Assistance RSSI
en charge de SI industriels
CISOs in charge of industrial system (OT) security need to rely on independent advice from suppliers. Reap the benefits of Bock Conseil’s 10 years of experience with OT security programs designed for sites or groups. The potential range of assistance covers all program aspects: project team, skills, budgets, master plans, risk assessments, security measures and cost/benefit analyses.
Assisting with developing
offers and skills
Would you like to develop a service offer for which new skills are necessary? I can advise and assist you throughout the process so you know which choices are right for you. Whether integrating specific aspects or taking a more holistic approach, I will help the collaborators working on your projects with a view to enhancing their skills and autonomy.
Securing
industrial networks
The main aspects of technical work aimed at securing industrial networks focus on the underlying architecture. While management IT networks are secured by antivirus programs on terminal systems, these programs are not designed to protect industrial networks, sensors, automatons, etc.
For that reason, networks need to be mapped out to identify weaknesses and to devise project plans and security improvements, e.g. by segmenting networks.
Maturity assessment
and risk analysis
On your industrial site, I will conduct a 360° diagnostic assessment of the situation, including organization, responsibilities, networks, equipment, rules, authentication, technical resources in place, etc. During my assessment, I will primarily focus on cybersecurity, industrial security and physical security, based on various reference frameworks (27002, 62443, ANSSI detailed measures, Military Programming Law) and using a tool that I myself developed.
Defining security targets, architecture rules and reference frameworks
Over and above the mandatory reference frameworks, many industrial sites wish to develop rules that are more adapted to their own constraints and market realities. I will pilot your projects on behalf of industrial IS security managers and will ensure that the stringent requirements set out in these reference frameworks can be met on your sites in terms of costs and implementation.
MS Windows systems security
Requirements and technical clauses regarding Windows servers, workstations and Active Directory
Assistance with integration
and prime contractors
I will help you as you bring your projects to completion, including interpreting client-provided specifications, defining measures, providing guidance on technical choices and communicating with clients. My goal is to develop in-house knowledge with a view to facilitating the transfer of skills to collaborators you have identified within your company.
Assistance with general contractors
I will help you to formulate the needs you communicate to your service providers by means of clause lists, drafting needs/requirements and defining tests.
Defining strategies
and security policies
I will help you to define and implement the strategies and security policies for all your industrial sites, in particular by drafting IT security charters tailored to your sites and requirements. I can also provide you with information on the impact of your desired measures to ensure implementation feasibility.
Training
and skills transfers
I work with industrial clients seeking to discover the world of cybersecurity or with chief information officers needing to understand and integrate industrial constraints, either in customized in-house training sessions or with training companies such as Orsys (providing cybersecurity training for clienteles with prior training) or the IRA (various clienteles). I also regularly take part in conferences held in conjunction with trade shows and professional seminars.