OUR EXPERTISE IN CYBERSECURITY FOR INDUSTRIAL SYSTEMS
CERMA METHODOLOGY
(Cybersecurity Evaluation and Risk Management)
Assessment of existing installations
- “Maturity” diagnostic (flash or detailed version) to assess strengths and actions to be taken in the short, medium, and long term, including asset mapping against digital security standards and best practices.
- “Compliance” audit to evaluate the requirements of standards such as IEC 62443, NIST SP800-82/SP800-53, or any other specific client reference.
Risk analysis
- Industrial cyber risk analysis, based on EBIOS Risk Manager and recommendations from the IEC62443 standard, which integrates the specificities of IEC 62443, particularly the zone and conduit approach.
Proposal of operational and technical security measures
- Architecture definition (defense-in-depth approach)
- Proposal of security measures (organizational and technical)
- Decontamination of removable media and data transfer
- Security monitoring
Support for the implementation of cybersecurity measures
- Support for tender writing or response to tender support
- Establishment of processes and documentation to enhance security levels, including crisis management (incident, business continuity, etc.) in the event of a cyberattack
- Design of architectures and deployment of solutions in the client’s context following security best practices
- Technical documentation: Technical Architecture Document (DAT), Detailed Implementation (DI), Detailed Requirements (DR), Detailed Execution (DEX)
- Project management, deployment, migration, and production implementation
- Support, maintenance, Technical Support Assistance Contract (CAST)
- Establishment of a Security Operations Center (SOC)
- Audit, support, and monitoring of suppliers (ISO/IEC)
- Technological watch
Security maintenance, intrusion testing
Sales, integration and maintenance of cybersecurity solutions
Cybersecurity Solution Provision
Audit, Study, and Consulting
Architecture and Solution Integration
Managed Security Service Center (MSSP) and Support
WHY IS IT ESSENTIAL TO SECURE YOUR INDUSTRIAL SYSTEM?
Computer systems and industrial installations are increasingly connected to the outside world through their use of telecommunications. Their interconnections with office networks, ERPs, and the proliferation of remote commands provide ample opportunities for cyber attackers. Consequently, your infrastructure and confidential data become vulnerable to hacking attempts in your cyberspace. This results in lowering your level of IT security and weakening your protection against malware and other phishing attempts. Obsolete industrial infrastructures then evolve into a threat to the resilience of your operation and interconnected systems.
Discover how SERMA Safety and Security helps you implement a policy to protect your environments to preserve the cybersecurity of your industrial systems.