DMA encourage organisations to embrace a Cyber Security Program of work that enables protection of Information Technology assets, intellectual property, operations, staff & Customers. When done well the program enables detailed operational data to empower real time decision making.
A cyber security program is made up of the following and most organisations are performing some or all of these components.
-
- Risk Assessment – Document likely threats, assess likelihood and impact. What are the key components being protected, what are the operational requirements, where are the vulnerabilities, is there traceability between countermeasures we have taken and our business requirements across all business units. This detailed report provides vital information to provide a factual account of the current state to enable the creation of a strategy to implement an effective program of work, ensuring the organisation does not appear on the front page of a newspaper for not having done enough of the right things to protect critical assets, people, process and technology.
-
- Strategy & Governance – How do we deliver a program of work to dress the vulnerabilities identified in the Risk assessment report. Do we have appropriate projects, training, technology, policy and procedures in place and that will ensure our protection. The strategy document details the projects required in line with vulnerabilities identified in the risk assessment or health check to deliver an effective program.
-
- Architecture & Documentation– What will the overall system look like, typically take the form of 3 practical diagrams to depict where we are now, where we are going and how we are going to get where we are going. Using appropriate alignment to standards such NERC, NIST, ISO/SEC 27001, ISA/IEC 62443 and SABSA combined with our our unique methodology and experience we document the business requirements, the conceptual view, the architects view, the builders view and component layer view to provide an architectural road map, with full traceability to address vulnerabilities documented in the Risk assessment. ISMS, CSMS statement of applicability, policy, procedure and workflow documentation creation and management.
-
- Managed Services & Monitoring – Visibility of key assets is vistal to ensure controls implemented across your architecture are delivering as expected. Early detection enables rapid response and operational effectiveness. Incident response management to identify a breach, isolate systems, recover and trap key learnings.
-
- Testing & Audit – Penetration testing, Internal and external audits, compliance testing to ensure traceability of initiatives to appropriate standards & policy. This may include penetration testing where appropriate, regulatory compliance, best practice conformity, applications deployed on site and or in the cloud.
- Training – Security awareness training through to complex enterprise and control system security, our courses are delivered by experienced IT & OT consultants who have both operational technology and security experience. Our courses are delivered in person, on site, at our facility or for simple awareness courses, online. We have a recommended agenda, however as the training program is modular it can be delivered in accordance with your specific needs.
For more information or arrange an obligation free discussion please email; info@dmaust.com.au