• IC33M Banner Image 3


    Assessing the Cybersecurity of New or Existing IACS Systems (IC33M) is an on-demand course which will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.

    Length: Six 30-45 minute modules
    CEUs:  0.6 
    Certificate Program:Part of the ISA/IEC 62443 Cybersecurity Certificate Program: After successfully completing all six modules, students may purchase and take the exam for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist. Exam must be purchased separately.

    Register Now

    Full Course Bundle includes:

          Best Value imgSix (6) on-demand modules (Approx. 30 minutes each)

    • A viewable version of ISA standards for course reference 
      • ISA/IEC 62443-1-1
      • ISA/IEC 62443-2-1
      • ISA/IEC 62443-3-3
      • ISA/IEC 62443-2 (draft version)
    • ISA’s Cybersecurity Assessment Challenge – a Jeopardy-style review game which can be used as a review for certification exam (Free Add-On)
    • Exam fee ($200 value) for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
    • 10% discount

    Module 1: Preparing for an Assessment

    Module 2: Cybersecurity Vulnerability Assessment

    Module 3: Conducting Vulnerability Assessments

    Module 4: Cyber Risk Assessments

    Module 5: Conducting Cyber Risk Assessments

    Module 6: Documentation

    You Will Be Able to:

    • Identify and document the scope of the IACS under assessment
    • Specify, gather or generate the cybersecurity information required to perform the assessment
    • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
    • Organize and facilitate a cybersecurity risk assessment for an IACS
    • Identify and evaluate realistic threat scenarios
    • Identify gaps in existing policies, procedures and standards
    • Establish and document security zones and conduits 
    • Prepare documentation of assessment results

    You will cover:

    • Preparing for an Assessment: Security Life Cycle | Scope | System Architecture Diagrams | Network Diagrams | Asset Inventory | Cyber Criticality Assessment
    • Cybersecurity Vulnerability Assessment: Risk | Types of Cybersecurity Vulnerability Assessments | Gap Assessments | Passive and Active Assessments | Penetration Testing | Conducting Gap Assessments | Gap Assessment Tools | CSET
    • Conducting Vulnerability Assessments: Vulnerability Process | Pre-assessment | Standards | Research | Kick Off and Walk Thru | Passive Data Collection | Active Data Collection | Penetration Testing
    • Cyber Risk Assessments: Understanding Risk | ISA 62443-2-1 | SuC | Conduct High-level Risk Assessment | Consequence Scale | Establish Zones and Conduits | Zone and Conduit Drawings and Documentation | Document Cybersecurity Requirements
    • Conducting Cyber Risk Assessments: Detailed Cyber Risk Assessment Process | Threats | Vulnerabilities | Consequences | Likelihood | Calculate Risk | Security Levels | Countermeasures | Residual Risk | Documentation
    • Documentation and Reporting: Document to Maintain | Required Reports | Zone and Conduit Diagrams | Cybersecurity Requirements Specification (CRS)

    Who Should Attend:

    • Control systems engineers and managers
    • System Integrators
    • IT engineers and managers industrial facilities
    • IT corporate/security professionals
    • Plant Safety and Risk Management

    Recommended Pre-Requisite:

    ISA Course IC32 or equivalent knowledge/experience.