Risk Managed
standards and frameworks GAP ASSESSMENT
Whether required by an external entity or because you need to know, measuring your organization against a standard or framework is key for understanding the effectiveness and coverage of your security program. Measurement over time can show improvements in the program (and value for the money spent by executives). We have experience in a wide array of standards and frameworks such as NERC CIP, ISO series, TSA Security Directives, API 1164, IEC 62443, NIST series, multiple CMMs, ES/ONG-C2M2, and even the new CISA CPGs.
Security Program Development and Improvement
Many organizations have a security function, but it may not be focused on or skilled in the differences for OT/ICS environments. Ampyx Cyber can help your organization build or enhance your OT/ICS security capabilities, gain greater control and visibility into your OT environments, and improve your reliability with a strong ICS Security Program. We speak OT, IT, even business/executive and we’ve seen many organizations across multiple sectors to help you understand where your program is related to companies of similar size, function, and budget.
Merger and acquisition (M&A) diligence assessments
The larger the purchase, the greater the financial risk. You should be as informed as possible to have the best negotiating position. When buying a house, you get an inspection. When buying new (or new to you) industrial assets, you should know what you’re getting. We can provide you with deep visibility into the hidden security and compliance risks - quantified in financial costs - before you purchase. Conversely, if you are selling assets and you want to add value through demonstration of strong security controls and compliance position, we can help you get the most for your facility.
executive and board briefings
Expectations from regulators, shareholders and business partners are clear. Executives must be aware of the security risks, threats and vulnerabilities for their organization. Getting this information, especially in a way that is easy for your to understand and take action, can be very challenging. The terminology is new and the complexity can be daunting. We provide briefings that are in words you already know, simplified and applied in a business context so you can clearly understand the security landscape and where you stand in it - without using fear tactics and technical jargon. We even offer executive “phone a friend” options when you just need to get a straight answer on something.