Using the ANSI/ISA99 to Secure Your Control System (IC32)

Length: 2 days
CEU Credits: 1.4
Course Hours: 8:00 a.m.–4:00 p.m.
(Except Morristown, NJ location classes are 9:00 a.m.–5:00 p.m. and Columbia, IL location is 8:30 a.m.–4:30 p.m.)

Description:

The move to using open standards such as Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has begun to expose these systems to the same cyberattacks that have wrecked so much havoc on corporate information systems. This course provides a detailed look at how the ANSI/ISA99 standards can be used to protect your critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

You will be able to:

• Discuss the principles behind creating an effective long term program security
• Interpret  the ANSI/ISA99 industrial security guidelines and apply them to your operation
• Define the basics of risk and vulnerability analysis methodologies
• Describe the principles of security policy development
• Explain the concepts of defense in depth and zone/conduit models of security
• Analyze the current trends in industrial security incidents and methods hackers use to attack a system
• Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

You will cover:

• Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
• How Cyber Attacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
• Creating A Security Program: Critical Factors for Success | Understanding ISA99 Part 2: Establishing an Industrial Automation & Control Systems Security Program
• Using ISA99.00.02—Risk Analysis: Business Rationale, Risk Identification, Classification, and Assessment | The DNSAM Methodology
• Using ISA99.00.02—Addressing Risk with Security Policy, Organization, and Awareness: CSMS Scope | Organizational Security | Staff Training and Security Awareness
• Using ISA99.00.02—Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
• Using ISA99.00.02—Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
• Using ISA99.00.02—Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS

Classroom/Laboratory Exercises:

• Develop a business case for industrial security
• Conduct security threat analysis
• Investigate acanning and protocol anaysis tools
• Apply basic security analysis tools software

Includes ISA Standards:

• ANSI/ISA99.00.01-2007 - Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts, and Models
• ANSI/ISATR99.00.01-2007 - Security Technologies for Industrial Automation and Control Systems
• ANSI/ISA99.02.01-2009 - Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program

If you wish to register offline, download the Training Registration Form, complete, and return to ISA with your payment. 

Not sure this particular course is for you?
A pre-instructional survey is available for you to evaluate your level of understanding of the course material and to show you the types of questions you'll be able to answer after completing the course.

Click here to view list of course offerings and register.