ICS OT Security Controls
- ICS cyber security, ics security, ics security assurance, ics security training, ics security vulnerabilities, network security
💡 Selecting, implementing, assessing and monitoring the ICS OT Security Controls require preliminary activities to be executed as part of the whole ICS OT Cyber Security Assurance life cycle.
🟡 The Risk Management Framework and related tasks cover the fundamental approach of dealing with the ICS OT Security Control activities (selection, implementation, assessment and monitoring).
💡ICS OT Security Control consists of three categories with 20 security controls (refer to NIST SP 800-53 and NIST SP 800-82).
🔍 The ICS OT Security Control categories are as per the following:
1. System Management Control
2. Operational Control
3. Technical Control
♻ Selecting the proper security controls is important since it will be related closely to the implementation strategy (including risk reduction target), cost and budgeting, technical capability, resources capability, and continuous improvement (assess and monitor to enhance the security assurance level).
🔴 Each category has several security controls with the detailed list as per the following:
🅾 System Management Control, consist of:
✅ Assessment
✅ Authorization
✅ Monitoring
✅ Planning
✅ Program Management
✅ Risk Assessment
✅ Supply Chain
✅Risk Management
✅System and Services Acquisition
🅾 Operational Control, consist of:
✅ Awareness and Training
✅ Contingency Planning
✅ Incident Response
✅ Media Protection
✅ Physical and Environmental Protection
✅ Personally Identifiable Information (PII)
✅ Processing and Transparency
✅ Personnel Security
🅾 Technical Control, consist of:
✅ Access Control
✅ Audit and Accountability
✅Configuration Management
✅ Identification and Authentication
✅ Maintenance
✅ System and Communication Protection
✅ System & Information Integrity
♻ The proper selection of the ICS Security Control will drive the future achievement of the ICS Cyber Security Assurance.