Summary

Principles

  1. Protect, Detect and Respond

  2. Defence in Depth

  3. Technical, procedural and managerial protection measures

  4. ESTABLISH ONGOING GOVERNANCE

    1. Establish governance and supporting organisation
    2. Develop and implement the security strategy
    3. Monitor the risks and ensure compliance
    4. Maintain and improve security
  5. MANAGE THE BUSINESS RISK

    1. Assess business risk
    2. Establish ongoing risk management
  6. MANAGE INDUSTRIAL CONTROL SYSTEMS LIFECYCLE

    1. Ensure security requirement included in procurement
    2. Ensure ICS are secure by design
    3. Manage security through ICS construction
    4. Manage operational security
    5. Manage security risks during decommissioning & disposal
  7. IMPROVE AWARENESS AND SKILLS

    1. Increase ongoing awareness
    2. Establish training frameworks
    3. Develop working relationship
  8. SELECT AND IMPLEMENT SECURITY IMPROVEMENTS

    1. Review risks and assess existing controls
    2. Define target state
    3. Develop a risk reduction plan
    4. Implement security improvements
  9. MANAGE VULNERABILITIES

    1. Monitor vulnerabilities and threat activity
    2. Analyse impacts and review response options
    3. Test and implement selected response
  10. MANAGE THIRD PARTY RISKS

    1. Identify third parties
    2. Manage risk from vendors
    3. Manage risk from support organisations
    4. Manage risks in the value chain
  11. ESTABLISH RESPONSE CAPABILITIES

    1. Form an ICS Security Response Team
    2. Integrate security response with other business response plans
    3. Test and rehearse response capabilities
    4. Monitor and respond to security alerts and incidents

Overview

Untitled

Governance and Strategy

Untitled

Untitled

Untitled

Untitled

Key Activities

Untitled

Untitled

Untitled

Untitled

Supplementary