Welcome

Welcome to WisePlant - A WiseGroup Company  - | -   SpanishEnglishPortuguese    - | -   Facebook   Twitter  Instagram   Tumblr   Telegram   Reddit  - | -

No session

*** You are not logged in to the SecureCloud ***

Security Gap Analysis (GAP)

$440.00 - $8,800.00

The Security Gap Analysis consists of an evaluation of the current practices of the organization (Plant, division, sector, ...) contrasting against global best practices. It is especially important to identify opportunities for improvement that serve as a basis to define and sustain improvement actions.

SKU: WSIACSGAP Category:
Clear

General description

This Security Gap Analysis service consists of an evaluation of the current practices of the organization (Plant, division, sector, ...) contrasting against best global practices. This study is especially important to assess the highest level of government for industrial cybersecurity and identify opportunities for improvement that serve as a basis to define and sustain improvement actions.

The security gap assessment studies can be carried out both on end users and on suppliers of industrial systems and associated services. Inclusive it can be a very convenient technique for the evaluation of capacity and qualification of providers in relation to the domain that they have of the industrial cybernetic security.

Security FrameworksGlobal best practices, standards, laws and other regulations

Depending on the country, region, laws, regulations, industry and the objectives defined by the organization, we can incorporate different known global frameworks and / or develop a specific one tailored to the organization. (See additional information)

Identification of VulnerabilitiesPartial identification of Vulnerabilities in the field of OT

The assessment of security gaps may yield - depending on the current postural situation of the organization - a large number of vulnerabilities at the government level. Vulnerabilities that must be resolved. Naturally, the correction of security breaches will position the company in a better situation in the face of potential industrial cyber risks.

The vulnerabilities identified during this service will be duly analyzed, correctly identified and incorporated into the "Complete List of Vulnerabilities". These will be used in other subsequent activities.

Technical

Is required

- Definition of Scope

References

International Standards for Industrial Cyber ​​Risk Management
- ANSI / ISA99 / IEC-62443-2-1 - Establishing an industrial automation and control system security prg
- ANSI / ISA99 / IEC-62443-3-3 - System Security Requirements and Security Levels
- ISA TR84.00.09 - Cybersecurity Related to the Functional Safety Lifecycle

National Rules and Regulations in the United States of America
- ACC Guidance for Addressing Cyber ​​Security
- API 1164 - Pipeline SCADA Security Guidelines
- AWWA Process Control System Security Guidance
- CFATS Risk-Based Performance Standards (RBPS-8)
- CSA Z246.1-09 from CSA Group
- NEI 08-09 - Cyber ​​Security Plan for Nuclear Power Reactors
- NERC CIP Standards - Critical Infrastructure Protection
- NIST SP800-82 - Guide to Industrial Control Systems (ICS) Security
- NIST Cybersecurity Framework
- NRC Reg Guide 5.71 - Cyber ​​Security Program for Nuclear Facilities
- TSA Pipeline Security Guidelines

Maturity Models: (Particular case of Security Gap Analysis)
- CCR (Cyber ​​Resilience Review) Homeland National Security
- DOE C2M2 (Cybersecurity Capability Maturity Model)
- FFIEC (Federal Financial Institution Examination Council Assessment Tool)
- CCI (Industrial Cybersecurity Center, Spain)

deliverables

- Security breach report standardized for each Reference
- List of relevant findings
- Qualification showing the results (Dashboard)
- Partial List of Vulnerabilities
- List of Recommendations for each of the References
- Preliminary risk assessment

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.