TIKAJ uses and follows the internationally formulated and accepted standard of CPNI to conduct a SCADA security assessment. TIKAJ protects connected critical infrastructure against a bevy of cyber and network attacks with integrated threat protection, situational awareness and security controls for SCADA. CPNI’s recommendations for process control and SCADA security are essentially contained within the below seven good practices.
Understanding the business risk: Before embarking on a programme to improve security, an organisation must first understand the risk to the business from potential compromises to process control systems. We at TIKAJ continuously reassess business risk in the light of ever changing threats.
Implement Secure Architecture: To implement technical and associated procedural security protection measures to the business risk, will provide a secure operating environment for the process control systems. Based on the assessment of the business risk, we select and implement technical, procedural and management protection measures to increase the security of process control systems.
Establish response capabilities: This is done to establish procedures necessary to monitor, evaluate and take appropriate action in response to a variety of security events. Threats to the security and operation of process control systems develop and evolve over time and therefore we undertake continuous assessment of process control system security.
Improve Awareness and Skill: It ensures increased process control security awareness throughout the organisation and personnel have the appropriate knowledge and skills required to fulfil their role. We initiate understanding through general awareness programmes, education and by increasing skills through training.
Manage Third Party Risk: It is to ensure that all security risks from vendors, support organisations and other third parties are managed. The security of an organisation’s process control systems can be put at significant risk by third parties. Therefore we engage with third parties and take appropriate steps to reduce potential risks.
Engage Projects: It is to ensure that all projects and initiatives that may impact the process control systems are identified early in their life cycle and include appropriate security measures in their design and specification. We identify and engage all projects that have process control systems implications at an early stage of their development.
Establish Ongoing governance: It is done to provide clear direction for the management of process control system security risks and ensure ongoing compliance and review of the policy and standards. Our effective governance framework provides clear roles and responsibilities, an up-to-date policy and standards for managing process control security risks, and assurance that the policy and standards are being followed.