Proactive Approach to Incident Response. Part 3 – Establishing OT Security Baseline
Establishing OT Security Baseline
Baseline is the minimum-security requirements needed for the OT environment to be sufficiently protected from threats and vulnerabilities and at the same time being able to work efficiently and effectively.
A good place to start working on a baseline is to take stock of your OT assets – you can only protect something you know you have. There are two approaches you can take to OT security. One is the maturity-based approach which means building the highest level of defence around everything. The other is the risk-based approach which optimises defensive layers of risk-reduction and cost. According to studies, the risk-based approach is nearly three times cheaper. The fundamental first step to this method is for the risks to be identified and assessed by vulnerability assessment to identify inherent vulnerabilities. Once the vulnerabilities have been identified, a scenario-based risk assessment is done to find the highest risks facing the OT environment and deciding which issues must be resolved in first instance. Establishing the status of the OT environment is the starting point for setting up the right security solution. Another important step in the process is compliance with security standards for guidance as it makes the implementation of security programs more effective and straightforward.
After the assessment phase the implementation of tools to achieve end data protection, host intrusion detection, sensor deployment or log aggregation can take place. They will contextualise events down to the specific location so they can be detected and responded to in a timely manner.
The next article will cover the importance of practicing your IR plan.
Do you require help with assessing your
OT Security Baseline?
If you would like advice on establishing a Security Baseline for your IT / OT environment, have questions regarding a Proactive Incident Approach for IT and OT solutions or would like us to provide training for your IT /OT teams, please contact SEQRED, we will be happy to help.
SEQRED specialises in providing tailored cybersecurity solutions for companies big and small. Our services cover Critical Infrastructure Protection, Security Audits, Penetration Testing or Threat Intelligence amongst others. For a full list of our services visit our website – www.seqred.pl.