Home / Segmented / Audit and consulting

Audit and consulting

This section provides content of interest to professionals who understand and audit legal and regulatory compliance in cybersecurity, risk management, internal policies management and compliance, or are responsible for internal training in cybersecurity.

secure remote access in ICS

Secure remote access in ICS

Posted on 03/04/2021, by INCIBE
With the arrival of industry 4.0 to companies’ productive processes, including IIoT and Cloud, the need to control and monitor the ICS that remotely make them up arises. However, said access points should be established securely and in a controlled manner, mainly due to the criticality of these assets. This article discusses good practices, tools and methods that can be used to establish remote connections to OT networks as securely as possible.
Tags: 
Best practices
Cloud computing
Critical infrastructures
Data protection
Firewall
Identity management
IIoT
Industrial Control System
Services deployment
Virtualization
Wireless
dangers of drones in industrial settings

Dangers of drones in industrial settings

Posted on 01/21/2021, by INCIBE
The attacks on the Saudi Aramco oil refinery have highlighted the vulnerabilities of these plants against physical attacks using drones. There’s a wide variety of physical and cyber attacks that use drones, from launching explosives, to capturing images, invasion of privacy or taking screenshots of Wi-Fi traffic, so companies should take new defense measures in order to protect their assets
Tags: 
Critical infrastructures
Incident
Industrial Control System
IoT
Legal compliance
Threats
GOOSE

Security in the GOOSE protocol

Posted on 08/06/2020, by INCIBE
After the articles “IEC 61850 Standard, all for one and one for all” and “Multicast security in IEC 61850”, it is useful to add more information about the cybersecurity guidelines set out in the IEC 62351 standard with respect to the GOOSE protocol. An explanation will be made of the operation of the protocol, the weaknesses it presents and the appropriate security measures to protect it against possible attackers.
Tags: 
Critical infrastructures
IIoT
Industrial Control System
Industrial protocol
Policies
IMC ANTICIPATING

ANTICIPATING: one of the four goals of cyberresilience

Posted on 06/11/2020, by INCIBE
Anticipating is one of the four aims of cyberresilience. It consists of maintaining a state of informed readiness, in order to prevent essential services from being compromised in the event of a cyberattack. To measure the objectives of this aim, its three functional domains are analysed: cybersecurity policies, risk management and cybersecurity training.
Tags: 
Best practices
Critical infrastructures
Policies
Studies & stats
Preventing the leaking of information in ICS

Preventing the leaking of information in ICS

Posted on 05/28/2020, by INCIBE
Exfiltration of data, or information leakage, poses a threat to all companies throughout the world. It is important to know the possible ways information can get out to control them and avoid a loss of information in our organisation. Since in industry the most important factor is availability, this threat has to be put into perspective.
Tags: 
Bastioning procedures
Best practices
Continuity
Data protection
Incident
Industrial Control System

Pages