This site uses cookies to store information on your computer. Without consent certain enhanced features will not be available and future visits may require repeated consent, so it is recommended to accept the use of cookies. Visit the ISA Privacy Policy for more information.
Assessing the Cybersecurity of New or Existing IACS Systems (IC33M)
Description:
This on-demand course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.
Length: Six 30-45 minute modules CEUs: 0.6 Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course. Certificate Program:Part of the ISA/IEC 62443 Cybersecurity Certificate Program: After successfully completing all six modules, students may take the exam for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist. Exam fee is included in full course purchase price
Identify and document the scope of the IACS under assessment
Specify, gather or generate the cybersecurity information required to perform the assessment
Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
Organize and facilitate a cybersecurity risk assessment for an IACS
Identify and evaluate realistic threat scenarios
Identify gaps in existing policies, procedures and standards
Establish and document security zones and conduits
Prepare documentation of assessment results
You will cover:
Preparing for an Assessment: Security Life Cycle | Scope | System Architecture Diagrams | Network Diagrams | Asset Inventory | Cyber Criticality Assessment
Cybersecurity Vulnerability Assessment: Risk | Types of Cybersecurity Vulnerability Assessments | Gap Assessments | Passive and Active Assessments | Penetration Testing | Conducting Gap Assessments | Gap Assessment Tools | CSET
Conducting Vulnerability Assessments: Vulnerability Process | Pre-assessment | Standards | Research | Kick Off and Walk Thru | Passive Data Collection | Active Data Collection | Penetration Testing
Cyber Risk Assessments: Understanding Risk | ISA 62443-2-1 | SuC | Conduct High-level Risk Assessment | Consequence Scale | Establish Zones and Conduits | Zone and Conduit Drawings and Documentation | Document Cybersecurity Requirements
Documentation and Reporting: Document to Maintain | Required Reports | Zone and Conduit Diagrams | Cybersecurity Requirements Specification (CRS)
Lab demonstrations: (Included in modules)
Critiquing System Architecture Diagrams
Asset Inventory
Gap Assessment
Windows Vulnerability Assessment
Capturing Ethernet Traffic
Port Scanning
Windows Vulnerability Scanning
Perform a High-Level Cybersecurity Risk Assessment
Creating a Zone & Conduit Diagram
Perform a Detailed Cyber Risk Assessment
Risk Assessment Report
What is included:
On-demand modules with video lab demonstrations included
Module 1: Preparing for an Assessment (Approx. 95 minutes)
A viewable version of ISA standards for course reference
ISA/IEC 62443-1-1
ISA/IEC 62443-2-1
ISA/IEC 62443-3-3
ISA/IEC 62443-2 (draft version)
ISA’s Cybersecurity Assessment Challenge – a Jeopardy-style review game which can be used as a review for the certification exam (Free Add-On)
Exam registration for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
Who Should Attend:
Control systems engineers and managers
System Integrators
IT engineers and managers industrial facilities
IT corporate/security professionals
Plant Safety and Risk Management
Recommended Pre-Requisite:
ISA Course IC32 or equivalent knowledge/experience.
For more information:
Contact us at +1 919-549-8411 or info@isa.org to start your company on the path to well-trained employees.