IT and ICS Security Assurance

Consultant | Training | Solutions
Fedco International, PT.

Welcome to Fedco - IT and ICS Security Consultant

ICS Security Risk Management

Industrial Control System (ICS) Security Risk Management

Knowing the risk of the asset is like knowing "ourself" prior to go to the battle. The SWOT security posture of the ICS environment can be determined well by having proper risk security posture, and this is why we need the ICS Security Risk Management

The ICS Security Risk Management milestones mainly will consist of 4 core segments as per the following list:

Team development, charter, reference and documentation

Risk evaluation on the assessed ICS object to define, analysis, strategize and plan against the risk level that being measured. Risk security posture of the ICS environment will be the output from this workshop. Following is the summary of the RA workshop sequence:

integrated risk assessment

Controls catalog as the RA reference for any follow up and agreed action, with the covered of actions items as per agreed (plus deadline). Responsible party for each action items should be defined and ensure they understand with the job in hands. Review and revise the controls catalog as per system changes/upgrades (inline with RA review) as per required. Since Controls Catalog has the function as the reference point based on the risk assessment workshop, it will also determine the strategic planning that cover the future implementation to fix the gap findings (in RA workhsop) and to ensure the risk level is achieved and maintained under the ALARP level

The implementation of Controls Catalog action items as per agreed by the Risk Assessment team. The sustainability part is covering the periodic review of risk assessment (depends on the level of the risk), stewardship against the implementation and continuous improvement against the system in place. RA periodic review is based on the risk category (high, medium, low, etc.). The unplanned review can be performed if any crucial changes happened on the system or some incident happened. Owner and custodian should understand and aware regarding system risk status and its controls catalog.

The Critical Steps

Please keep in mind that managing the risk in an ICS environment is not “One Man Show“. It is purely a Team Work that working as a team. Recruiting the proper personnels to join the Risk Assessment team is a crucial part, while doing the proper Risk Assessment Workshop is also critical. The result of the workshop in form of Risk Security Posture and Controls Catalog will be the basis reference for the next action items. So be very careful on performing the ICS Security Risk Management

Keep The Pace

Don't Get Loose

The agreed risk as per mentioned in the Risk Assessment result is the basis on implementing the Controls Catalog and some other action items to ensure the risk is always in acceptable level. Don’t get loose on the sustainability phase, the controls catalog stewardship and periodic review will be the windows to manage the performance

The Risk Assessment and Controls Catalog Documentation will be used as the reference point for the next ICS Security Assurance activities: ICS Security Assessment

Consider it Risky?

We provide the ICS Security Risk Management covering the core activities such as Risk Assessment Workshop, Controls Catalog Development and Implementation & Sustainability