Braband, JensMeier, MichaelReinhardt, DelphineWendzel, Steffen2017-06-212017-06-212016978-3-88579-650-3Recently, a novel approach towards semi-quantitative IT security risk assessment has been proposed in the draft IEC 62443-3-2. This approach is analyzed from several different angles, e.g. embedding into the overall standard series, semantic and methodological aspects. As a result, several systematic flaws in the approach are exposed. As a way forward, an alternative approach is proposed which blends together semi-quantitative risk assessment as well as threat and risk analysis.enText/Conference Paper1617-5468