Industrial cybersecurity governance

Industrial security diagnosis and audit

This is an analysis of the current situation to determine the safety status of the plant. In this way, it is possible to identify threat scenarios, evaluate the level of risk and determine the corrective actions that mitigate or reduce that risk.

Areas of analysis:

• Power supply, video surveillance, physical access to plant or machines, etc.
• Industrial assets: location and handling of equipment, inventory, vulnerability and patch management, backup copies, change control, access to interfaces or services, credential management, equipment obsolescence, use of industrial protocols, native device protection measures, logical security in the protection of safety equipment, etc.
• Network architecture: segmentation-separation, filtering, firewall security policies, captive portals for accessing equipment, etc.
• Network monitoring: identification and response to events or anomalies, response procedures, etc.
• Third-party access: remote and on-site access, gateways and gateways, physical measurements on end equipment, permissions management, connection of third-party equipment to local networks, etc.
• Cybersecurity by design: premises in technical or engineering offices, approval of manufacturers and products, criteria and clauses in contracting, protection of information and designs, etc.