IT & OT Cybersecurity
Threats coming from external actors to misuse connected systems are growing rapidly and require methodologies, technics and competences to be tackled efficiently. More and more operational system are highly automated and subject to being hijacked and posing risks to public safety.
While traditional enterprise network environment (IT) are more mature from the perspective of cyber security, industrial network and their connected systems (OT) might requires different approaches for reducing even more potentially critical impact of cyber-attacks.
New directives, regulations and laws are nowadays considering cyber risks as one of their new foundations, therefore improvement of organization practices, as well as totally new “way-of-working” related to them are becoming non-negotiable.
Despite the important differences between environment specificities, conditions and constraints, a similar mindset is required to efficiently tackle and reduce cyber risks to an acceptable level.
Holistic & pragmatic approach as a common criteria
Cybersecurity is not only a matter of strong technologies. Basic principles pushes organization to consider weakest links as priorities therefore human factors and operational processes are both considered as potential source of threats, as well as countermeasure domain
- Example: Exploitation of human weaknesse through phishing campaign is a threat, while awareness and training programs for employees are considered as countermeasures for reducing risks
Cybersecurity as a cross-industry challenge
Whether organizations are working as a product supplier for the healthcare industry, integrating safety-critical systems for the automotive sector, or operating a critical infrastructure in the energy business, cybersecurity remains a priority. CertX Cybersecurity Team has the advantage to work horizontally across multiple domains for benefitting from a broad expertise about best security practices, even considering sector-specific constraints.
- Major sectors: Automotive, Railway, Aerospace, Healthcare / Medical Devices, Energy, Industry 4.0
- Major regulatory references: UN ECE R155/R156, EU-MDR. EU-NIS-EU-RED, GDPR
- Major standards: ISO 27K series, ISA/IEC 62443 series, ISO/SAE 21434. TISAX, ISO/IEC 15408 (Common Criteria), NIST Cybersecurity Framework, EUROCAE ED-20X
For more info, feel free to have a look on our industry-specific pages.
A broad service portfolio for tackling end-to-end cybersecurity needs
For supporting customers for implementing best security practices, and ultimately comply with State-of-the-Art methods, CertX Cybersecurity Team provide a bench of services for accompanying organizations on their roadmap for secure development and operations, based on four streams:
- Awareness & education for preparing your team to apply best security practices
- For more info, feel free to have a look on our training page.
- Compliance check & certifications for evaluating you current products and/or processes, and validate them according to international references
- Technical evaluation & testing for challenging your products and/or infrastructure against attack attempts
- Supporting services for accompanying your team on the right path for implementing best security practices