As an organization, the company should realize the essential of having a clearly defined policy on their organization. This policy will be the soul of so many aspects that will guide the whole business conduct. By emphasizing from the cyber security perspective, the policy should govern all related entities within the company, as the core security guidelines for the organization. The security policy is governing the people (as the core player) and the system (as the security object)
The Good Governance in ICS OT Cyber Security Assurance
-
Program
The umbrella of the whole ICS OT Cyber Security assurance activities – the master book, including the adopted ICS OT Cyber Security standards as the internal guidelines for compliance assurance
-
Policy
ICS OT Cyber Security governance is deployed through the specific cyber security policy in the ICS OT environment. Strategizing the proper ICS OT cyber security policy is a crucial step in the cyber security assurance lifecycle process
-
Procedure
The frontline enforcement to ensure the program and policies in ICS OT cyber security assurance are conveyed properly. Governing the day to day activities on its more technical and detailed aspects, the procedures play a significant role to ensure the compliance assurance
Policy and Business Conduct
The Policy's Coverage
Technical and behaviour should be captured on the security policy coverage. An example is the removable media policy. The threat of being infected by malicious code that is spread out by the contaminated removable media can put the organization in danger situation. Another example is related to the behaviour control on how to interact with the high-level data classification (confidential and private). The best practice that should be deployed to the people each time they interact with these types of data should be defined and deployed properly
What We Offer
ICS OT Cyber Security Program
Technical assistance and consultation to design and develop the ICS OT Cyber Security Program as the umbrella of the whole ICS OT Cyber Security Assurance milestones. The ICS OT Cyber Security Program will be based on several technical guidelines such as industry standards, best practices, technical recommendations, and specific corporate guidelines. The ICS OT Cyber Security Program covers the portion of developing company standards to govern the ICS OT Cyber Security Assurance on-premises – to reflect the actual situation but still adhere to the standardized regulation for objective compliance requirements and further acknowledgement from external parties (if required)
ICS OT Cyber Security Policy
Technical assistance and consultation to strategize and develop the ICS OT Cyber Security policy within the corporation align with the existing company general policy and IT security policy. The ICS OT cyber security policy is considered as the top-level guidelines to govern the ICS OT Cyber Security assurance across the company, while the detailed step-by-step of daily activities will be covered in the ICS OT Cyber Security procedure
ICS OT Cyber Security Procedure
Technical assistance and consultation to strategize and develop the ICS OT Cyber Security procedure to adhere to the company standard and ICS OT Cyber Security policy, to cover the detailed activities related to the ICS OT Cyber Security assurance in day-to-day operations