public

START WITH DOCUMENTATION: The essentials of a Cybersecurity Management System

It is important to understand that maintaining and operating a Cybersecurity Management System (CSMS) is not a one-time event. It is a continuous process that relies on the development of a culture of Cybersecurity.

a month ago

Latest Post RDP - What are the risks? Why am I using it? by Sean R Bouchard public

The first step in improving a process is understanding what you have. We work closely with clients to audit their industrial operations to build documentation that effectively represents a baseline for improvements and a snapshot of their systems today. This essential documentation includes not only the devices attached but information about how they are accessed, what they interact with, how they are interacted with and who interacts with them.

With baseline documentation in place, the next step is to produce high-level and then detailed level assessments. These assessments help provide key stakeholders with the information required to determine a level of acceptable risk and guide the process of developing a Cybersecurity Management System.

It is important to understand that maintaining and operating a Cybersecurity Management System (CSMS) is not a one-time event. It is a continuous process that relies on the development of a culture of Cybersecurity. Based on the acceptable level of risk, each component of the CSMS must be refined and implemented differently. Generally, a CSMS contains the following components:

Cybersecurity Management System (CSMS)

The components of a CSMS work hand in hand with a multi-layered approach to defense, commonly referred to as Defense in Depth.

1.     Physical Security

2.     Policies & Procedures

3.     Zones & Conduits

4.     Malware Prevention

5.     Access Controls

6.     Monitoring & Detection

7.     Patching

The recommendations and implementation of these layers varies largely based on your appetite for risk and available budget. A common and typical approach that we recommend is a staged implementation. It is important to look at the system as a whole--avoid the shiny brochure for the magic bullet, there is none. Implementing a CSMS requires careful coordination with available budgets and can typically be implemented into an existing modernization plan.

Want to get started?   Contact us today

Want to learn more about understanding risks?

High Level Risk Assessment - ISA/IEC 62443 - Water and Wastewater
Understanding the risks is the first step in planning to protect against the risks.
Sean R Bouchard

Published a month ago