• Assessing the Cybersecurity of New or Existing IACS Systems (IC33)


    training-button-register-now

    Length:  3 days
    CEUs:  2.1
    Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program
    Your course registration includes your registration for the exam.
    Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.

    Description:

    The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation.  Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).  

    This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.

    You Will Be Able to:

    • Identify and document the scope of the IACS under assessment
    • Specify, gather or generate the cybersecurity information required to perform the assessment
    • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
    • Organize and facilitate a cybersecurity risk assessment for an IACS
    • Identify and evaluate realistic threat scenarios
    • Identify gaps in existing policies, procedures and standards
    • Establish and document security zones and conduits 
    • Prepare documentation of assessment results

    You Will Cover:

    • Preparing for an Assessment
    • Cybersecurity Vulnerability Assessment
    • Conducting Vulnerability Assessments
    • Cyber Risk Assessments
    • Conducting Cyber Risk Assessments
    • Documentation and Reporting
    • And more...

    Classroom/Laboratory Exercises:

    • Critiquing system architecture diagrams
    • Asset Inventory
    • Gap Assessment
    • Windows Vulnerability Assessment
    • Capturing Ethernet Traffic
    • Port Scanning
    • Using Vulnerability Scanning Tools
    • Perform a high-level risk assessment
    • Creating a zone & conduit diagram
    • Perform a detailed cyber risk assessment
    • Critiquing a cybersecurity requirements specification

    Who Should Attend:

    • Control systems engineers and managers
    • System Integrators
    • IT engineers and managers industrial facilities
    • IT corporate/security professionals
    • Plant Safety and Risk Management

    Recommended Pre-Requisite:

    ISA Course IC32 or equivalent knowledge/experience.

    training-button-register-now

    For more information:
    Contact us at +1 919-549-8411 or info@isa.org or visit www.isa.org/TrainingTool to start your company on the path to well-trained employees.