Assessing the Cybersecurity of New or Existing IACS Systems (IC33M)

Description

This on-demand course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.

Course updated March 2023

Length: Four modules (15-40 minutes each); Approximately four hours of lab exercises using a remote cyber range.
CEUs: 0.6
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.
Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program: After successfully completing all four modules and lab exercises, students may take the exam for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist. Exam fee is included in full course purchase price

Register Now

Full Course: Modules 1-6 Assessing the Cybersecurity of New or Existing IACS Systems (IC33M)

Learning Objectives

Identify and document the scope of the IACS under assessment
Specify, gather, or generate the cybersecurity information required to perform the assessment
Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
Organize and facilitate a cybersecurity risk assessment for an IACS
Identify and evaluate realistic threat scenarios
Identify gaps in existing policies, procedures, and standards
Establish and document security zones and conduits
Prepare documentation of assessment results

You Will Cover

Preparing for an Assessment: Security Life Cycle | Scope | System Architecture Diagrams | Network Diagrams | Asset Inventory | Cyber Criticality Assessment
Cybersecurity Vulnerability Assessment: Risk | Types of Cybersecurity Vulnerability Assessments | Gap Assessments | Passive and Active Assessments | Penetration Testing | Conducting Gap Assessments | Gap Assessment Tools | CSET
Conducting Vulnerability Assessments: Vulnerability Process | Pre-assessment | Standards | Research | Kick Off and Walk Thru | Passive Data Collection | Active Data Collection | Penetration Testing
Cyber Risk Assessments: Understanding Risk | ISA/IEC 62443-2-1 | SuC | Conduct High-level Risk Assessment | Consequence Scale | Establish Zones and Conduits | Zone and Conduit Drawings and Documentation | Document Cybersecurity Requirements
Conducting Cyber Risk Assessments: Detailed Cyber Risk Assessment Process | Threats | Vulnerabilities | Consequences | Likelihood | Calculate Risk | Security Levels | Countermeasures | Residual Risk | Documentation
Documentation and Reporting: Document to Maintain | Required Reports | Zone and Conduit Diagrams | Cybersecurity Requirements Specification (CRS)

Lab Exercises

60-day access to a remote cyber range to complete the following exercises independently.

Basic Commands for Computer Information
Asset Inventory
High-Level Risk Assessment Using CSET
Introduction to Wireshark
Vulnerability Scanning
Penetration Testing

What is Included

On-demand modules

Module 1: Preparing for an Assessment (35 minutes)
Module 2: Risk Components (40 minutes)
Module 3: Conducting Cybersecurity Assessments (35 minutes)
Module 4: Documentation and Reporting (15 minutes)

Lab exercises

Access to a virtual cyber range for 60-days
Lab booklet to guide you through the lab exercises
Approximately 4 hours of lab activity

A viewable version of ISA standards for course reference

ISA/IEC 62443-1-1
ISA/IEC 62443-2-1
ISA/IEC 62443-3-3
ISA/IEC 62443-2

Exam

Exam registration for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist

Who Should Attend

Control systems engineers and managers
System integrators
IT engineers and managers industrial facilities
IT corporate/security professionals
Plant safety and risk management

Recommended Pre-requisite

ISA Course IC32 or equivalent knowledge/experience.

Can you spare a cookie?