| Awareness and Training |
Awareness plan for employees, managers, suppliers and customers. Training plan for technical staff. Training plan for key personnel. Maturity level tests or assessments on employee awareness and training. Indicators of evolution and continuous improvement of knowledge and training (internal and of the supply chain). |
| Compliance |
Centralized management of regulatory and legal requirements. Identification of the responsibilities and those responsible for monitoring and complying with the applicable regulations and laws in force. Definition of functions and competencies and documentary requirements. Definition of necessary committees. Identification and establishment of owners and custodians. Background check and definition of the required job position. |
| Use control policy |
Control policy for the use of equipment (laptops, mobile devices ...) with procedures for restricting connections and access, as well as procedures for using software and services. Change management and updates. Procedures to permanently delete data from devices that are de-registered. Procedures for the use of encryption in data and communications. Change user password by default. |
| Activity log policy |
Policy that will establish the type of information and events to be recorded, validity for storing the data, auditing mechanisms and storage capacity for recording events. Definition of health and safety alerts for devices, and thresholds for each case according to criticality. Definition of non-repudiation mechanisms (timestamp, electronic signature ...) against changes in configuration, permissions or user activity |
| Backup Policy |
Policy that defines the type of copies and their periodicity, their labeling, as well as the media on which they must be made and the locations of the backup centers where the backup copies are stored. This policy will also define periodic restoration tests |
| Certificate use policy |
Policy that identifies Certification Authorities (CA), Registration Authorities (RA), applicants, subscribers and trusted third parties. As well as the characteristics of the certificates, such as their validity, own uses, unauthorized uses, issuance and revocation processes |
| Data Protection |
Information encryption capacity at rest and in transit. Destruction of obsolete information. Protection of the backup and data recovery process. Information classification. Prevention of data leaks in an active way and without losing productivity. Inspection of multiple types of files and protocols regardless of whether the information is transmitted encrypted or not. Both visible and invisible mechanisms so that in case of information leakage, the person responsible can be identified. Authorization control for the use of external devices or file transfer repositories in the cloud. |
| Industrial DPI for anomaly detection |
Monitoring of communications to and from the PLC and control of the commands and values of the technological process parameters and alerts the operator (via HMI integration) of malicious security or suspicious changes in the technological process parameters. |
| Advanced detection of anomalies in the IP layer |
Intrusion detection based on methods for detecting IP protocol anomalies and detecting spoofed address signals in ARP packets. Ability to handle fragmented IP packets |
| Detection of use of default passwords |
Default password detection when connecting to devices - You can track the use of default passwords to access or connect to certain types of devices |
| Detect attacks on industrial networks (signature-based) |
Signature-based industrial protocol attack detection tools |
| Cybersecurity assessment |
Provide minimally invasive industrial cybersecurity assessment. First step in establishing security requirements within the context of operational needs, this can also provide meaningful information on security levels, even less deployment of protection technologies |
| Hardware and software inventory |
Obtain data from both Hardware and Software equipment in order to form a dynamic inventory. Manage an inventory of hardware and software either automated or manual. |
| Network communication visualization |
Communication monitoring system of network devices, identifying industrial protocols used, bandwidth use and end points on a network map with the ability to categorize by levels in purdue |
| Role-based access |
Role-based access aligned with security policies and urgent actions, at the hardware and software level |
| Communications plan |
Escalation process, media management process, internal communication process, communication process with third parties (customers, partners, suppliers, shareholders, investors, etc.) |
| Access control policy |
User and group policy that will define access for each type of information established and assignment of permissions by profiles and groups |
| Secure network design |
Provide specifications for secure network design, segmentation, addressing, and communication protocols |
| Inspect endpoint logs |
Availability of \"log\" files of accesses and events with the capacity to analyze the registers that allow the creation of rules to inspect them and configure, for example, a heuristic analyzer for the event registers. |
| Incident response support |
Health support management for events during incident response. Additional fields to complete with information about the event |
| Reporting of events and communication to responsible parties |
The ability to provide continuous notifications and alerts on security events to responsible personnel based on threshold definitions for the different types of alerts established. |
