CYBER PROCESS RISK ASSESSMENT (cyberPRA)
ORIGNIX delivers a systematic cyber and operational risk assessment using well-established techniques and templates. The cyberPRA methodology is based on ISA/IEC 62443 and IEC 61511 industry standards. It identifies potential gaps, hazards, vulnerabilities, independent protection layers associated with engineered industrial processes at plant facilities. The identified cyber risks are prioritized based on realistic cost-benefit analysis.
The cyberPRA assessment offered by ORIGNIX consists of the following deliverables:
CYBER GOOD ENGINEERING PRACTICES ASSESSMENT (cyberGEP)
A structured assessment of engineering, operational and maintenance activities. It evaluates existing processes with existing corporate cybersecurity practices and established industry code, regulations, specifications, standards, and recommended practices. It validates alignment with Recognized And Generally Accepted Good Engineering Practices (RAGAGEP).
CYBER VULNERABILITY ASSESSMENT (cyberVAS)
A careful evaluation of Industrial Automation and Control System design and cyber-enabled devices. It provides awareness and visibility of known vulnerabilities in IACS.
CYBER HAZARD AND OPERABILITY STUDY (cyberHAZOP)
A systematic and thorough cyber-to-HSE risk study based on ISA/IEC 62443 and IEC 61511 standards. It considers realistic threat scenarios, known vulnerabilities of network-capable devices. It evaluates them with existing countermeasures and credible consequences documented in the plant’s HAZOP.
CYBER LAYER OF PROTECTION ANALYSIS STUDY (cyberLOPA)
A semi-quantitative, order of magnitude, risk assessment on high consequence threat scenarios. It evaluates independent protection layers and determines cybersecurity controls’ adequacy to maintain the desired strategic risk tolerance level.
CYBER GOVERNANCE PROGRAM
The ORIGNIX customizable ICS cybersecurity governance program can help you fast-track and achieve the desired operational and strategic risk tolerance level. The governance program offers the following products.
ICS Cybersecurity Controls
Update or establish strategic ICS cybersecurity policies, guidelines, procedures, and best practices. Implement governance and achieve desired ISA/IEC 62443 security level and CMMI maturity level targets.
ICS Cybersecurity Management System
Apply the ISA/IEC 62443 cybersecurity lifecycle program to implement the corresponding competency management plan and the structure for maintaining the organization’s Industrial Automation and Control System cyber assets.
Cyber Operations & Maintenance System
Establish a day-to-day cybersecurity framework of ICS cybersecurity control processes: Asset Management, Backup and Restore, Access Management, Release Management, Change Management, ICS Patch Management, Vulnerability Management, Incident Management, Decommissioning and Disposal, Validation and Testing, Third Party Assessment, and Due Diligence.
Cyber Requirements Specifications
Specify, maintain, trace, and track system-level technical, supply chain, and service provider cybersecurity requirements.
Cyber Resilience Engineering
ORIGNIX provides a holistic delivery of services via a technical team of experts in program management, solution architecture, engineering design, testing, installation, and commissioning. Our expertise is deployed against a clearly defined plan, managed daily by some of the most talented consultant leaders and engineers. The ORIGNIX rigorous approach includes frequent progress check-ins, daily interaction with clients, and constant partner participation to achieve your risk reduction objectives.
Cyber Incident Response Plan
The ORIGNIX incident handling process and procedure templates are specific to Industrial Automation and Control System environments. They are tailored to your particular business needs. The incident response plan can also be integrated with the respective incident response programs for IT, HR, Corporate Security, and Corporate Communications.