Cyber security

Threats to cyber assets are linked to the position of the asset owner in relation to competitors, and to the general security situation in the countries the organisation has operations, as well as geopolitical conditions. Recent reports in industry show that activities related to information gathering by information brokers, intelligence services and cyber criminals acting on behalf of business players have increased rapidly over the last few years. This has been noted both by governments and companies providing security services. A good start to any cyber related work is thus establishing the threat landscape for your business. What are the assets you want to protect? Who would benefit from assessing or controlling these?

In addition, the actions you decide to implement are dependent on your risk acceptance criteria, and your risk appetite. We help you identifying your threat landscape and risk picture, and assist in developing a set of criteria suitable for your business and your risk appetite.

We provide cyber security assurance and advisory services for Operational Technology (OT) and Integrated Automation and Control Systems (IACS) security.

Services include:

Gap analysis

A systematic approach to your cyber security work is by knowing your weaknesses. Whether it is ISO 27001, IEC 62443 series, or any other relevant standard or regulation you want or must comply with, we can help you map your performance towards the chosen standard. Based on this, you can decide what actions to take next.

Cyber awareness training

Cyber attacks are very often partly caused by an unknowing employee acting either in good faith or without better knowledge. Training your staff can thus greatly reduce the risk of successful attacks. We provides tailor made training packages with examples that are relevant for your business and employees.

ISO 27001 Information security implementation

We can establish a tailor made management system compliant with ISO 27001 for your organisation. Whether you want to align or to go all the way with certification is up to you – we will be your trusted partner.

ISO 22301 Business continuity implementation

Cyber security is one of the major incidents that potentially will cause disruption to your business, and should be something you have planned for. We can establish a tailor made management system compliant with ISO 22301 for your organisation.

Cyber risk assessment

IEC 62443 is the standard adopted by several industries when it comes to cyber security work. This standard adopts a risk based approach, and suggests both a high level risk analysis and a detailed risk analysis to be performed. Our experience with safety risk analysis for control systems provides a unique platform for including the cyber security element in the risk analysis. We can provide both the high level and detailed level analysis.

Third party assessment of industrial automation and control systems according to CENELEC, ISO 27000 and IEC 62443 (assurance)

We offer four assurance roles for railway; Notified Body, Designated Body, Assessment Body and Independent Safety Assessor. Requirements for assessing security are being implemented into standards and regulations. Security includes both physical and cyber security. We can be your third party assessor.

Cyber Security Management Plan

Your cyber security management plan defines the steps you will take in your project to ensure cyber security are assessed according to best practice and the prevailing requirements. It defines actions, responsible parties, deliverables and methods to be used. We can make this specific for the project phase you are currently entering, or provide a full  life-cycle document that will follow the project from concept to operation.

Cyber Security Requirement Specification

We help specify requirements that your project and your suppliers must comply with. This includes establishing the Security Levels for each of the identified critical components/systems in your architecture

• Increased awareness of your business in the global cyber threat environment
• Increased resilience when the cyber-attack happens
• License to operate where cyber security is a requirement
• Assurance that your system is performing at an acceptable level

We, at LR understand the risk environment of the digital world, whether that’s from gaps in your systems or the risk of inexperienced personnel. Through our global network of cross functional teams assures we have the tools and experience to safeguard your business and make certain you are aware and resilient to any cyber threat that may come your way.