An integral part of ICS computer security is endpoint hardening. Endpoint hardening aims at narrowing the attack surface of the endpoint as well as limiting the impact of a potential compromise of the endpoint.
Narrowing the attack surface of an endpoint involves disabling any unused features, and options. The smaller the attack surface of a system, the fewer potential security vulnerabilities there will be for the attacker to find. This exercise comes down to going through all your systems and disabling unused and unwanted Windows services, uninstalling unused applications, and getting rid of installed example scripts, programs, databases, and other files. These activities are typically performed at the time of endpoint deployment and should be a scheduled exercise, performed on a regular basis after the endpoint is deployed.