Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32)


The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

This course is available in four formats:

  • Virtual: Two days in a virtual classroom with a live instructor in real-time.
    View all offerings
  • Online, Instructor-Assisted: Eight-week access to 12 course modules, instructor-developed course roadmap, and multiple scheduled, live instructor-led discussions.
    View all offerings
  • Self-Paced, E-Learning: One-year access to complete 12 modules.
    Buy now

Not sure if this course is right for you? Take the first module free!
Then choose the format that best fits your needs for the full course.

Each format provides a Certificate of Completion indicating the total number of CEUs earned upon successful completion of the course.

Certificate Progam

This course is part of the ISA/IEC 62443 Cybersecurity Certificate Program. Course registration includes your fee for the exam. Complete the course and pass the exam to earn the ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate.

You will be able to:

  • Discuss the principles behind creating an effective long term program security
  • Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
  • Define the basics of risk and vulnerability analysis methodologies
  • Describe the principles of security policy development
  • Explain the concepts of defense in depth and zone/conduit models of security
  • Analyze the current trends in industrial security incidents and methods hackers use to attack a system
  • Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

You will cover:

  • Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
  • How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
  • Creating A Security Program:  Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • Risk Analysis:  Business Rationale | Risk Identification, Classification, and Assessment 
  • Addressing Risk with Security Policy, Organization, and Awareness: CSMS Scope | Organizational Security | Staff Training and Security Awareness
  • Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
  • Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
  • Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS

Classroom/Laboratory Exercises:

  • Learn how to use built in Windows Operating System (OS) command line prompts to enumerate and understand a network
  • Introduce the use of port scanning utilities to identify open ports, running services, OS, and other attributes of a network connected device
  • Investigate the use of packet capturing tools to display and analyze network traffic
  • Apply a free windows baseline security analyzer tool from Microsoft 

Includes ISA Standards:

  • ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
  • ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • ANSI/ISA-62443-3-3,  Security for industrial automation and control systems: System security requirements and security levels

Recommended Prerequisites:

  • There are no required prerequisites for taking this course; however, it is highly recommended that applicants have at least one to three years of experience in the cybersecurity field with some experience in an industrial setting.
  • ISA Courses TS06, TS12, or equivalent knowledge/experience would be beneficial.
  • Note from the Instructor: One of the challenges I have had in teaching IC32 is students attending without any or limited knowledge of TS06, TS12 or cybersecurity general principles. IC32 is a 14 hour boot camp style class and there is not a lot of time to teach basic comms and cybersecurity.

Not sure this particular course is for you?

pre-instructional survey is available for you to evaluate your level of understanding of the course material and to show you the types of questions you'll be able to answer after completing the course.


If you wish to register offline, download the Training Registration Form, complete, and return to ISA with your payment.

For information about brining this course to your location, contact us at +1 919-549-8411 or to start your company on the path to well-trained employees.