Government standards and mandatory requirements are increasingly part of the business landscape to protect consumers.  These mandates are often developed by experts and give little consideration to the ability to understand what they are requiring or how to even start the process.

Assessing your environment is the starting point for any cybersecurity initiative, and every business should conduct an evaluation of their systems to measure how well it conforms to desired security criteria.  Assessments are the baseline from which an organization can know where to start the process of better securing their environment.  With these baselines, we know where you are starting from and what you need to get to where you want to be. 

With these two pieces of information, we can also develop the plan to start the process.

There are three main types of security diagnostics.

  • Security assessments measure an information system’s performance against a list of criteria.
  • A vulnerability assessment is a network-based test to detect potential security weaknesses.
  • A risk assessment covers different risk events along with the likelihood and impacts to the system if they occur. 

Each has their purpose and, when combined, provides a good account of the system’s overall security posture.

CMMC Core Maintenance Packages by Duffy Compliance Services

Duffy Compliance Services follows a strict security assessment plan to ensure the tests and results are consistent and can be updated.

Special Consideration for Operational Technology (OT) Systems

OT systems were not designed with cybersecurity in mind. With the availability of low-cost networked devices, OT components (e.g., Industrial Control Systems (ICS), Supervisory Control And Data Acquisition (SCADA), and Distributed Control System (DCS)) are moving away from physically separated solutions to improve usability and provide more responsive systems such as with Industrial Internet of Things (IIoT).  However, with these new features comes an increase in cybersecurity risk and vulnerabilities.

This IT/OT integration supports new capabilities with significantly less isolation for ICS from the outside world.  This creates a greater need to understand and assess the security of both systems.  Most security solutions have been designed for IT security issues. Therefore, additional detail must be considered when assessing the OT environments. In addition, any new security solutions will likely need to be tailored to the OT environment.

Interested in learning more?

We help you navigate through regulatory compliance by removing the stress of the unknowns. We make sense of complex cybersecurity and compliance jargon and create best practices for you.

Contact Duffy Compliance today.

We can help as a Fractional Compliance OfficerCUI complianceCMMCCyber Security Awareness TrainingSupplier Performance Risk System (SPRS) Consulting, and more. We have several decades of cybersecurity and compliance experience in Maryland, the Greater Washington DC area, and beyond.