Reporting and feedback channels
Review and update channels for effective and prompt communication of cybersecurity information between stakeholders.
Evaluation indicators
Establishing relevant and measurable indicators for assessing compliance with the Network and Information Systems Security Policy. Security performance reporting will be defined and key indicators for management will be established.
Evaluation method
Defining a method for assessing compliance indicators.
Assessment and audit procedure
Establishing a rigorous procedure for assessing NIS compliance and performing security auditing, ensuring ongoing compliance and prompt identification of security issues.

Identifying critical business functions . This is the first step in BIA and involves understanding the various functions and processes that are vital to business operations.
Impact assessment. After identifying critical functions, the next step is to assess the potential impact of an outage. This involves assessing the direct and indirect costs associated with the disruption of these functions.
Identifying dependencies. Dependencies between various processes and business functions must be identified to understand how an outage can affect other processes.
Establishing recovery priorities. Once critical functions, impacts, and dependencies have been identified, the next step is to prioritize recovery.
Instrumenting the integration of BIA into business continuity and disaster recovery plans. BIA results are critical to developing effective business continuity and disaster recovery plans.

IT and ICS Inventory. Building IT and ICS Scada inventory lists and integrating them into the CMDB.

Information system architecture. Assistance in building the physical and logical model of the information system architecture for essential services, including the inventory of information system configurations (components, versions, interactions).

Information flows. Analysis of information flow in systems, identification of weak points and potential vulnerabilities.

Technical configuration and security. Assessing the security of existing IT systems, ensuring compliance with security best practices.

Vulnerability analysis. Consolidate information from security testing, IT configuration analysis, and non-conformances to best practices, resulting in a comprehensive vulnerability inventory.

Threat modeling and risk assessment. Assessing potential threats, calculating probability and impact, and building the risk register for all departments.

Risk management. Implementation of the risk management procedure and existing process requirements in the company.

Analysis of contracts with third party suppliers. Reviewing contracts to clarify services offered, service levels, cybersecurity obligations and penalties for non-compliance.

Evaluation of technical responsibilities of suppliers. Reviewing the technical obligations, verifying the competences and evaluating the security mechanisms of the suppliers to ensure their contribution to the security of the organization.

Risk report associated with external suppliers. Creating a detailed report that identifies and assesses the risks associated with each supplier, including a list of potential risks and assessment of their impact and likelihood.

Stakeholder relationship analysis. Assessing risks from relationships with partners, customers, regulators and other entities in the organization's ecosystem.

List of service agreements and audit mechanisms. Develop a list of all Service Level Agreements (SLAs) and review audit mechanisms for networks and IT systems.

Individual risk analyzes for suppliers. Carrying out individual risk analyzes for each supplier, depending on the complexity of the relationships and the level of risk, to effectively manage specific risks.

Information inventory. Carrying out a complete inventory of information in the organization, covering all types and formats (digital and analog), and all departments.
Allocation of the level of secrecy. Classification of inventoried information according to the classification procedure, determining the necessary protection measures for each classification level.
Implementation of labeling measures. Application of classification labels through technical and organizational measures, including the use of information management systems for automatic labeling.
Information support protection. Providing guidance on appropriate security measures, such as data encryption and access control, to protect media against unauthorized disclosure.
Collection of information. Interviewing heads of departments and divisions to gather details about the types of information held and its use.
Centralization of information and levels of secrecy. Creating a centralized inventory of the types of information and their levels of classification after data collection is complete.
Recommendations for protective measures. Issuing recommendations for the implementation of technical and organizational protection measures, such as data loss prevention (DLP) systems, access policy improvements and other security technologies.

Inventory of identities. Complete review of digital identities, including users (employees, partners, customers), systems accessed and rights associated with each identity.
Access rules. Defining and implementing access policies to regulate access to resources, ensuring that users have access to only the resources necessary for their tasks.
Remote access. Analyzing and implementing secure remote work access solutions to critical systems using technologies such as VPN, multi-factor authentication and other security measures.
Privileged accounts. Careful management of privileged access accounts, analyzing and recommending solutions for their management, including activity logging and monitoring, periodic review of access rights and implementation of additional controls (IGA, PAM, SSO, Secrets Management).
Digitized approval flow. Create and implement a formal process for requesting, approving and reviewing access to resources, documenting and approving each access request by an authorized officer and regularly reviewing access rights.
Checking for changes to privileged accounts. Implementing organizational and technical measures to monitor and alert on unauthorized or suspicious changes to privileged accounts, including logging and analysis of logs and automatic alerts for unusual activity.
Digitization of operations. The selection of technologies that help digitize operations resulting from operational procedures.

This essential chapter addresses protecting and streamlining computer systems by defining network architecture, analyzing firewall settings, managing encryption keys, and establishing security standards. Our services include:

Defining the network architecture. Implementing a network architecture for effective segmentation and segregation of critical resources to limit the risk of exposure to threats and minimize the potential impact of security incidents. This involves identifying critical resources, designing the network to separate them, and implementing the necessary controls.

Reassessing network segregation. Evaluation of current network segregation methods, especially for SCADA environment, to ensure effectiveness and identify possible improvements.

Analysis of firewall settings. Reviewing and optimizing current firewall settings to ensure adequate protection of networks and IT systems.

Management of encryption keys. Implementing procedures for generating, using and tracking encryption keys, including lifecycle management and protection against unauthorized disclosure.

Definition of security standards (baselining). Establishing a security baseline for all IT elements that support critical processes, handling exceptions and defining operational flows. Assessing a maturity model according to international standards (ANSI/ISA, ISA-62443, NIST SP 800-53) and creating a roadmap for alignment with these standards, both operationally and technically. We provide consultancy for the selection of technologies, rethinking the architecture and the effective implementation of technical solutions.

Consulting for the digitalization of operations. The selection of technologies to facilitate the digitization of operations resulting from operational procedures, for increased efficiency and security.

Security exception management and patching verification. Implementation of security exception management and verification mechanisms for patching activities. Our services include:

Consulting on defining workflows for vulnerability scanning and detection. Assess existing IT and SCADA infrastructure and use advanced scanning tools to identify vulnerabilities. We provide recommendations for setting up and running scans, analyzing results, and identifying weaknesses in security systems.

Vulnerability Prioritization Consulting. Assess and prioritize identified vulnerabilities, taking into account severity, potential business impact and cost of remediation. We help the organization establish an order of priorities in addressing vulnerabilities.

Exception Handling Consulting. Assist in handling exceptions when fixing a vulnerability is not feasible or practical. This involves assessing and accepting the associated risks, applying compensatory measures or reallocating resources to address other vulnerabilities.

Mechanisms for verifying patching activities. Establishing and implementing effective mechanisms for verifying the correct application of security patches, ensuring that all systems are up-to-date and protected against threats.

Assessment of present abilities. Using lessons learned from responding to a wide range of threats, Sectio Aurea consultants assess your organization's ability to manage specific threats and provide the guidance you need to make practical and meaningful improvements. We use a combination of activities such as reviewing existing documentation, analyzing logging configurations, deep-dive workshops, table top exercises and simulated testing of existing security measures to rigorously review and validate your organization's cyber defense capability , from the perspective of critical areas of incident response:

Defining SOC operational processes : Creating a SOC involves defining a set of standardized operational processes to ensure an efficient and effective response to security events. These processes include constant network and IT systems monitoring, security event detection and notification, security incident assessment and escalation, incident containment, evidence collection and handling, identifying attacking hosts, threat eradication, security incident recovery and closure, Sessions of Follow up.

Development of Recovery Strategies. This involves identifying and developing strategies and technical solutions for restoring critical business functions and operations following a disaster.

Defining some Implementation Plan. This is a detailed set of instructions and procedures that describe exactly what needs to be done, when and by whom, in the event of an incident. It should be detailed enough that anyone with basic knowledge will be able to implement the plan.

Defining Roles and Responsibilities. This section details who is responsible for what during and after an incident. This should include emergency contacts as well as a list of each person's responsibilities.

Defining test and update plans. It shows when and how the plan will be tested to ensure its effectiveness, and when and how it will be revised and updated.

Definition of Training and Outreach. It details the training and awareness programs designed to ensure that personnel are aware of the plan and are able to carry out their responsibilities in the event of an incident.

Definition of operational Annexes. This will include any other relevant information such as evacuation plans, equipment lists, copies of important contracts, network diagrams, checklists, etc.

Together, these components ensure that the organization is prepared to deal with a disaster and can return to normal operations in the shortest possible time.