Description
This on-demand course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.
Length: Six 30-45 minute modules
CEUs: 0.6
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.
Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program: After successfully completing all six modules, students may take the exam for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist. Exam fee is included in full course purchase price
Register Now
You Will Be Able to
- Identify and document the scope of the IACS under assessment
- Specify, gather or generate the cybersecurity information required to perform the assessment
- Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
- Organize and facilitate a cybersecurity risk assessment for an IACS
- Identify and evaluate realistic threat scenarios
- Identify gaps in existing policies, procedures and standards
- Establish and document security zones and conduits
- Prepare documentation of assessment results
You will cover
- Preparing for an Assessment: Security Life Cycle | Scope | System Architecture Diagrams | Network Diagrams | Asset Inventory | Cyber Criticality Assessment
- Cybersecurity Vulnerability Assessment: Risk | Types of Cybersecurity Vulnerability Assessments | Gap Assessments | Passive and Active Assessments | Penetration Testing | Conducting Gap Assessments | Gap Assessment Tools | CSET
- Conducting Vulnerability Assessments: Vulnerability Process | Pre-assessment | Standards | Research | Kick Off and Walk Thru | Passive Data Collection | Active Data Collection | Penetration Testing
- Cyber Risk Assessments: Understanding Risk | ISA/IEC 62443-2-1 | SuC | Conduct High-level Risk Assessment | Consequence Scale | Establish Zones and Conduits | Zone and Conduit Drawings and Documentation | Document Cybersecurity Requirements
- Conducting Cyber Risk Assessments: Detailed Cyber Risk Assessment Process | Threats | Vulnerabilities | Consequences | Likelihood | Calculate Risk | Security Levels | Countermeasures | Residual Risk | Documentation
- Documentation and Reporting: Document to Maintain | Required Reports | Zone and Conduit Diagrams | Cybersecurity Requirements Specification (CRS)
Lab demonstrations (Included in modules)
- Critiquing System Architecture Diagrams
- Asset Inventory
- Gap Assessment
- Windows Vulnerability Assessment
- Capturing Ethernet Traffic
- Port Scanning
- Windows Vulnerability Scanning
- Perform a High-Level Cybersecurity Risk Assessment
- Creating a Zone & Conduit Diagram
- Perform a Detailed Cyber Risk Assessment
- Risk Assessment Report
What is included
On-demand modules with video lab demonstrations included
- Module 1: Preparing for an Assessment (Approx. 95 minutes)
- Module 2: Cybersecurity Vulnerability Assessment (Approx. 35 minutes)
- Module 3: Conducting Vulnerability Assessments (Approx. 102 minutes)
- Module 4: Cyber Risk Assessments (Approx. 69 minutes)
- Module 5: Conducting Cyber Risk Assessments (Approx. 80 minutes)
- Module 6: Documentation (Approx. 15 minutes)
A viewable version of ISA standards for course reference
- ISA/IEC 62443-1-1
- ISA/IEC 62443-2-1
- ISA/IEC 62443-3-3
- ISA/IEC 62443-2 (draft version)
ISA’s Cybersecurity Assessment Challenge – a Jeopardy-style review game which can be used as a review for the certification exam (Free Add-On)
Exam registration for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
Who Should Attend
- Control systems engineers and managers
- System Integrators
- IT engineers and managers industrial facilities
- IT corporate/security professionals
- Plant Safety and Risk Management
Recommended Pre-Requisite
ISA Course IC32 or equivalent knowledge/experience.
For more information
Contact us at +1 919-549-8411 or info@isa.org to start your company on the path to well-trained employees.