Can you answer these questions ?

  • What would happen, if… ?

  • How would you discover it… ?

  • How big would the consequences be… ?

  • How vulerable are we really… ?

  • Who is doing what, if… ?

If you can’t answer those questions, SecuriOT can help you to get the overview and make the right decisions.

SecuriOT uses various security standards and “guidelines” to ensure that the value of the assessment for the customer. Our “findings” can be used in the risk assessment.

There are a number of different standards within the ICS-area today. We will find the right reference model together with you.

In SecuriOT we primarily work with NIST Cyber security Framework, ISO27001 and ISA62443 as well as various Danish guides for specific industries.

Technical Risk Assessment

SecuriOT offers a technical risk assessment of your ICS systems. The primary focus areas will be:

  • Technical review of your ICS network and ICS architecture with a focus on structure and configuration
  • Network and protocols between business IT and ICS systems
  • Review of Firewall setup
  • Valuation of connections to and from IT environments and 3rd party networks
  • Security and “hardening” of ICS devices (PLC, Scada, HMI, etc.)
  • Mapping known vulnerabilities in the products and solutions used

Inputs to this analysis are:

  • Physical network drawings
  • “Discovery” tools that can draw a”real-life”-image of the network and associated assets
  • Interview with relevant persons
  • Physical review of locations

Customer value:

  • Risk assessment of the technical setup
  • Recommendations for “hardening” of networks, systems and units
  • Heatmap with recommendations for changes in setup

Phased approach:

Phase 1: Start-up workshop:

  • What are the “scope”, success criteria and identification of responsibility for this assessment?
  • Any pre-requested tasks before starting up the project?
  • A timetable for the project?

Phase 2: Data collection and information

  • Collection of data is initiated by SecuriOT’s employees in collaboration with the responsible persons at the client

Phase 3: Report preparation

  • Analysis of “findings” is carried out and a report is prepared

Phase 4: Presentation

  • SecuriOT will review the report for the customer’s representatives

An Assessment takes 4 days depending on size and “scope”.

SecuriOT offers a process risk assessment in relation to your ICS systems.

The primary focus areas will be:

  • The internal processes of risk management in company
  • Ownership of processes and  definition of responsibilities for system owners
  • Process for discovering new found vulnerabilities and associated risk assessment
  • Process for ongoing updates and patching
  • Access rights management in terms of access to ICS systems (Both internal “admin” rights and external users)
  • Continguity and recovery plans in relation to ICS systems
  • Definition af responsibility and cowork between departments working with business-IT and Production-IT (ICS systems) respectively.

Input to these analysis is:

  • Interview with relevant persons
  • Documentation for procedures and processes.

Output and value for customer:

  • Risk assessment
  • Gap analyses in the customer current working with Security aspects vs. future needs/requirements.
  • Heatmap with recommendations to improve exsisting processes.

Fased approach:

Phase 1: Start-up workshop:

  • What are the “scope”, success criteria and identification of responsibility for this assessment?
  • Any prerequested tasks before starting up the project?
  • Timetable for the project?

Phase 2: Data collection and information

  • Collection of data is initiated by SecuriOT’s employees in collaboration with the client’s responsible

Phase 3: Report preparation

  • Analysis of “findings” is carried out and a report is prepared.

Phase 4: Presentation

  • SecuriOT will review the report for the customer’s representatives

An Assessment takes 3 days depending on size and “scope”

Both approaches provide an important visibility that is useful for your business.

SecuriOT will deliver actionable recommendations to you, which ensure a solid impact of the recommendations.