Tekgem IACS Cyber Security Assessment
Tekgem IACS Cyber Security Assessment
Cyber Security
Health Check
Contents
04
02
About Tekgem
Health Check Report
03
IACS Cyber Security
05
Health Check
3.1 Scoping
3.2 Reporting
Health Check
Report Overview
5.1 Priority Rating
5.2 Fix Rating
Introduction 2
About Tekgem
Who we are
Tekgem bridges the gap between Information Technology (IT) and Operational
Technology (OT). Manufacturing and engineering companies come to us because
of our independent and highly specialised skillset in mitigating cyber-security
risks in industrial automation and control systems.
3.2 Reporting
The purpose of these reports is to provide detailed findings from the scoping
session and the subsequent recommendations of the work required to meet
the specified industry standards.
Network Access
Including routing, switching and firewalls.
Endpoint Protection
Including antivirus and associated technologies.
Electronic Identity
Including user accounts, security groups, access control.
Removable Media
Including USB, CD, DVD and portable device connectivity.
Security Updates
Including patch levels.
System Administration
Including privileged accounts and centralized administration.
Physical Security
Including locations of equipment.
Human Factors
Including role & responsibilities, awareness and training.
Asset Management
Including life-cycle management, monitoring and reporting.
Risk Assessment
Including change control and incident management.
Health Check
Report Overview
Understanding your needs
Each recommendation identified in the IACS Cyber Security Health Check is rated
by priority and the effort required to fix the outstanding action. The overall rating
for each finding is calculated based on the priority and fix ratings.
Rating Description
High These findings pose a significant threat to security and can include a lack of
physical or electronic barriers to entry, misconfiguration of existing measures or
missing security measures.
Medium These findings have limitations on the direct impact they can cause. Typically,
these would include lack of / out of date documentation including procedures
and policies, lack of monitoring / maintenance of systems and / or lack of
routine activities and reporting.
Low These issues represent no direct security threat. Minimum requirements have
been met however there may be recommendations to further improve working
practices and/or knowledge/skillset.
Rating Description
Planned Meeting this recommendation involves planning, testing and could cause some
disruption to services.
Quick The recommendation is quick to resolve. Typically, this would just involve
changing a small number of settings and or creation of documentation and
would have little-to-no effect on services.