- Assess existing systems
- Establish control systems security policies and procedures
- Assure personnel are aware of importance of security and company policies
- Segment networks using defense-in-depth
- Control access to control system resources
- Harden computer systems by removing or disabling unused communication ports, applications and services
- Monitor the system
Source: John Cusimano, director of security solutions, exida (www.exida.com), Sellersville, Pa.