Cyber Security Management System
Introduction: These are the systems used by an organisation to manage its cyber security activities to ensure a Systems security posture is maintained. The purpose of the CSMS is to ensure that all aspects of security are managed to an appropriate level and meet the requirements of the UK NCSC cyber assessment framework, A - Managing Security Risk, B - Protecting against cyber attack, C - Detecting cyber security events and D - Minimising the impact of cyber security incidents and to assist with an organisations ALARP demonstration against OG-006
Application: Existing systems are first reviewed systematically through our CSMS gap analysis process to identify and prioritise gaps. The CSMS is then developed against the requirements of the UK NCSC cyber assessment framework (OG-0086), A - Managing Security Risk, B - Protecting against cyber attack, C - Detecting cyber security events and D - Minimising the impact of cyber security incidents utilising information and processes from NIST SP 800-82, IEC 62443 and ISA TR84.00.09 and ProSalus’s suite of polices, process and procedures previously developed for clients. With respect to operation security the CSMS forms a part of the Process and Functional safety management suite of documents and includes the roles, responsibilities and competency requirements for the individuals who manage and support the CSMS process as well as interact with it. The CSMS is a key element of an organisations security posture and provides evidence of OG-0086 ALARP demonstration.
Services: ProSalus has assisted a number of our clients in developing bespoke CSMS and training to enable the client in developing a cyber security conscious workforce and assisting in providing supportable competency for all levels of the organisation.