This compliance-based review gives you an overview, from any location, of your current cyber preparedness compared to relevant good practice guides.
The review provides an understanding of potential gaps and prioritises the remediation activities which should be undertaken. This activity can be done as a precursor to a more in-depth review or formal audit. We gather initial information via questionnaire from a number of your business areas prior to a site visit.
What we provide
A report to review and address:
- Your cyber security plans and arrangements and the assigned roles and responsibilities for cyber
- The current approach in relation to risk assessment and its management, and how residual risk is documented within your organisation
- The current approach on personnel training, on-board vessels and at the headquarters
Cyber Maturity Review
This in-depth assessment looks at the cyber maturity of your organisation. You will benefit from understanding the risks and potential business impacts of non-compliance with international regulations and industry guidelines. You will understand any gaps in your cyber resilience posture and possible measures to mitigate the risk. The assessment is conducted through consultant-led workshops to provide the best exchange of information and value for you.
What we provide
An in-depth report reviewing your organisations' security posture, including how you address the following:
- Threat and vulnerability management
- Risk assessments of core assets
- Continuity and change management
- Training of all staff, including those responsible for cyber security
- An assessment against Tanker Management Self-Assessment (TMSA3-13) and BIMCO requirements for vessel and shore-based locations (as required)
Cyber Resilience Remediation Support
We offer remediation support by providing policies, templates and guidance on risk assessment. This helps you achieve compliance to relevant good practice guides, including Tanker Management Self-Assessment (TMSA3-13) and BIMCO requirements.
What we provide
- We supply a set of policies, templates and support, where required, to address the risks as identified in your risk assessment. This support is tailored to suit the operational model of your organisation.
- This is a remotely-delivered service, giving you easy access to support from an Information Assurance professional who will guide you through the essential policies and procedural elements.
Information Technology Security Health Check
We reveal your systems' vulnerabilities which would be visible to a malicious attacker. These health checks (penetration tests) enable counter-measures to be taken to make systems more secure.
What we provide
- A report and optional presentation on the output from the tools and manual tests on any reported vulnerabilities, helping to avoid false alarms.
- We use a wide range of tools to test for vulnerabilities. These include both general and product-specific vulnerability assessment tools. Automated tools are used to increase the efficiency of the information-gathering phase, combined with thorough and effective manual test tools.
- We assess your organisation's specific needs to ensure that the Security Health Check is tailored to your cyber system requirements.
Cyber Threat Check
This check provides a snapshot of the threats to your enterprise, giving you actionable intelligence by combining tactical information with a wider threat intelligence picture from a variety of sources.
What we provide
We combine your system data, our own monitoring systems and services, and open-source intelligence to form a snapshot of the threat landscape for your organisation, including:
- Real attack information collected from systems and networks
- Threat intelligence data showing trends in campaigns, attacks and vulnerability exploitations
- Technical threat information
How we do this
We focus on key interfaces for analysis such as external internet connectivity and the IT-OT (operational technology) interfaces that might allow a remote attack against on-board systems. Our analysis is based on:
- A library of network attack signatures working with our proprietary advanced behaviour anomaly detection engine, including rules tailored to specific enterprise threat analyses
- A targeted view of campaigns and attacks tailored to particular business sectors
- Open-source threat intelligence harvested from a wide variety of web and social media sites
Vessel Cyber Security Compliance Assessment
This service determines a ship’s compliance against the relevant good practice guides, with emphasis on Tanker Management Self-Assessment (TMSA3-13). The compliance audit-based approach determines the effectiveness of a ship’s security measures, policies, procedures and preparedness for cyber-related incidents. We can also tailor the assessment approach for other good practice guides, including BIMCO, CLIA, INTERCARGO and the ISO 27001 standard.
What we provide
- Compliance assessment against the relevant standard or industry guidelines
- Ship’s cyber security policies and procedures, for example, access control policy, anti-virus policy, and back-up policy
- Mapping of connected operational technology (OT) and IT assets
- On-board measures developed to mitigate and respond to all identified threats to a ship, such as CCTV, physical access, firewalls etc
- Cyber security risk awareness training
ISO 27001 Information Security Management System Sample Audit
We help you remain knowledgeable and compliant with cyber security regulations. Where information security management system documentation exists in line with ISO 27001, we perform compliance audits to check that your documented processes and procedures are being implemented at the operational level, and adhered to, as directed by policy.
What we provide
- We use professionally-trained BSI (British Standards Institution) ISO 27001 Lead Auditors to undertake the audit activity, which is in compliance with the Oil Companies International Marine Forum (OCIMF) guidance.
- The scope and duration of the audit is designed to suit your specific needs and, where required, follow up auditing from previous findings to ensure those observations have been closed. We work with you to ensure a representative sampling review is taken to identify areas of non-conformity to the ISO 27001 standard.