User Manual
siemens.com/desigocc
All rights reserved
© Siemens Switzerland Ltd. 2019
Cerberus DMS 4.0 | Cybersecurity Meets Building Management Systems
Let’s also define what it means to take a holistic approach
to security. Leading companies and institutions take into
account four key factors that impact security strength –
people, communication, processes, and technology.
In general:
• People need a broad and lasting awareness of the
importance of security, both physical security and
cybersecurity
• Communication helps establish a culture of security
when it is clear and concise
• Processes that actively applied are as important as
technology in protecting organizations from cyber threats
• Technology needs to be tested, vetted, and matched
with other suitable building blocks in order to secure
an organization’s assets
Figure 1 – Holistic Security Approach: Key Factors
The spectrum of security challenges is broad. While physical
threats are more obvious and change less often, cyber
challenges can be more nefarious due to an ever-changing
threat landscape. When it comes to aligning security with
business needs and the inevitable move toward convenience,
we put a focus on cybersecurity from the outset.
“Security by Design:” Siemens Commitment to
Comprehensive Security
Cyber attacks are among the fastest growing criminal
activities in the world today. They range from insider threats,
ransomware attacks, opportunist threats, and hacktivism
all the way up to business espionage, terrorism, and
state-sponsored cyber terrorism. In order to be prepared to
respond to a fast, complex, and constantly changing threat
landscape, it is essential that organizations like yours take
a holistic approach to security.
While the responsibility to secure your environment lies
with your organization, Siemens is committed to developing
products that enable you to take a holistic approach to
security.
Our commitment is multifaceted. First and foremost is
“Security by Design,” our end-to-end approach to product
development that builds in security from the beginning.
It includes an ongoing cycle of testing, enhancements,
and evolution to keep our products and solutions at the
forefront. In addition, we are a founding member of the
global Charter of Trust, which calls for binding rules and
standards to build trust in cybersecurity and further
advance digitalization.
Simply put, we design with security in mind. Our company-wide
initiative provides a risk management program that actively
drives comprehensive security methodology for all Siemens
products, solutions, and services. It identifies best practices
and sets technical standards, processes, and policies that
must be met. We also contribute to international standards
and strive to deliver products that meet security standards
such as ISA/IEC 62443, UL2900, ISO/IEC 27001, and OWASP.
Security by Design Expertise
The effectiveness of a product’s cybersecurity design is
attributed to the expertise of the development team. As part
of our Security by Design methodology, we invest not only
in technology developments for digital protection and
product security, but also in the training required to maintain
high levels of employee cybersecurity expertise.
Throughout the lifecycle of the product, our experts perform
security threat and risk assessments in order to address
expected risk in the intended application of use. This
assessment starts early on in the process and is repeated
as required to identify and mitigate risks appropriately.
In addition, regular product security testing is conducted
by external experts who use manual penetration tests alone
or in combination with automated machine security testing.
The idea is to break the system in order to make it more
secure. This testing ensures that the selected product,
solution, or service meets our security requirements. The test
results are recorded and used to identify any necessary
corrective actions.
2
People
Process
Technology Communication
Holistic security
approach