Core Outcome Solution
Core Outcome Solution
COS is our core business engine, wrapped in a concierge service model to deliver quality and completeness. This is an outcome-based offering.
We use our proprietary backend AI solution to produce outcomes that meet any OT security program demands of industrial organizations today.
While we do not currently provide an advisory or consulting business or cost model, we advise and develop a roadmap with you (for free) and then execute it. We prefer the long-term partner relationship over the transaction.
Core Outcome Solution
- A dedicated OT security subject matter expert (SME) and single point of contact
- A strategic conversation used to develop a comprehensive plan
- A roadmap developed for and tailored to your organization, program and initiatives
- Tailored drafts for your review within days from initial conversations
- Followed by revised drafts ready for organizational approval and publication
- SME support until approval has been reached
But COS is not just our business engine. It is also:
- A backend AI solution we custom developed
- Comparable to the output of 4.5 consulting or contractor resources
- Achieves ~40% savings in time to complete vs human resources
- Achieves ~60% savings in cost over time and material fee structures
- Tuned for accuracy and technical competency in OT and OT security
- Reliably unphased by the personal circumstances of human beings
A few of our best COS products are
Feature Product
OT Security Program
OT security program development is our most core competency. We have taken part in numerous programs, from build to run to optimize, and are very well informed of the nuance of a right-sized approach. We don’t Find and Replace IT security documents and hope for the best. We don’t take countless hours away from your team to teach us what you should do.
We discuss where you are, where you want to go and create a roadmap. Then we write everything you need to get there, whether with and for your FTE’s or an external MSP/partner.
Feature Product
OT Security Policies, Standards and Procedures
You can’t expect anyone to adopt a culture built on policy that doesn’t resonate, isn’t fit for purpose or was written for authors. That’s called shelfware, and we’re allergic to it.
- The best policies are clear and backed up by standards, controls and procedures.
- The best standards are insightful and explain the why.
- The best controls meet standards expectations cleanly.
- And the best procedures clearly state how.
The best of all of them incorporate knowing what industrial control systems and operational technology are, how they’re different and why they’re secured differently.
Policies, standards, controls and procedures are the foundation of every expectation for your OT security program.
Feature Product
IT/OT Security Best Practices
Best practices aren’t just written by NIST, ISA/IEC and other major governing bodies throughout the cybersecurity community. They’re also written by asset owners, to better support the mission and goals of individuals, teams and programs. We write from the most trusted sources and leaders.
A few examples of traditional best practices include:
- Network Architecture and Segmentation
- Asset Configuration and Hardening
- Vulnerability and Patch Management
- Incident Response and Recovery
- Training and Culture
- Supply Chain and 3rd Party Risk Management
- Continuous Improvement
Feature Product
Emerging Methods
Sometimes organizations need to find a solution to a problem that hasn’t yet been solved by the wider OT security community.
At Cabreza, we don’t just write from compliance. We write to the evolving demands of global industrial enterprises.
If you’re thinking about or grappling with it today, we can develop an approach with you, then write it.
Feature Product
Regulation and Compliance
Just because we don’t only write from compliance doesn’t mean we don’t write for compliance. Be it NERC-CIP, 62443, NIS2, EU CRA and EU CER, we can write to meet regulatory requirements.