WisePlant – A WiseGroup Company
Log in

The News that Matters

Recent Posts

View Calendar

Price Lists $

WisePlant Group LLC

WiseCourses Academy

Talk to Experts

OTConnect News

OTC – News

#consecuencias #consequences #downstream #energy #expectativas #iec62443 #mineria #otc #threats #vulnerabilities #wbs #zcm
Risk Assessment System for Industrial Cybersecurity 1

Risk Assessment System for Industrial Cybersecurity

May 2, 2022 (updated December 16, 2022) Published by

Build, manage, and access a collaborative environment for industrial cyber risk management that is 100% compliant with ISA/IEC-62443 series and popular regulations. Mitigate long-term industrial cyber risk with low effort and minimal investment.

During many years of experience, we have identified the problems that professionals face (lacking practical experience) when implementing an industrial cybersecurity program effectively and efficiently. Lack of experience inevitably leads to poor management of industrial cyber risk and constant overspending that is done year after year erratically. Among the problems identified are:

Problem 1

Use of multiple technological tools, which are insufficient to meet all the requirements of the ISA/IEC-62443 standards. It is not useful to meet some of the mandatory requirements, or all the requirements are met or it is not met and done badly. The risk remains unmitigated.

Problem 2

Lack of knowledge and experience in implementing the industrial cyber risk management lifecycle defined in ISA/IEC-62443. The reality is that very few professionals and companies know how to do it correctly. They promise (unreliable) results, lengthen execution times and increase costs. The risk remains unmitigated.

Problem 3

There is no transfer of knowledge, it depends on a single expert, it prevents the program from adhering naturally to the organization, there is no cultural change in the organization, again costs are generated according to the wrong interests and objectives. The risk remains unmitigated.

Problem 4

Multiple projects, occurring at the same time with different visions of Industrial Cybersecurity, produce more delays and more expenses. Two or more projects compete to take control of a different view about how to solve the problem. The risk remains unmitigated.

These are just a few of the most common problems, but the list is much longer. For this reason, we developed a complete system – from a blank paper – for risk management in industrial cybersecurity, where the life cycle and all the requirements of the ISA/IEC-62443 standard, and other popular regulations (NIST, NERC, INGAA, ENISA …) are met, but fundamentally, most importantly, mitigate all risks in an effective way, efficient and sufficient.

Evaluate the risks to make optimal and sufficient long-term decisions – What do you need? How?

We guarantee that by using our industrial cyber risk management system and our proven methodology, you will achieve the desired thing, that industrial cybersecurity is an investment and not an expense as it is for many.

Risk Assessment System for Industrial Cybersecurity 2

ZCM ASSESS System

You need the ZCM system with the ASSESS software module in its smallest license, at least one ZCM Analyzer and ZCM Inspector.

Risk Assessment System for Industrial Cybersecurity 3

Value Added Services

It requires value-added services to be provided by an authorized integrator with experienced certified professionals.

Risk Assessment System for Industrial Cybersecurity 4

Training Courses

You need the best training courses that will show you the easiest, fastest, most effective and most efficient way to meet the requirements of the ISA/IEC-62443 series of standards.

We guarantee that the industrial cyber risk analysis will allow to identify the current risk and result in the definition of recommendations that based on the redesign will be implemented to mitigate the risk and keep the system at a tolerable risk, with a low cost of monitoring.

Target Before With the ZCM System

If you want cybersecurity as it should be done and with the minimum investment, maximum results, and without taking unnecessary risks, contact us. We will show you the path to get there, timely and accurately.

Thanks to the digitalization of centralized industrial cyber risk governance, avoiding the use of multiple incomplete tools, it guarantees us the success of risk analysis and all activities after making correct decisions, for: its design, implementation in 7 x 24 trust out of risks and in Safe maintenance. All this without exaggerated bureaucracy.

  • Government

    Policy Management

    Risk analysis requires corporate policies, which together with the ZCM system ensure and enforce compliance, incorporating a true digitalization of security; without the need for organizations to develop an extensive number of procedures and records, avoiding the increase of the bureaucracy of the organization.

  • Government

    Ready to certify

    During the performance of the activities the system produces all the necessary traceability, auditable records ready to certify without having to develop another project to obtain certification.

  • Government

    Management Dashboard

    Necessary and fair information allows to visualize the progress and the situation throughout the life cycle of the different systems under consideration (SUC).

  • Government

    Inventory Management

    Develop and maintain the inventory of cyber components (SUC) and physical assets (AUC) throughout the life cycle of the plant, complying with all the requirements of the ISA/IEC-62443 series of standards and other regulations.

  • Government

    Vulnerability management

    Manage procedural, technological and physical vulnerabilities classified according to realistic industrial cyber risk.

  • Government

    Security Breach Assessment (and Maturity)

    Identify strengths, weaknesses and opportunities for improvement in the governance and management of industrial cybersecurity.

  • Government

    Effective and efficient countermeasures

    Evaluate the effectiveness and efficiency of existing countermeasures and decide on the implementation of countermeasures that are effective and efficient to mitigate all risks that are intolerable.

  • Government

    Consequences to be avoided

    Identify the unacceptable consequences that could occur in the event that the control systems (SUC) are compromised.

  • Government

    Security Recommendations

    Produce all recommendations for government, technology, and industrial physical processes necessary to mitigate all risks that are unacceptable to the organization.

  • Government

    Security Levels

    Determine the safety level (SL-T) for each of the zones and ducts of all systems under consideration (SUC).

Risk Assessment System for Industrial Cybersecurity 5

ZCM System with ASSESS Software

System for the assessment of industrial cyber risks and making correct decisions that really mitigate the risk effectively, efficiently and sufficiently with the determination of the target security levels (SL-T).

Request a Demo

Once the risk assessment has been finalized and the necessary recommendations and safety levels have been produced for each zone and pipeline, you will specify the ZCM system with the IMPLEMENT module and the additional components to achieve an effective and efficient mitigation of all intolerable risk.

Once you have finalized with the implementation of all modifications, recommendations and safety requirements in accordance with the ISA/IEC-62443-3-3 series of standards, you must implement the ZCM system with the MAINTAIN module to monitor only everything that makes sense according to a rationalization of alerts, with immediate and precise action instructions without delays, among other activities.

Eduardo Kando - avatar
About the author: Eduardo Kando Verified Member WiseGroup Manager

Get Involved & Participate!

The moment is now!
The experience meets opportunity!
Register

Comments

No comments yet