As an organization, the company should realize the essential of having a clear defined policy on their organization. This policy will be the soul of so many aspects that will guide the whole business conduct. Focus on the cyber security perspective, the policy on this aspect should govern all related entities within the company, regarding the core security guidelines for the organization. The security policy should also govern people (as the core player) and system (as the security object)
The Good Governance in ICS Cyber Security
-
Program
The umbrella of the whole ICS Cyber Security assurance activities – the master book, including the ICS Cyber Security Standard as the technical guidance
-
Policy
ICS Cyber Security governance deployed through the proper cyber security policy in ICS environment (differ with IT security policy but may overlap in some points)
-
Procedure
The front enforcement to ensure manual and policies in ICS cyber security assurance is conveyed in proper manner and be part of daily activities within ICS environment
Policy and Business Conduct
Technical Coverage
Technical and behavior should be captured on the security policy coverage. As an example, the removable media policy. The threat of being infected by malicious code that is spread out by the contaminated removable media can put the organization in danger situation. Another example is related to the behavior control on how to interact with the high-level data classification (confidential and private). What is the best practice that should be deployed to the people each time they interact with these types of data
What We Offer
ICS Cyber Security Program Design & Development
Technical assistance and consultation to design and develop the ICS Cyber Security Program as the umbrella of the whole ICS Cyber Security Assurance. The ICS Cyber Security Program will be based on several technical guidelines such as industry standards, best practices, technical recommendations, and specific corporate guidelines. The ICS Cyber Security Program covers the portion of developing company standards to govern the ICS Cyber Security Assurance in premises
ICS Cyber Security Policy Design & Development
Technical assistance and consultation to strategize and develop the ICS Cyber Security policy within the corporation align with the existing company general policy and IT security policy. The ICS security policy is considered as the top-level guidelines to govern the ICS Cyber Security assurance across the company, while the detailed step by step of daily activities will be covered in ICS Cyber Security procedure
ICS Cyber Security Procedure Design & Development
Technical assistance and consultation to strategize and develop the ICS Cyber Security procedure adhere to the company standard and ICS Cyber Security policy in order to cover the detailed activities related to the ICS Cyber Security assurance in day to day operations