MG Strategy+ Industrial Control Systems Group

MGS+ ICS Security Alerts Analysis Intelligence - Industrial Cyber Security

MGS+ ICS Security Assessments

MGS+ ICS Security Governance and Procedures Development: NERC CIP Compliance Consulting

NERC CIP services including but not limited to the following:

• Critical Cyber Asset Inventory validation (CIPv3)
• CIP-002-3 Risk-Based Assessment Methodology validation (CIPv3)
• BES Cyber Asset Inventory Validation (version 5 and beyond)
• BES Cyber System Identification Workshops (version 5 and beyond)
• Mock Audits
• NERC CIP-008 and CIP-009 facilitated exercises (i.e. CIP-008 Tabletop)
• Cyber Vulnerability Assessments (CIPv3)
• Vulnerability Assessment both Active & Passive (CIPv5 & beyond)

MGS+ ICS Security Governance and Procedures Development: HIPAA Compliance Consulting

HIPAA Compliance Consulting including but not limited to the following:

• HIPAA Security Remediation Services
• Managed Compliance Services
• PCI Compliance Review Services
• HIPAA Privacy and Breach Notification Assessment Services
• Customized Policies and Procedures
• HIPAA Security Assessment Services
• Data Breach Prevention
• Security Incident Investigation & Management
• Audit Preparation
• HIPAA Risk Management

MGS+ ICS Cyber Security Vulnerabilities Oversight, Procedures and Audit

We develop cyber security programs to develop better client understanding of industrial control systems (ICS) vulnerabilities and identify the key steps and programs they to protect their ICS; includes structure of typical policies and procedures that should be in place at ICS sensitive and critical facilities.

MGS+ ICS Cyber Security Vulnerabilities Oversight and Audit- Typical Policies and Procedures
Delegation of Manager Authority from Executive Level
System Security Management Plan
Security Incident Response and Recovery Plan
Vulnerability Assessment Plan
Electronic Security Perimeter (ESP) Procedure
Change Management Procedure
Device List Procedure – identify and classify cyber assets
Declaring and Responding to an Exceptional Circumstance Procedure
Access controls for information protection
Acceptable use Policy
Training and Personnel Policy

MGS+ ICS Cyber Security Vulnerabilities Oversight and Audit – Related Policies and Procedures Development
ICS cyber security Advisory related:
Risk Management as it relates to the cyber-security measures implemented at various facilities
Overall ICS design that meets the business needs of the organization, but has designed security in the architecture
Policy and compliance issues varied for public institutions, private corporations and the type of industry being reviewing

MGS+ ICS Cyber Security Vulnerabilities Oversight and Audit – Additional Service Deliverables / Guidelines
Inform and make more capable, the client’s Office to understand, assess, measure and evaluate industrial control systems (ICS) cybersecurity needs, demands and actions, as it related to investments in IT
Empower the client’s Office with stronger Oversight, Risk Definitions and Governance Structures to manage industrial control systems (ICS) vulnerabilities and to strengthen Financial Audit, Performance Audit and Governance & Accountability.
Integrate into the client’s Office Information Technology Capability and Self-Assessment
Broaden the client’s Office for Oversight of IT Investments