Assessing the Cybersecurity of New or Existing IACS Systems (IC33M)


This on-demand course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.

Course updated March 2023

Length: Four modules (15-40 minutes each); Approximately four hours of lab exercises using a remote cyber range.
CEUs: 0.6 
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.
Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program: After successfully completing all four modules and lab exercises, students may take the exam for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist. Exam fee is included in full course purchase price

Register Now

Full Course: Modules 1-6 Assessing the Cybersecurity of New or Existing IACS Systems (IC33M)

Learning Objectives

  • Identify and document the scope of the IACS under assessment
  • Specify, gather, or generate the cybersecurity information required to perform the assessment
  • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
  • Organize and facilitate a cybersecurity risk assessment for an IACS
  • Identify and evaluate realistic threat scenarios
  • Identify gaps in existing policies, procedures, and standards
  • Establish and document security zones and conduits 
  • Prepare documentation of assessment results

You Will Cover

  • Preparing for an Assessment: Security Life Cycle | Scope | System Architecture Diagrams | Network Diagrams | Asset Inventory | Cyber Criticality Assessment
  • Cybersecurity Vulnerability Assessment: Risk | Types of Cybersecurity Vulnerability Assessments | Gap Assessments | Passive and Active Assessments | Penetration Testing | Conducting Gap Assessments | Gap Assessment Tools | CSET
  • Conducting Vulnerability Assessments: Vulnerability Process | Pre-assessment | Standards | Research | Kick Off and Walk Thru | Passive Data Collection | Active Data Collection | Penetration Testing
  • Cyber Risk Assessments: Understanding Risk | ISA/IEC 62443-2-1 | SuC | Conduct High-level Risk Assessment | Consequence Scale | Establish Zones and Conduits | Zone and Conduit Drawings and Documentation | Document Cybersecurity Requirements
  • Conducting Cyber Risk Assessments: Detailed Cyber Risk Assessment Process | Threats | Vulnerabilities | Consequences | Likelihood | Calculate Risk | Security Levels | Countermeasures | Residual Risk | Documentation
  • Documentation and Reporting: Document to Maintain | Required Reports | Zone and Conduit Diagrams | Cybersecurity Requirements Specification (CRS)

Lab Exercises 

60-day access to a remote cyber range to complete the following exercises independently.

  • Basic Commands for Computer Information
  • Asset Inventory
  • High-Level Risk Assessment Using CSET 
  • Introduction to Wireshark
  • Vulnerability Scanning
  • Penetration Testing 

What is Included

On-demand modules 

  • Module 1: Preparing for an Assessment (35 minutes)
  • Module 2: Risk Components (40 minutes)
  • Module 3: Conducting Cybersecurity Assessments (35 minutes)
  • Module 4: Documentation and Reporting (15 minutes)
Lab exercises
  • Access to a virtual cyber range for 60-days
  • Lab booklet to guide you through the lab exercises
  • Approximately 4 hours of lab activity

A viewable version of ISA standards for course reference

  • ISA/IEC 62443-1-1
  • ISA/IEC 62443-2-1
  • ISA/IEC 62443-3-3
  • ISA/IEC 62443-2


  • Exam registration for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist

Who Should Attend

  • Control systems engineers and managers
  • System integrators
  • IT engineers and managers industrial facilities
  • IT corporate/security professionals
  • Plant safety and risk management

Recommended Pre-requisite

ISA Course IC32 or equivalent knowledge/experience.

For more information

Contact us at +1 919-549-8411 or to start your company on the path to well-trained employees.