Patent attributes
An overall cyber security risk diagram is generated from a hierarchy of determined KPI's by combining a Procedures and Protocol KPI determined from values assigned to answers to questions presented to organization personnel implementing a control systems, with a Group Security Policies KPI that is determined from system-wide policy information and settings of the automation system by an automated processing device tool, and a Computer Settings KPI determined from device setting data collected from individual system devices by the automated processing device tool and relevant to cyber security. The device setting data comprises service areas unique to each device that are not assessable by review of the domain data collected and used to determine the Group Security Policies KPI. Each level of the hierarchy of determined KPI's may be used to generate a representation of relative risk of a cyber-security attribute.