Cyber Security Self Assessment for (OT) Components in the Central Bank Area
As a system supplier for central banks, Giesecke+Devrient was commissioned to conduct a cyber security self-assessment for the OT components supplied by G+D for an existing cash center ("brownfield") of a central bank in the Southeast Asia region. As part of the project, secunet supported G+D in determining the maturity of the implemented security mechanisms for the OT components supplied by G+D to the central bank and in developing suggestions for improvement.
The self-assessment was based on a questionnaire provided by the central bank. In the first phase of the project, secunet determined the relevant security requirements by reviewing and evaluating standards and guidelines such as ISO/IEC 62443 (role of manufacturer) and NIST SP 800-82 Version 2, Guide to ICS (Guidelines for Secure Industrial Control System). As a result, a requirement analysis was created as a matrix and the question catalog was revised with regard to concrete security requirements for the G+D departments. During the processing phase by G+D, secunet supported the specialist department with any questions that arose. In addition to reviewing the documents, numerous individual interviews were conducted with G+D employees and employees of the central bank. During the implementation phase, secunet provided organizational support for the project, acted as an advisor on IT/OT security issues and supported G+D employees in developing measures to improve the security level for the central bank.
Finally, secunet assisted in the preparation of a management summary, in which the core statements of the assessment as well as fields of action and suitable measures for improving the security level were identified. As part of the G+D project team, secunet also accompanied the presentation of these results to the management of the central bank (assistant governor and vice governor).
The joint consulting services provided by secunet and G+D enabled the central bank to gain important insights regarding the maturity of the security level and the security processes in its OT area (cash center).
Send us an inquiry via the contact form. We are happy to help.