Security Assessment is the starting step when a company is changing, whether it extends its IT network, revamps its OT infrastructure, or simply turns its employees to remote work. Knowing its vulnerabilities and associated security risks, it can transform for the better and ensure its own security as well as safety to people and environment.
Sababa Security Assessment is a service that allows enterprises to conduct cyber security audit across their IT and OT environments and their parts. It is made in line with the NIST framework (NIST CSF) based on the cyber security life cycle management process and aims to
• Make a comprehensive inventory of the IT and OT assets, security processes and target the essential assessment perimeter
• Perform GAP analysis against global or local frameworks to find vulnerable systems and applications
• Prioritize security risks and provide a roadmap to fix the findings, based on their criticality
• Assist companies in articulating their security objectives and planning their security budgets wisely
• Support security teams during stressful times of change and encourage them to move towards their business goals with confidence
• Asset management
• Business environment
• Risk Assessment
• Risk Management Strategy
• Access Control
• Awareness and Training
• Data Security
• Information Protection Processes and Procedures
• Protective Technology
• Anomalies and Events
• Security Continuous Monitoring
• Detection Processes
• Recovery Planning
Subject to assessment
IT and OT networks and their parts, applications, hardware, and communications can be subjects to assessment. Industrial networks and processes are assessed with minimal invasion to respect their sensitivity.
Sababa Security Assessment is conducted by experts with industrial background when it comes to diagnostics of ICS systems in Oil & Gas, Energy, Utilities, Automotive, Manufacturing, and other industrial verticals.
The service supports some of the main international IT security standards, including Critical Security Controls (SANS Institute), COBIT v.5, ISA 62443, ISO / IEC 27001: 2013, NIST SP 800-53 and GDPR.