• Avenues in Information Security and Networks
Like What we Do? Contact Us Now
Why VISTA InfoSec

Competent Consultants

Seasoned veterans of the subject, no ‘newbies’ for your project;

Read More

  •  "We have partnered with VISTA InfoSec for assisting us in implementing a combined ISMS framework encomapssing the ISO 27001 and PCI DSS guidelines for our business. Their domain expertise and consultative solution driven approach were key to address the IT security risks arising from our complex processes. We greatly appreciate their inputs for helping our team prepare; and train for the final compliance audits; and are sure to engage VISTA InfoSec for any of our future initiatives."
    Karthik Ganesan, VP – Operations, Billdesk (Indiaideas)
  •  "We are honored to have this great business relation with your organization.
    We appreciate the most your initiative to build the relation with our organization based on trust before jumping to the legal procedures.
    Plus your continuous support & cooperation to make us earn this valuable certification (ISO27001)."
    Mr.Abdulla H. Al Hammadi, Chief Operating Officer, Electronic Document Centre, Dubai..
  •  "VISTA InfoSec has helped us immensely in making some of the difficult choices related to related to IT infrastructure, their advice at times have been superior than leading IT infrastructure services providers"
    Dhaval Thakkar, D.GM.IT, Lodha Group
  •  "When Khaitan & Co signed on Vista the Firm was looking for an expert in the IT Policy setting area who will be able to give us sufficient time and complete the project on a time bound manner. Overall we are very satisfied with the services rendered by Vista. Their experts have enough information and in-depth knowledge of the industry and have guided us in several areas other than the mandate as well. We will definitely consider them for future projects for their honest and professional approach and usefulness of their deliverables."
    Mr.Nilanjan Ghose COO, Khaitan & Co.
  •  Good knowledge about the standard - earlier and new version - alongwith all that goes on in the IT world be it technology, O/S, various tools, security sites, etc"
    Mahindra Ugine Steel Company
  •  "NASSCOM’s applications are complex and built on multiple platforms so as to meet the demands of our broad and dispersed member base. Additionally, these applications are developed and maintained by various partners. Being the entity that we are, it becomes very important that we maintain utmost security for our members. VISTA InfoSec helped us in analysing our applications and identifying vulnerabilities. Their support and commitment is outstanding. "
    Ameet Nivsarkar, Vice President, NASSCOM
  •  "To implement our ISMS, we choose Vista as our partner based on their expertise. Their functional knowledge and technical expertise was evident in the solution they designed and deployed for us"
    Samir Dadia,, Director, Saama Technologies (I) Ltd.
  •  "We have been working with VISTA InfoSec for more than one year and we find them to be one of the most competent, thorough and most importantly - proactive professionals in their field of work"
    Mr. Anantha Krishnan, IT Head, Siyaram Silk Mills
  •  "We have been working with VISTA InfoSec for more than one year and we find them to be one of the most competent, thorough and most importantly - proactive professionals in their field of work"
    Mr. Anantha Krishnan, IT Head, Siyaram Silk Mills
Home >> Services >> Information Security Assessment >> SCADA Security Assessment

SCADA Security Assessment

It is true that a simple Nessus or Nmap scan can bring down a critical control system application. However, isn’t this something you should know and address before an attacker or an IT Department staffer gains access to the SCADA or DCS and inevitably starts with these tools?

SCADA Security Assessment

Our team uses an arsenal of assessment tools and methodologies similar to those used by attackers on the net, using automated scanning tools, commercial scripts, in-house developed scripts, manual testing and best of breed open-source assessment tools specific to application, protocol or exploit code.

Our team performs comprehensive assessment of your critical infrastructure in following manner:

  • Security Architecture Review
    • Evaluate the network design of the SCADA environment, analyzing the security controls in place and the connectivity between the SCADA environment and the corporate network.
  • Critical Infrastructure Security Testing
    • Evaluate the security of systems in the SCADA environment including routers, firewalls, control system servers, database systems, and ICCP gateways.
  • Host Security Configuration Review
    • Assess the configurations of routers, firewalls, and SCADA servers against known industry best practices while looking for known vulnerabilities associated with the deployed product and associated utilities.
  • Wireless Access Review
    • Identify wireless access into the environment and evaluate weaknesses that could allow an attacker to gain access to the SCADA network.
  • Remote Access Review
    • Identify systems with dial-up and remote access capability that could allow an attacker to gain access to the SCADA network.
  • Policies & Procedures Gap Analysis
    • Evaluate the current policies and procedures for critical infrastructure against known best practices according to the ISA-SP99 security standards.
  • Interviews with managers, operators, engineers and system administrators
  • Review and audit of key procedures such as change control, backup, incident detection and recovery
  • Analysis of the ability to recover from a cyber attack
  • Analysis of the physical security of cyber assets

We provide final report with prioritized list of vulnerabilities, compensating controls for vulnerabilities that cannot be directly addressed and develop actionable recommendations to mitigate the risks your environment faces from external attackers, insider threats, automated worms, and network management errors to maximize improvement of your environment security posture.

Contact us for an SCADA Security Assessment "value add presentation" and detailed deliverables for your organization.

 
© VISTA InfoSec Pvt. Ltd. | All Rights Reserved