Security Frameworks – Risk Assessment
Siker has developed a structured method to perform and record a detailed Risk Assessment of a complete suite of IACS systems comprising a System under Control (SuC). The output from the Risk Assessment can define requirements for countermeasures or validate already installed controls. Furthermore, the methodology supports the need to demonstrate assurance of security within Safety Instrumented Functions in accordance with requirements in Edition 2 of IEC61511. The Assessment can consider the full suite of IACS as a complete SuC, a sub-set of systems focused on a specific process segment or an individual control system (ICS). The Assessment can also consider a single change or configuration element, for example the introduction of remote access. The outcome is a ranked Risk Register with identified controls, recommendations or functional requirements supported by a detailed FMECA-style report. The recommendations and/or already implemented controls are mapped to the Foundational Requirements of IEC62443, and the Risk Assessment process is IEC62443 compliant.
Security Delivery Assessment
Where the Client has a risk assessment or Technical Standard in place along with existing countermeasures, Siker can attend to assess these. The audit can provide independent assurance that these are implemented and active, and if required a review to ensure these are sufficiently in line with regulatory requirements. For example, Siker has experience in the preparation and delivery of Cyber Assessment Framework (CAF) reporting to UK Competent Authorities (CA) as required of all Operators of Essential Services (OES) as defined in the EU Network and Information Systems Directive (NIS-D). Even where industrial system’s End-Users are not considered OES, the methodology is useful to provide a current-state assessment report which can be used as a metric to track the quality of protection measures over time. This provides a useful management assurance tool when considering the ongoing and evolving business risk flowing from the cyber-threats. The assessment method is scalable to allow a fit-for-purpose reporting level to suit all business types and needs.
Security Governance and Management Systems
Where Clients do not have an existing Cyber Security Management System (CSMS), Siker has a suite of ‘boilerplate’ Policy, Process and Procedure documents available to enable quick-turnaround delivery of a CSMS ready to be implement. In addition, Siker has a team with the industrial experience to assist with tailoring these into Client specific documents. Working with Client teams to ensure any tailoring blends with existing Client Management System requirements, Siker can ensure the resulting CSMS supplements the existing Management System without contradiction or conflict. Siker also has experience in rolling out such new management system requirements, covering building awareness, task execution change training and people guidance and support during early-phase embedding of change.
Find out more about Security Frameworks
Registered office and postal address
Whiteleaf Business Centre,
11 Little Balmer,
+44 (0)20 3441 7642
We have a regional office located in: Edinburgh, UK
Siker Ltd is registered in England & Wales
Company Registration Number No. 11208267