In the Industrial Control System (ICS) cybersecurity area, the Cyber Security Management System (CSMS) assessment is hugely important because of the lack of cyber risk 
awareness. Industrial Control Systems were designed to operate in closed environments but now face threats that did not exist 20 years ago, and the system controllers need to understand the risks.
This whitepaper reviews the suitability of standards supporting a hybrid approach to risk management in an Industrial Control System (ICS) and proposes an approach to CSMS based on taking the “best of breed” from several leading ICS influences.
The purpose of the framework depicted in this paper is to define the cybersecurity assessment for Indus companies with an ICS. The initial step in this path is to secure infrastructure that will be audited against ICS dedicated cybersecurity standards.
