A holistic approach to continuous improvement of cyber security
ICT has developed a holistic approach to continuously improving the cyber security measures of your organisation. By regularly following the five steps of our approach, the security of your organisation will always be at the required level.
Step 1: Identify
In today’s world every company is aware that (cyber) security risks are very real and need to be dealt with. However, the question is: where do you begin? And how do you know that you are taking the appropriate actions without overspending valuable time, resources and money? Cyber security is not all about technical vulnerabilities; there are other aspects which are often overlooked.
During this step, our specialists perform scans of the organisation and technology used in order to obtain insight into the existing security level. These scans take into account the following three critical aspects of an organisation: People, Processes and Technology.
Step 2: Select
The Select step consists of creating an overview of all risks (the risk register), as well as qualifying and possibly quantifying each risk (probability x impact, for example financial damage and/or damaged reputation). Risks can be strategic or operational. Depending on the risk policy of the company concerned, risks can be accepted, mitigated, or transferred. Our specialists will define possible countermeasures with an estimation of the costs involved. This information can be used to make decisions on the actions to be taken in the short and the long term (balance between costs and risks). The possible countermeasures and the decisions taken are documented and the appropriate actions are planned.
Step 3: Protect
Once the risk register is established, the cyber security process continues by periodically evaluating the progress of the countermeasures that have been implemented, as well as any new threats and new vulnerabilities that may have appeared. This risk management system will inform you of the first steps that need to be taken. In addition, it provides you with a documented record of the risks you are willing to take, the risks you wish to mitigate and how and when you are going to implement the countermeasures.
The risk register is used to select possible protective actions against the risks that need to be mitigated. The next step consists of creating an implementation roadmap which involves prioritising the necessary actions, adding the required resources and positioning the various activities on a timeline. Following this roadmap will ensure that your level of security will grow.
The protective actions to be taken are part of the defence in depth strategy, which means that we differentiate protective measures at three different levels:
Step 4: Detect
The Detect step consists of delivering a complete security monitoring package that will transform your plant from a black box into a transparent environment. The package protects your plant by preventing malicious persons from entering your systems and gathering information during an extended period of time. Realtime monitoring of the system and the network ensures that intruders are detected at an early stage and allows immediate actions to be taken. In addition, penetration tests and security audits ensure that weaknesses are detected at an early stage. Notification and registration of security incidents allow proper actions to be taken in order to prevent them from recurrence.
Step 5: Respond
What actions should you take after an alert? ICT has a full Security Response team with experts on several area’s like PLC, SCADA, etc. Our experts can help you investigate these alerts and distinguish a false alert from a real alert. We can also help you by taking the necessary actions to stop a security incident. Some organisations have the legal obligation to report security incidents to the appropriate organisations, ICT can help you in delivering the required information on-time.
A practical approach on security
This holistic approach is based on the following international standards and frameworks.:
- IEC 62443, EU standard for Security of Industrial Automation and Control Systems
- NIST, US standard for Security of Industrial Automation and Control Systems
- ISO 27001, an international standard for information security
- ISO22301, an international standard for business continuity management
- ITIL, a best practise framework for IT service management
These standards and frameworks are transformed to a practical approach to assured that the security level of your organisation is continuously on the required level.