User Manual
siemens.com/cerberusdms
All rights reserved
© Siemens Switzerland Ltd. 2019
Cerberus DMS 4.0 | Cybersecurity Meets Building Management Systems
Let’s also define what it means to take a holistic approach
to security. Leading companies and institutions take into
account four key factors that impact security strength –
people, communication, processes, and technology.
In general:
• People need a broad and lasting awareness of the importance
of security, both physical security and cybersecurity
• Communication helps establish a culture of security when
it is clear and concise
• Processes that actively applied are as important as technology
in protecting organizations from cyber threats
• Technology needs to be tested, vetted, and matched
with other suitable building blocks in order to secure an
organization’s assets
Figure 1 – Holistic Security Approach: Key Factors
The spectrum of security challenges is broad. While physical
threats are more obvious and change less often, cyber
challenges can be more nefarious due to an ever-changing
threat landscape. When it comes to aligning security with
business needs and the inevitable move toward convenience,
we put a focus on cybersecurity from the outset.
“Security by Design:” Siemens Commitment to
Comprehensive Security
Cyber attacks are among the fastest growing criminal
activities in the world today. They range from insider threats,
ransomware attacks, opportunist threats, and hacktivism
all the way up to business espionage, terrorism, and
state-sponsored cyber terrorism. In order to be prepared to
respond to a fast, complex, and constantly changing threat
landscape, it is essential that organizations like yours take
a holistic approach to security.
While the responsibility to secure your environment lies
with your organization, Siemens is committed to developing
products that enable you to take a holistic approach to
security.
Our commitment is multifaceted. First and foremost is
“Security by Design,” our end-to-end approach to product
development that builds in security from the beginning.
It includes an ongoing cycle of testing, enhancements,
and evolution to keep our products and solutions at the
forefront. In addition, we are a founding member of the
global Charter of Trust, which calls for binding rules and
standards to build trust in cybersecurity and further
advance digitalization.
Simply put, we design with security in mind. Our company-wide
initiative provides a risk management program that actively
drives comprehensive security methodology for all Siemens
products, solutions, and services. It identifies best practices
and sets technical standards, processes, and policies that must
be met. We also contribute to international standards and
strive to deliver products that meet security standards such as
ISA/IEC 62443, UL2900, ISO/IEC 27001, and OWASP.
Security by Design Expertise
The effectiveness of a product’s cybersecurity design is
attributed to the expertise of the development team. As part
of our Security by Design methodology, we invest not only
in technology developments for digital protection and product
security, but also in the training required to maintain high
levels of employee cybersecurity expertise.
Throughout the lifecycle of the product, our experts perform
security threat and risk assessments in order to address
expected risk in the intended application of use. This
assessment starts early on in the process and is repeated
as required to identify and mitigate risks appropriately.
In addition, regular product security testing is conducted by
external experts who use manual penetration tests alone or in
combination with automated machine security testing. The
idea is to break the system in order to make it more secure.
This testing ensures that the selected product, solution, or
service meets our security requirements. The test results are
recorded and used to identify any necessary corrective actions.
2
People
Process
Technology Communication
Holistic security
approach