Our Services Integrate Seamlessly into Your Business,
So We Can Support You In The Best Way Possible

Request a Call from one of our Team.

Industrial Cyber Security
Our address:
Prince Mohammad corner 2nd Street
P.O. Box 1557, Al-Khobar 31952
Kingdom of Saudi Arabia
Get directions
Call us:
+966 (0)13 8653872
Our Office

Industrial Cyber Security | IACS Cybersecurity Assess Phase

ISA62443 - IACS Cybersecurity Assess Phase

A standardized approach for quantifying cybersecurity risks to an organization (vulnerabilities, threats, likelihoods and impacts) while tailoring mitigation countermeasures to meet an organizations risk tolerance level.

  1. Can you identify the worst case financial and HS&E consequences in the event availability, integrity, or confidentiality of your IACS is compromised?
  2. How do you determine the correct balance of countermeasures based upon specific IACS function?
  3. How do you tailor your risk mitigation, one size does not fit all?
  4. Are you overpaying for a blanket cybersecurity risk policy?

As per ISA62443, the organization SHALL perform a high-level cybersecurity risk assessment of the SuC (per ISA99.02.01:2009 Clause 4.2.3.1-4) to identify worst case unmitigated risk that the SuC presents to the organization.

Flow diagram of high level risk assessment

Scope of Assessment Phase

  1. Define Assessment Scope
  2. Compile Scope components
  3. High-level Cyber Risk Assessment
  4. Allocation of IACS assets to Security Zones and Conduits
  5. ◊Deliverable – Cybersecurity Vulnerability assessment (CSVA)
    1. Scope and Purpose – Goals, Team and Plan
    2. System Vulnerability and Security Risks
      1. Port and vulnerability scans
      2. Attack Targets
      3. Staff Interviews
      4. Configuration reviews
      5. Component assessment
  6. Detailed Cyber security Risk assessment
    1. Identify Threats
    2. Identify Vulnerabilities
    3. Determine Consequences & Impact
    4. Determine Likelihood
    5. Calculate unmitigated cybersecurity risk
    6. Determine security level target
    7. Consider Existing countermeasures
    8. Re-evaluate likelihood and Impact
    9. Calculate residual cybersecurity risk
    10. Apply additional security countermeasures
  7. ◊Deliverable -Cybersecurity Requirements Specification (CRS)
    1. Scope and purpose of the system
      1. System architecture
      2. Definition of zones and conduits
      3. Network segmentation requirements
    2. Physical and environmental security requirements
    3. General cybersecurity requirements
      1. Access Control requirements
      2. Identification and authentication of users
      3. User roles and privileges
      4. User administration
      5. Confidentiality, Integrity and Availability requirements
      6. Detection and Monitoring reporting requirements
      7. Response time requirements
      8. OS hardening requirements
      9. Device hardening
    4. Zone and Conduit specific requirements
    5. Security level targets
    6. Applicable policies and procedures
ISA Cyber Security Specialist RISK ASSESSMENT Badge
ISA Cyber Security Specialist ISA/IEC 62443 Badge
ISA Cyber Security Specialist DESIGN Badge
Our address:
Prince Mohammad corner 2nd Street
P.O. Box 1557, Al-Khobar 31952
Kingdom of Saudi Arabia
Get directions
Call us:
+966 (0)13 8653872
Our Office

 

This website uses Third Party Cookies. You agree to cookies by using this website.