and, ultimately, mitigated. When all sections are secure, the entire system is deemed secure.