CYBERSECURITY RISK ASSESSMENT PROVEN PROCESS WHAT UNSEEN DANGERS ARE LURKING BELOW THE SURFACE AT YOUR PLANT? Ao p ce yr ab tei rosnesc. uAr ictryu cr ii as kl e al esms eesns tmoef nyto up rr oOt pe ce trsa t yi oonuar l Tc reict hi cnaol l oi ngfyr a( sOt Tr u) csteucruer ibt yy sut rnactoe vgeyr, icnygb etrhsee cgurrei at yt easst s et hs sr me aet sn t tsor eyvoeuarl gaps, help you make informed decisions, and protect the lifeline of your manufacturing facility.
CYBERSECURITY RISK ASSESSMENT PROVEN PROCESS YOUR GUIDE TO A SUCCESSFUL CYBERSECURITY ASSESSMENT
SITE ASSESSMENT 1-5 days on-site | 3-4 weeks total
DISCOVERY 1-2 weeks
Proposal
Project Scope
Client Request
Kickoff
ANALYSIS 2 weeks
On-Site Prep
On-Site
Drafted Report
Review
T
RESULTS 1 week
Final Documents
Remediation Next Steps
2
712.722.1662 | www.interstates.com |
WHAT TO EXPECT YOUR GUIDE TO A SUCCESSFUL CYBERSECURITY RISK ASSESSMENT YOUR ROLE Your involvement keeps the project moving. Here are a few things we’ll need from you as we move through the process: 12 .. WK eoyr ks t wa f if t wh iul ls nt oe esdc ht oe dbuel ea vt ahiel aobnl e- sfi ot er ci ny tbeerrvsieecwusr iat ny dr ims ke ae st isnegsss m e n t 34.. PPrroovviiddee rfaecqiulietystaenddtescyhstneimcaladccoecsusmaesnnteseadnedddiagrams and a facility site plan if available 5. Provide workspace to Interstates while on-site 6. Save final documents for future use WHAT YOU WILL RECEIVE Over the course of your project, you can expect to receive: 1. Weekly status reports and project schedule updates via Microsoft Teams 2. Initial findings report after the site visit 3. Recommendations to address vulnerabilities prioritized by risk/impact following the site visit
CYBERSECURITY FRAMEWORK
T
Interstates cybersecurity risk assessments follow the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) standard, which is a voluntary framework designed to reduce cyber risks to critical infrastructure.
3
712.722.1662 | www.interstates.com |
Your involvement throughout this process is important! Projects have the best outcomes when both parties are involved. CYBERSECURITY RISK ASSESSMENT PROVEN PROCESS YOUR GUIDE TO A SUCCESSFUL CYBERSECURITY RISK ASSESSMENT
DISCOVERY PHASE
You’ll receive a proposal for a cybersecurity risk assessment.
PROJECT SCOPE
CLIENT REQUEST
PROPOSAL
KEY STEPS I Request Quote I Share Project Details
KEY STEPS I Scope Project I Send Documents
KEY STEPS I Review Proposal
I Approve Funding Or envci ee wt h iet pwriot ph o ys aolu .i sWree aedny,c oouurra gtee a ymo uw ti lol cwoonut ladc tl iukse attoa nmyatki me ce hwa int gheqsuteos tt ihoen sp or or pi foysoa ul . Wn ehe ednt oy or eu t ua rr en raesaidgyn et od pmroovpeo sf oa rl wa na dr da, yPoOut’ lol us.
Yc yobue’ rre- rel ol aotkeidn gr i tsok s b eatntde r auren d ei nrtset arensdt e dyo ui nr lwe ae rrnei cnegi vme oyroeu ra br oe qu ut ehsot w, o wu re t ce aa nm hwe li pl l . rOe na cc he out to learn more about your project.
Ay of tuerr cwy eb eur ns edceur rs ittayn dr i stkh ea sgsoeaslssmyeonut , hwa vee wf oi lrl wn eoerdke dwfiot hr t hyeo up r ot op ocsoalll.eOc tn caenwy e i hn af ovrema al lt ti ohne ipnrfoopromsaatli.on we needed, we’ll develop your
4
712.722.1662 | www.interstates.com |
SITE ASSESSMENT PHASE CYBERSECURITY RISK ASSESSMENT PROVEN PROCESS
While we are on-site, you’ll receive daily recap emails with a plan for the next day. At the end of the site visit, you’ll receive a post-assessment recap of the findings.
KICKOFF
ON-SITE PREP
ON-SITE
KEY STEPS I On-site Kickoff Meeting I Site Tour Upon arriving on-site, we first like to ma seseets s mw ietnht kaepyp ropaecr hs o, nanreeal st oo f driesvciuesws, oo uu rr e m v i i s d s e in n g ce- d g o at c h u e m ri e n n g tat p io r n o , ces a s n , d d r is e c v u ie s w s a t n h y e psirtoejteocut rtitmoegleint efa. Fmriolmiarthweirteh, twhee’dfalciikleitya. brief
KEY STEPS I Complete On-site Work & Record Findings I Client Wrap-Up & Recamp of Findings Or encceei vwe de ’ rdeo sc eutmt l ee nd tisn, ,rwe qeu’ l el rs et vaicecwe sasntyo n e w l y st oy sstwe mi t cs h teos troe vdi oe ww n cl ooandf i gc ou nr af itgi ounr as ,t i oc on ns naencdt passively capture network traffic from the sgwe ti tac hbeest t. eWr eu’nl ldienrtsetravni edwi n gv aorf i po ur os cpe sasr et ise sa nt do pB ee rf of or reml e aa vmi nogryeoiunr- df aecpitl hi t yt,owu er ’ lol fptrhoev ifda ec i yl iot yu. wthietmh easrweceaipdeonftoifuierdf.indings and the major
KEY STEPS I Schedule Site Visit
I Prep for Site Visit It fh ayt o uy ohua viedne’nt t iaf yl r e awdhyo, wwei’ ldl rbeec o mo nm etnhde a ro ss le e s s : smAs e s n e t ss t m ea e m nt . T C e o a n m sid L e e r ad t , he As f s o e l s l s o mw e in n g t EI &nEg i Lneeaedr s, ,a nPdl aSnatf/eSt yi t eL e aMda. nWa eg ewr, i l l Csocnhterdoul sl /e at h ke i cpkroofpf oms ae le, t idni gs c fuosrs btohteh pt er oa jme cs t t os c rheevdi ue wl e at hned stiht ee vl ii ss itt ,oaf nddo sc cuhmeednutlse nt heee dsei tde pv irsi oi tr. Tt oo pclrieepnat rdeocfourmtehnetasittieonv.isit, we will review all
5
712.722.1662 | www.interstates.com |
CYBERSECURITY RISK ASSESSMENT PROVEN PROCESS
ANALYSIS PHASE
You’ll receive the first draft of the cybersecurity risk assessment report.
DRAFTED REPORT
REVIEW
KEY STEPS I Develop Report I Send for Review
KEY STEPS I Hold Review Meeting
I Discuss Findings You’ll meet with us to review the report layout, discuss the findings, and go over our remediation recommendations. This meeting is your chance to understand, ask questions, and make comments on the first draft of the report.
Approximately two weeks after the conclusion of the site visit, we will provide a first draft of the report. Included in the report are tsht aenadraeradss i, na tphrei of ar ci tiil zi teyd t hl i as tt mo f erteoc ro md imd ennodt amt ieoents eaxnpde cat ecdo ps ey coufr iat lyl gathered data, observations, notes, and findings. This report is peer-reviewed to give you a thorough, comprehensive assessment. We’ll distribute the first draft of the report so you can read it before the review meeting.
6
712.722.1662 | www.interstates.com |
CYBERSECURITY RISK ASSESSMENT PROVEN PROCESS
RESULTS PHASE
You’ll receive a NIST Cybersecurity Framework (CSF) based cybersecurity risk assessment report.
FINAL DOCUMENTS
KEY STEPS I Discuss Additional Needs Or eupropr ta. rWt nhe er st hh ei pr dy oo ue s’ rne’ tf ohcauvseetdo oenn df i xoinncge twh ee ’avreeda es l oi vfegrreeda tt he set f ri ni sakl icnybtehreselecausrtittyimsteraatengdy,cwosetcoarn lhoeolkpi.ng to completely revamp your REMEDIATION NEXT STEPS ( Optional )
KEY STEPS I Finalize Report I Receive Final Documents
We’ll update the cybersecurity risk assessment to reflect any requested changes or comments from the review meeting. A member of our team will send you the finalized version. This isnefcourrmi tay,t iroi snk we xi lpl oasl luorwe aynodu otvoemr aal lksey si nt ef omr mc oendddi tei oc ins.i o n s r e g a r d i n g
7
712.722.1662 | www.interstates.com |
Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7Powered by FlippingBook