There are numerous cyber security regulations, frameworks and standards which are used to govern cyber security within an organisation, ranging from general information security standards such as ISO27001, NIST CSF and industry specific standards and frameworks such as ES-C2M2, AESCSF. An organisation may choose to adopt any of these or just practice basic cybersecurity hygiene similar to ACSC’s Essential Eight. Check out our ISO27001, CPS234 pages for more information
AESCSF is a cybersecurity framework that is designed specifically for the Australian energy sectors. It consists of 282 controls which have their own indicators to assess an organisation’s current state (Maturity Indicator Level) and a target state (Security Profiles).
At present, most organisations want to secure their systems physically and digitally, there are many aspects that hold them back, below are three main reasons,
- Time and funding
- Visibility over third parties and suppliers.
- Extension of current compliance to other standards and frameworks
We at AR Innovate will guide your organisation end to end, which consist of the following key flow of assessment and requirements,
- Criticality assessment must be assessed to determine the SP
- SP-1 – Low criticality
- SP-2 – Medium criticality
- SP-3 – High criticality
- Assess your organisation using the self-assessment
With our expertise in working with several energy clients especially renewable energy clients, we have identified several approaches that can work best for different types and sizes.
For more information, please contact us through Let’s Chat.