The project is to define a relevant cyber security maturity framework; develop the GRC platform to apply the defined framework with the contribution of all stakeholders; process IT and OT data from stakeholders and provide the cyber security benchmark information to energy sector authorities on a utilizable business intelligence platform.
A maturity model is a set of characteristics, attributes, indicators, or patterns that represent capability and progression in a particular discipline. Existing maturity models will be examined at the initial phase of the project and a framework will be developed using the control objectives defined by standards (ISO 27019, NIST 800 series, etc.) and regulations (EU, NIST Directive, EPDK legislation in Turkey, etc.).
The framework will be implemented on a Governance-Risk-Compliance (GRC) Platform that will be developed as a holistic and integrated management tool both for energy companies and sector authorities.
Proposed GRC platform will provide the methodology, compliance requirements, risk and control catalogues specific to energy sector. It will gather, analyze and process data from IT and OT systems by use of integrated APIs. Data generated by manual prcesses such as audits, assessmnets or reviews will be will be correlated with data from IT and OT systems.
The platform will be used individually by companies to apply cyber security maturity framework, identify their maturity level and determine cyber security risks and corresponding initiatives to improve their maturity level.
Sector authorities will utilize the platform for development of sectoral cyber security policies based on benchmark information from GRC data gathered from various companies and stakeholders.