Method Functional Safety
What is the Cyber Security Lifecycle?
About the Cyber Security Lifecycle
How do i start?
I am new to this, how do I start?

Management of OT Cyber Security

The management of cyber security risk requires to be an ongoing iterative process, which reacts to a constantly evolving threat landscape, driven by the organisation’s understanding of their vulnerabilities and informed by an awareness of adversaries’ methods.

A Cyber security Management System (CSMS) should be developed, adopted by senior management, and incorporated into the organisation’s existing policies and management systems. The structure of the CSMS can follow existing management systems e.g. those outlined in specific security standards such as IEC 62443ISA TR84.00.09, or ISO 27001, as specified in the functional safety for the process industry sector IEC 61511, or other regulatory framework specific to the organisation.

Any CSMS should contain policies and procedures to address the following objectives and cyber security principles (excerpt from NCSC CAF)

  1. A. Managing security risk
    1. 1 Governance
    2. 2 Risk management
    3. 3 Asset management
    4. 4 Supply chain
  2. B. Protecting against cyber attack
    1. 1 Protection policies and processes
    2. 2 Identity and access control
    3. 3 Data security
    4. 4 System security
    5. 5 Resilient networks and systems
    6. 6 Staff awareness and training
  3. C. Detecting cyber security events
    1. 1 Security monitoring
    2. 2 Proactive security event discovery
  4. D. Minimising the impact of cyber security incidents
    1. 1 Response and recovery planning
    2. 2 Lessons learned

The policy, procedures and management system documents produced will require to be adopted and championed at board level and trained out to all personal with the potential to interact with or impact the security of IACS assets. This effectively requires all personnel within an organisation to have a basic level awareness or enhanced, role-specific training in OT cyber security.

The CSMS documents will require to be frequently reviewed and updated, as necessary, in light of evolving threats and newly discovered vulnerabilities, in line with the concept of continuous improvement.

Appendix 2 of OG86 suggests suitable document types that organisations can present as evidence of each aspect of their CSMS.

Cyber Security Risk Management Key  Artefacts Maintenance Cycle

Diagram 1. Cyber Security Risk Management Key Artefacts Maintenance Cycle



Cyber Security Lifecycle

Cyber Security Lifecycle
OT Cyber Security
OT Cyber Security
Cyber Security Lifecycle

Contact =Method Consultants

You can contact =Method below:

p: +44 (0)1462 713313


Contact us online

E: T: 44 (0)1462 713313. W:

LinkedinMethod Functional Safety member of InstMC

Functional Safety + Process Safety + Cyber Security + Compliance Assessment + Competency Register + Software Solutions = Method Safety and Security

Address: Method Cyber Security Ltd. Method House, Davis Crescent, Hitchin, SG5 3RB
Phone: +44 (0)1462 713313 Email: Website:

Terms and Conditions | Privacy Policy. Registered In England 08453480. VAT No. GB 96 3453 69. Site © Copyright Method Cyber SecurityLtd 2024