Knowledge is king and sometimes manufacturers are totally lacking in any understanding of how poor their security posture really is.
Along those lines, Invensys has a new cyber security assessment service to help users understand the risks that might impact the safety and reliability of their operations.
The assessment is a key part of any security best practice program, getting the ball rolling in learning how the user can help ensure critical infrastructure protection and compliance with corporate, industry and/or government mandates.
Performed on-site, the control system assessment provides a baseline of the user’s current security position, and it can be the starting point to develop a strategy to meet the challenges of reducing and managing security risks.
The assessment, which includes the following service elements, allows Invensys to develop a unique and customized approach to addressing security issues:
1. Site and system assessment: A site review and system-specific vulnerabilities. The results of the assessment end up in a report highlighting critical assets, vulnerabilities and risks.
2. Compliance assessment: It addresses compliance status by reviewing operations and processes against required corporate compliance standards.
3. Establish security baseline: This allows a user to gauge progress against current status and operating models for security.
• Comprehensive approach is the vital first step in determining security requirements
• Baseline and benchmark the security of critical assets
• Appropriate and applicable industry standards, government regulations and mandates
• Identification and assessment of the risks that could impact control system operation
• Gap analysis highlights and recommends mitigation necessary to improve security
• Assess policies, procedures and technical measures
• Vendor-neutral and applicable to all control systems and their interconnections