Establishing an Aviation Focused Cyber Security Management System (CSMS)

Posted by on in Regulatory
  • Font size: Larger Smaller
  • Hits: 1220

Sofema Online (SOL) www.sofemaonline.com considers the essential elements to be found in a Cyber Security Management System

Introduction

The potential for Cyber-attacks now appears almost inevitable and as a result, there is a need to address which requires investment in Cyber-Security

Consider foremost that Cyber Security Measures should be taken in respect of both the company and its supply chain including partners as well as outsourced service providers.

Each organization has an obligation to recognize that we face cybersecurity risks as well as a need to develop a company-wide policy to address these risks.

For an effective solution, we need to build a management system to address our cybersecurity risk. Cyber-attacks can easily compromise our business, therefore to ensure effective business continuity it is essential to address any risks which pose a cybersecurity threat at the highest level.

The Leadership Team as well as Line Managers have an obligation to cybersecurity measures, implementing a formal Cyber Security Management System (CSMS) will go a long way to addressing this obligation.

»  Note: In the event that there are a number of areas that are difficult to manage using in-house resources to consider addressing through outsourcing.

Communication Strategy

It is important to establish formal lines of communication with all internal and external stakeholders

       »  During Non- Emergency Situations share and demonstrate strategy and measures in place
       »  Whenever we are experiencing an Emergency (Abnormal) Situation

Threats, Vulnerabilities, & Consequences

Threats - are circumstances or events with the potential to negatively affect an organization’s operations or assets through the unauthorized access of information systems. The Following are Threat Examples:

       »  Hostile attacks,
       »  Human errors,
       »  System, Structural or configuration failures,
       »  Natural disasters. 

Vulnerabilities can be defined as:

       »  Weakness in an information system, security procedure, internal control, or implementation that can be exploited by a threat source.
       »  Vulnerabilities can also be found externally in supply chains or vendor relationships.

Consequences - Adverse results that occur when threats exploit vulnerabilities.

       »  The impact is measured against the severity of the consequences.

Building - A Cyber Security Management System (CSMS)

A Strong & Effective CSMS will

       »  Deliver a structured workflow to ensure that all risks are identified in a thorough and practical way
       »  Ensure that identified risks are analyzed documented and addressed
       »  Utilize checklists and threat assessment analysis.
       »  Provide a full audit trail

Elements to Consider within the CSMS

       »  Allocate Resources (Manpower & Financial)
       »  Identify Management Objectives
       »  Develop a Documented Process to deliver on the Management Objectives
       »  Nominate a Recovery Team and associated procedures to address any required recovery
       »  Develop a reporting system for cybersecurity incident response
       »  Identify cybersecurity risks and develop mitigations to address them by understanding existing cybersecurity status, together with measures to evaluate the full supply chain including partners as well as outsourced service providers
       »  Implement a process of continuous assessment & validation

Next Steps

Sofema Aviation Services offers the following courses delivered as classroom or webinar - https://sassofia.com/course/easa-compliant-organizational-cyber-security-responsibilities-1-day/

Please see www.sassofia.com or email team@sassofia.com

 

Last modified on
Tagged in: Aviation Aviation Training Cyber Security Cyber Security Management System (CSMS) SAS