How can you better protect your operations against intrusions and cyber threats? The remediation plan developed during the assessment stage involves hardening existing systems, implementing layers of security, and introducing security-related organizational measures. ENGIE Laborelec cyber security experts help you with everything you need to dramatically reduce the likelihood of a voluntary or involuntary intrusion and enhance your cyber resilience.
Context and service scope
HARDENING SYSTEMS AND IMPLEMENTING LAYERS OF SECURITY
Hardening existing systems is the first step in improving the cyber security of your operational environment. It involves the installation of hardware and software to reduce the attack surface of systems and devices. Examples include updating the firmware, applying security patch updates, closing unused ports, removing unnecessary software, and disabling irrelevant services or features in configuration files.
In addition, the remediation plan involves installing extra layers of security on top of the existing system. Examples include installing firewalls, putting in place sanitization stations (using Content Disarm and Reconstruction, CDR), deploying or reinforcing password management, installing virus and spyware protection software, and implementing secure connectivity such as ICS-proof secure remote access (SRA), secure socket layers (SSL) and virtual private networks (VPN).
Policies, processes and procedures
In addition to installing or configuring software and hardware, the remediation plan involves taking organizational steps such as setting up new processes, and procedures or optimizing existing ones. The installation of extra layers of security may lead to new procedures. Examples include a data sanitization procedure for use by maintenance contractors and a password management policy and process. Existing operational processes may also need to be optimized to reduce the organization’s vulnerability to voluntary or involuntary intrusions. ENGIE Laborelec helps customers define these policies, processes, and procedures. We have comprehensive experience in developing policies, designing or redesigning processes, writing procedures, and training people to use them.
Implementing an Information Security Management System (ISMS)
Laborelec also implements a comprehensive Information Security Management System (ISMS) where circumstances require it, such as in response to local regulations. An ISMS is a systematic, ISO 27001-compliant management system of policies, procedures, regulations, and resources designed to continuously control, maintain and improve information security. The implementation project includes training and awareness sessions and workshops, a comprehensive cyber security assessment, defining and implementing ISO 27001-compliant policies and procedures, and putting in place a continuous improvement cycle supported by internal audits, management reviews, and ISMS metrics.