Secure by Default

The goal in this phase is to create default product installations and configurations that are more

resistant to attack, by reducing the attack surface (the number of points a hacker can attempt to

exploit). To accomplish this goal, software must be installed in its most secure configuration and

must stay that way until the customer takes informed steps to loosen it.

Symphony Plus is installed in a predefined way, which makes the process easy and reliable,

ensuring that settings are done in a consistent and repeatable way. Functions and features that

are not needed are disabled or not installed, and Windows Firewall is configured to only enable

necessary communication ports. Symphony Plus gives control engineers a unique opportunity to

manage access for each user. Access can be granted based on parameters such as who and

where the user is, what the user wants to do, and on which aspect object.

Secure by Deployment

The goal here is to ensure that the products can be installed, configured, operated and maintained

in a secure way. User documentation describes how to install and operate Symphony Plus

at the highest level of security. Documentation includes recommendations on how to build secure system

architecture using security zones and defense in depth. Security compliance project checklists

make sure that all important steps are taken during project execution to ensure a secure

deployment. Systems in operation are kept secure with monthly security patch updates and daily

anti virus updates.