Do you have the answer for these questions ?

  • What would happen if ….?

  • How do we detect it ….?

  • What would the consequence be ….?

  • How vulnerable are we really ….?

  • Who does what, if ….?

If not, SecuriOT can help you and your company to have the overview so you can make the right decisions.

SecuriOT uses various safety standards and guidelines to ensure that the outcome are optimized for the customer so further work with the “findings” in the risk assessment can be tasked within the customers company.

Today, a number of different standards are available, and in collaboration with the customer we find the right reference model to use.

In SecuriOT we primarily work with NIST Framework, ISO27001 and IEC62443 and as well various Danish guidelines for specific industries.

Technical Risk Assessment

SecuriOT offer a technical risk assessment of your ICS-systems. The primary focus will be:

  • Technical review of your ICS network and ICS architecture with focus on design and configuration
  • Networks and protocols between business IT and ICS systems
  • Review of Firewall setup
  • Assessment of connections to and from IT/OT environments as well as 3rd party networks
  • Security and “hardening” of ICS devices (PLC, Scada, HMI, etc.)
  • Mapping known vulnerabilities in the products and solutions used

Input for this analysis:

  • Infrastructure documentation
  • “Discovery” tools, to get a “real-life” overview of the infrastructure and attached “assets”
  • Interview with relevant persons
  • Physical review of locations

Output and value for the customer:

  • Specific risk assessment of the technical setup
  • Recommendations for “hardening” network infrastructure, systems and devices
  • Recommendations for changes to the present setup

Phase divided approach:

  • Phase 1: Startup workshop
    • Defining “scope”, success criteria and division of responsibility in this assessment
    • Defining tasks prior to the task
    • Time schedule
  • Phase 2: Collecting data and information
    • Data collection is started by SecuriOT’s consultant in collaboration with the customer’s OT responsible
  • Phase 3: Report
    • Analysis of “findings” and preparation of the report
  • Phase 4: Presentation
    • SecuriOT present the report with findings for the customer

An assessement normally take approximately 4 days depending of size and “scope”.

Process Risk Assessment

SecuriOT offers a process risk assessment at your ICS-systems. The primary focus area will be:

  • Defining risk management in the company
  • Defining process and responsibilities, and defining system ownership
  • Process for detection of vulnerabilities and associated risk calculation
  • Process for continuous updates and patching
  • Rights management regarding access to ICS systems (Both internal “admin” rights and external users)
  • Existing business contingency plans in relation to ICS systems
  • Collaboration between business IT and ICS systems

Input to this analysis:

  • Interview with relevant persons
  • Documentation of policies and processes

Output and value for the customer:

  • Specific risk assessment of the technical setup
  • Recommendations for improvement of the existing processes

Phase divided approach:

  • Phase 1: Start-up workshop :
    • What is the scope, success criteria and division of responsibility in this assessment?
    • Defining task prior to the task
    • Time schedule
  • Phase 2: Collecting data and information
    • Data collection is started by SecuriOT’s consultant in collaboration with the customer’s OT responsible
  • Phase 3: Report
    • Analysis of “findings” and preparation of the report
  • Phase 4: Presentation
    • SecuriOT present the report with findings for the customer

An assessement normally take approximately 3 days depending of size and “scope”.

Both approaches will provide useful and important visibility for your business.

SecuriOT will provide specific recommendations for your company to ensure full effect of the analyzes.