What we offer
Cyber security procedures definition
We will you with a number of supporting documents. These are generic documents based on good industry practice. As part of a one-day workshop, we will show you how to tailor these to suit the operational model of your business. Should additional support be required after the workshop, this can be discussed and a pricing agreement reached.
An example risk assessment will be provided, showing how to assess the threats and apply mitigating controls. This would be a standard template showing the approach to and methodology for conducting a risk assessment. Standard assets will be pre-populated, which would have to be tailored to suit your business model. After instruction provided by the consultants, you would need to populate the compensating controls within the template to mitigate the identified risks.
Cyber security procedures audit
We can undertake an audit of cyber security procedures based at your HQ. The audit would be undertaken by an ISO 27001-qualified auditor, and the scope of the audit will be agreed with you and will be based on a selection of agreed controls, as opposed to every control. This will ensure that the audit be completed in one day.
The main aim of our onboard audit is to determine the effectiveness of the ship’s security measures, policies, procedures and preparedness for cyber-related incidents. The audit will determine whether controls, processes and procedures conform to the requirements of the TMSA3 standard, whether the policies and procedures are effectively implemented and maintained, and if they perform as expected.
Vulnerability assessment will be delivered on computer based systems (navigation, cargo control, power management, communication, etc.), ship networks and any automation on board the selected vessel(s). If a specific goal is identified you, penetration testing can also be performed. Penetration testing is the attempt to actively exploit weaknesses in the environment from the perspective of an attacker with direct access to the network being tested.