Applying FAIR to OT
Justin Turner
S4x24 - ICS Security Conference · Day 2 · Stage 2
In this insightful talk from S4, Justin Turner delves into the critical subject of **cyber risk quantification** within **Operational Technology (OT)** environments, specifically advocating for the adoption of the **FAIR (Factor Analysis of Information Risk)** framework. The presentation addresses a fundamental challenge faced by security professionals: translating complex, technical cybersecurity risks into tangible financial impacts that resonate with business leadership. Turner highlights the inadequacy of traditional, qualitative risk assessments ("impact times likelihood") when confronted with the need for concrete financial figures, a requirement increasingly underscored by regulatory mandates like the SEC cyber disclosure rules.
AI review
This talk by Justin Turner effectively advocates for the FAIR framework as a critical tool for cyber risk quantification in Operational Technology (OT) environments. It articulates the shortcomings of traditional qualitative risk assessments and demonstrates how FAIR's structured approach translates complex OT risks, from physical damage to operational downtime, into tangible financial impacts. The emphasis on financial quantification for business leaders and regulatory compliance (like SEC disclosures) provides immense practical value, making it a highly actionable session for OT security…