START WITH DOCUMENTATION: The essentials of a Cybersecurity Management System
The first step in improving a process is understanding what you have. We work closely with clients to audit their industrial operations to build documentation that effectively represents a baseline for improvements and a snapshot of their systems today. This essential documentation includes not only the devices attached but information about how they are accessed, what they interact with, how they are interacted with and who interacts with them.
With baseline documentation in place, the next step is to produce high-level and then detailed level assessments. These assessments help provide key stakeholders with the information required to determine a level of acceptable risk and guide the process of developing a Cybersecurity Management System.
It is important to understand that maintaining and operating a Cybersecurity Management System (CSMS) is not a one-time event. It is a continuous process that relies on the development of a culture of Cybersecurity. Based on the acceptable level of risk, each component of the CSMS must be refined and implemented differently. Generally, a CSMS contains the following components:
The components of a CSMS work hand in hand with a multi-layered approach to defense, commonly referred to as Defense in Depth.
1. Physical Security
2. Policies & Procedures
3. Zones & Conduits
4. Malware Prevention
5. Access Controls
6. Monitoring & Detection
7. Patching
The recommendations and implementation of these layers varies largely based on your appetite for risk and available budget. A common and typical approach that we recommend is a staged implementation. It is important to look at the system as a whole–avoid the shiny brochure for the magic bullet, there is none. Implementing a CSMS requires careful coordination with available budgets and can typically be implemented into an existing modernization plan.