Cyber Security Assessment Services

RIoT Solutions capabilities in Cyber Security are particularly relevant.  The risk levels for network connected systems in critical environments has never been higher – with threats ranging from disgruntled employees and hacktivism to nation states, and even commercial espionage. Therefore, active validation through Cyber Security assessments and testing of ICS environments (whilst taking potential risks of such testing activities into consideration) is an important task in ensuring secure deployment and operations of critical assets, safe working environment for staff and reliable supply of essential services to the community.

Organisations should consider undertaking Cyber Security assessment when:

  • This activity has not previously been conducted and thus the vulnerabilities in the environment may not be known
  • Prior to deployment of a new system and/or solution
  • Prior to roll-out of any significant changes to either applications or infrastructure
  • At scheduled, regular intervals as part of Vulnerability Management Program
  • As specified by compliance requirements, where applicable

Once the target systems’ scope and appropriate Rules of Engagement are agreed with the customer, RIoT Solutions consultants will assess the security of the in-scope infrastructure, including perimeter security controls, network segregation restrictions, devices, hosts and applications to determine the target environment’s susceptibility to external threats and attacks by malicious insiders or malware infections.

Our capabilities in the cyber threat risk assessments area extend to:

  • Vulnerability assessment and analysis (via passive and/or active approaches)
  • Penetration testing (in a test lab environment, prior to ICS solution going live or on systems taken off-line for maintenance/upgrades)
  • Security configuration reviews against industry standards and best practice guidelines (NIST Special Publications, SANS, NSA/CSS, CIS, CPNI, DHS, etc.)
  • Reviews and/or development of ICS security management program framework (alignment with IEC 62443, NIST Special Publications, etc.)
  • Physical security reviews of control centres, plant operations and remote field stations

Our experience covers all areas of security and risk assessments of critical infrastructure consisting of potentially fragile network-connected such as Real-Time SCADA and other devices deployed within healthcare, transportation and energy supply industries and we are one of the few organisations that offer resources with ICS/SCADA security specific training and certification.

RIoT Solutions consultants have attained the Certified SCADA Security Architect (CSSA) qualification, attended a diverse range of ICS security focused training courses and conferences in Europe and USA, and have provided critical infrastructure security assessment services to many Queensland organisations that operate and/or build critical infrastructure systems.

Some of the other, relevant security industry certifications include:

  • Certified Information Systems Security Professional (CISSP)
  • Cisco Industrial Networking Specialist
  • SABSA Chartered Architect at Foundation Level
  • Certificate of Cloud Security Knowledge (CCSK)