To take control of your cyber security, the IEC 62443, the cyber security standard framework for Industrial Automation and Control Systems (IACS), provides guidance for the development and implementation of a CSMS. The implementation of a CSMS helps organizations to manage, integrate and maintain cyber security within their organization and as such comply with current and future regulations and the organization’s vision. Within the IEC 62443, the standard IEC 62443 2-1 provides the framework for the development and implementation of a CSMS.
CSMS a structured and phased approach
The development and implementation of a CSMS can take some time, depending on the requirements, resources available and the size of the organization. Such an implementation requires a structured and phased approach. To ensure the success of the development and implementation of the CSMS, organizations often ask Hudson Cybertec for assistance. Hudson Cybertec has thorough experience supporting organizations with the development and implementation of their CSMS which is tailored to each individual organization’s requirements.
Cyber Security Management
To support the development and implementation of a CSMS, depending on the requirements of your organization, we provide everything from ad-hoc support to a full-service package, where we manage the development and implementation of the CSMS. Managing cyber security is essential for good assurance of cyber security in the organization. The responsibility for managing cyber security often lies with a Chief Operational Security Officer (COSO). If your organization cannot perform this role internally, Hudson Cybertec will assist you on an interim, fulltime or part-time basis. We fulfill the COSO role for you with an experienced and qualified security professional.
The COSO helps your organization develop and implement a cyber security strategy based on international standards and your organization’s requirements. The role of a COSO complements the role of a Chief Information Security Officer (CISO) and vice versa. These roles are more or less similar, where a CISO will focus on Information Technology (IT) and a COSO will focus on Operational Technology (OT). To ensure a rolling start of a project, we provide additional resources at the start of the project to ensure that organization reaps the benefits of the CSMS as soon as possible.
Management support and risk analysis
The development starts with several key CSMS elements required to manage cyber security within an organization and additional elements based upon the requirements and priorities of the organization. Once support and funding from management is obtained, it is important to know where the organization stands regarding cyber security. To obtain this information we advise to start with a zero-measurement security assessment. This provides the organization a clear view of what its weaknesses are and allows the organization to define and focus on those aspects of cyber security that need to be remediated first. In addition, it allows the organization to identify so called ‘quick wins’ that can be easily implemented without too much effort and that have a direct positive impact on the cyber security of an organization.
The implementation of a CSMS is not a one-off exercise. Once a CSMS is established, it needs to be maintained in order to stay relevant for the organization. There is no need to establish a CSMS if it is not supported or used by the organization. And a CSMS loses its effectiveness over time, if it does not grow or change with the organization and does not adjust to changes in legislation, threats and new insights. To ensure that this is the case, metrics (including KPIs) are defined and the CSMS needs to be reviewed on a regular basis or when internal or external factors warrant such a review. If the outcome of the review indicates that changes are warranted, the CSMS needs to be updated so that it stays current and effective.
For an actual business case, please read the article “Cyber Security Management according to IEC 62443” which discusses the usage of the IEC 62443 standard to develop and implement a CSMS at a chemical company.
How can we help you?
To ensure a successful implementation of your CSMS, we can manage its development and implementation for your organization. This is achieved by providing customized management services like a fulltime, interim or part-time COSO function (COSO on demand).
Take control of your cyber security, please contact us now at firstname.lastname@example.org.