Abstract: This disclosure provides an infrastructure monitoring tool, and related systems and methods, for collecting industrial process control and automation system risk data, and other data. A method includes discovering multiple devices in a computing system by a risk manager system. The method includes grouping the multiple devices into multiple security zones by the risk manager system. The method includes, for each security zone, causing one or more devices in that security zone to provide information to the risk manager system identifying alerts and events associated with the one or more devices. The method includes storing the information, by the risk manager system, in association with unique identifier values, the unique identifier values identifying different types of information.

Abstract: This disclosure provides an apparatus and method for automatic handling of cyber-security risk events and other risk events. A method includes detecting, by a monitoring system, a first event associated with a device in a computing system. The method includes initializing a risk item corresponding to the first event, and setting the risk item to a full risk value, in response to detecting the event. The method includes determining whether a second event, corresponding to the first event, has been detected. The method includes altering the risk value over time in response to determining that no second event has been detected. The method includes determining if the risk value for the risk item has passed a threshold. The method includes clearing the event in response to the risk value passing the threshold.

Abstract: A method includes obtaining information defining a custom rule from a user. The custom rule is associated with a cyber-security risk. The custom rule identifies a type of cyber-security risk associated with the custom rule and information to be used to discover whether the cyber-security risk is present in one or more devices or systems of an industrial process control and automation system. The method also includes providing information associated with the custom rule for collection of information related to the custom rule from the one or more devices or systems. The method further includes analyzing the collected information related to the custom rule to identify at least one risk score associated with the one or more devices or systems and/or the industrial process control and automation system. In addition, the method includes presenting the at least one risk score or information based on the at least one risk score.

Abstract: This disclosure provides an infrastructure monitoring tool, and related systems and methods, for collecting industrial process control and automation system risk data, and other data. A method includes discovering multiple devices in a computing system by a risk manager system. The method includes grouping the multiple devices into multiple security zones by the risk manager system. The method includes, for each security zone, causing one or more devices in that security zone to provide information to the risk manager system identifying alerts and events associated with the one or more devices. The method includes storing the information, by the risk manager system, in association with unique identifier values, the unique identifier values identifying different types of information.

Abstract: This disclosure provides a technique for using infrastructure monitoring software to collect cyber-security risk data. A method includes sending first information from a risk manager system to a plurality of agents each associated with a respective device in a computing system. The first information is associated with one or more risk-monitoring configurations. The method includes receiving second information by the risk manager system from the agents. The second information identifies identified vulnerabilities and events associated with the respective devices. The method includes storing and displaying to a user at least one of the second information and an analysis of the second information.

Abstract: This disclosure provides an apparatus and method for automatic handling of cyber-security risk events and other risk events. A method includes detecting, by a monitoring system, a first event associated with a device in a computing system. The method includes initializing a risk item corresponding to the first event, and setting the risk item to a full risk value, in response to detecting the event. The method includes determining whether a second event, corresponding to the first event, has been detected. The method includes altering the risk value over time in response to determining that no second event has been detected. The method includes determining if the risk value for the risk item has passed a threshold.

Abstract: This disclosure provides a rules engine for converting system-related characteristics and events into cyber-security risk assessment values, including related systems and methods. A method includes receiving information identifying characteristics of multiple devices in a computing system and multiple events associated with the multiple devices. The method includes analyzing the information using multiple sets of rules. The method includes generating at least one risk assessment value based on the analyzing. The at least one risk assessment value identifies at least one cyber-security risk of the multiple devices. The method includes displaying the at least one risk assessment value in a user interface.

Abstract: A system and method for managing the activities of a process. The system includes a first computer that uses standard control classes to manage the activities according to a standard control strategy. A second computer is used by a user to input custom data. A custom application program uses the custom data to automatically develop a customized control strategy as a custom class that operates as an inherited class of a base class of the standard classes to augment the standard control strategy with the customized control strategy in the management of the activities.

Abstract: There is disclosed an apparatus for automatically creating an original source code segment to insert into system program source code. The apparatus comprises: (1) a database coupled to at least one external data source and the database is capable of receiving external data source parameters as input data, (2) an interactive help application that is capable of utilizing parameters from the database to form program source code variables, and (3) a source code generator that is coupled to both the database and the interactive help application, wherein the source code generator is capable of automatically generating a final version of the source code portion and inserting the new code in the appropriate location in the program source code.