Secureitlab uses and follows internationally formulated and accepted standard of CPNI to conduct a SCADA security assessment. CPNI's recommendations for process control and SCADA security are essentially contained within the below eight good practice.
Only with a good knowledge of the business risk can an organisation make informed decisions on appropriate levels of security and required improvements to working practices. Processes must be established to continuously reassess business risk in the light of ever changing threats.
Based on the assessment of the business risk, organisations should select and implement technical, procedural and management protection measures to increase the security of process control systems.
Implementing security mechanisms across process control systems is not a one off exercise. Threats to the security and operation of process control systems develop and evolve over time and organisations should therefore undertake continuous assessment of process control system security.
A holistic approach to security includes technical, procedural and social appreciation – the success of any technical or procedural security protection measure is ultimately dependent upon the human component. Employees are both the most important resource and the biggest threat to security.
The security of an organisation's process control systems can be put at significant risk by third parties, for example, vendors, support organisation and other links in the supply chain, and therefore warrant considerable attention.
Formal governance for the management of process control systems security will ensure that a consistent and appropriate approach is followed throughout the organisation. Without such governance the protection of the process control systems can be ad-hoc or insufficient, and expose the organisation to additional risks.