CEUs: 2.1
Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program
Your course registration includes your registration for the exam.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.
Description
The first phase in the IACS Cybersecurity Lifecycle (defined in ISA/IEC 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA/IEC 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).
This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.
You Will Be Able to
- Identify and document the scope of the IACS under assessment
- Specify, gather or generate the cybersecurity information required to perform the assessment
- Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
- Organize and facilitate a cybersecurity risk assessment for an IACS
- Identify and evaluate realistic threat scenarios
- Identify gaps in existing policies, procedures and standards
- Establish and document security zones and conduits
- Prepare documentation of assessment results
You Will Cover
- Preparing for an Assessment
- Cybersecurity Vulnerability Assessment
- Conducting Vulnerability Assessments
- Cyber Risk Assessments
- Conducting Cyber Risk Assessments
- Documentation and Reporting
- And more...
Classroom/Laboratory Exercises
- Critiquing system architecture diagrams
- Asset Inventory
- Gap Assessment
- Windows Vulnerability Assessment
- Capturing Ethernet Traffic
- Port Scanning
- Using Vulnerability Scanning Tools
- Perform a high-level risk assessment
- Creating a zone & conduit diagram
- Perform a detailed cyber risk assessment
- Critiquing a cybersecurity requirements specification
Who Should Attend
- Control systems engineers and managers
- System Integrators
- IT engineers and managers industrial facilities
- IT corporate/security professionals
- Plant Safety and Risk Management
Recommended Prerequisite
ISA Course IC32 or equivalent knowledge/experience.
For more information
Contact us at +1 919-549-8411 or info@isa.org to start your company on the path to well-trained employees.