Using the ISA/IEC 62443 Standard to Secure Your Control Systems (IC32E)

CEU Credits: 2.1 
Course Hours: Online Course - Refer to Syllabus 
A Certification of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.

Certificate Program: After successfully completing all twelve modules, students may take the exam for ISA/IEC 62443 Cybersecurity Fundamentals Specialist. The exam fee is included with this course purchase.

ISA's online instructor-led training courses offer the benefit of a high quality ISA training course with the added advantage of studying at your own pace in the office, at home, or while traveling.

This online course utilizes online training modules, additional text materials, online evaluations, and e-mail discussions. Students will have access via email to an instructor and an opportunity to participate in live Q&A sessions with the instructor and other class participants.

This online course runs for eight (8) weeks. You will have access to twelve online modules for the web/audio sessions. Each module is between 20 and 60 minutes. The course syllabus will guide you through the course modules, and provide assignments and the schedule for the live Q&A sessions.

Course Description

The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

You will be able to:

  • Discuss the principles behind creating an effective long term program security
  • Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
  • Define the basics of risk and vulnerability analysis methodologies
  • Describe the principles of security policy development
  • Explain the concepts of defense in depth and zone/conduit models of security
  • Analyze the current trends in industrial security incidents and methods hackers use to attack a system
  • Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

You will cover:

  • Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
  • How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
  • Creating A Security Program:  Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • Risk Analysis:  Business Rationale | Risk Identification, Classification, and Assessment 
  • Addressing Risk with Security Policy, Organization, and Awareness: Cyber Security Management System Scope | Organizational Security | Staff Training and Security Awareness
  • Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
  • Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
  • Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
  • Validating or Verifying the Security of Systems: What is being done? | Developing Secure Products and Systems

Modules Included:

  • Module 1: Introduction to Control Systems Security and the ISA/IEC 62443 Standards (50 min)
  • Module 2: ISA/IEC 62443-1-1 Terminology and Regulations & Standard (60 min)
  • Module 3: ISA99 Committee, The 62443 Standards, and Intro to the IACS Cybersecurity Lifecycle (35 min)
  • Module 4: Establishing an Industrial Automation and Control Systems Security Program (70 min)
  • Module 5: Industrial Networking Basics L1 - L7 (75 min)
  • Module 6: Demonstration Lab: PCAP Analysis (65 min)
  • Module 7: Network Security Basics (30 min)
  • Module 8: Industrial Protocols (25 min)
  • Module 9: ISA/IEC 62443 Models (35 min)
  • Module 10: Network Segmentation, Patch Management, and Intrusion Detection (55 min)
  • Module 11: Security Risk Assessment and System Design Intro (65 min)
  • ​Module 12: Security Program Requirements for IACS Service Providers (40 min)

Course Materials (Digital Format):

  • IC32E v2.0 Course Syllabus
  • IC32E v2.0 Noteset Volume I with sections on Course Presentation slides from course modules, Instructional Surveys/Answers and Additional Resources
  • IC32E v2.0 Noteset Volume II with the following three publications
  • ANSI / ISA 99.00.01-2007 / IEC 62443-1-1: Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts, and Models (Approved 29 October 2007)
  • ANSI / ISA 99.00.02-2009 / IEC 62443-2-1: Security for Industrial Automation and Control Systems Part 2: Establishing an Industrial Automation and Control System Security Program
  • ISA-62443.03.03 / IEC 62443-3-3: Security for Industrial Automation and Control Systems: System Security Requirements and Security Assurance Levels
  • Textbook: Industrial Automation, Second Edition, by Ronald L. Krutz

Features of ISA online courses:

Online Pre-recorded Course Modules

Your instructor has pre-recorded each course module so that you can access the course presentations on your schedule. Each module is a web/audio session that takes approximately 20–60 minutes.

Ask the Expert

Interact with your expert instructor via email throughout the course and through scheduled live Q&A sessions. You can expect a reply to your email within 24 hours. This email address is active during the entire course duration.

The Q&A sessions provide an opportunity for you and your classmates to speak one-on-one with the instructor. You will have an opportunity to ask any questions you may have about the course material and interact with your fellow classmates.

Class Discussions

You will be invited to subscribe to a course listserve that includes course participants. You can use this listserve to post questions and share experience relevant to the course with other class members.

Course Assignments and Exams

  • Take the course pre-test before you begin studying the course material to get a better understanding of areas that you will want to focus on more during the course.
  • Homework assignments for all modules will be indicated on the syllabus. The homework assignments are designed to help expand your understanding of the course material.
  • Complete the final exam for the course in order to receive Continuing Education Units (CEU) credit. The final exam will be taken and scored online. You must receive at least 80% on the course exam to receive CEU credit. (Note this exam is not the ISA/IEC 62443 Cybersecurity Fundamentals Specialist Exam)

Not sure this particular course is for you?
pre-instructional survey is available for you to evaluate your level of understanding of the course material and to show you the types of questions you'll be able to answer after completing the course.

For more information:
Contact us at +1 919-549-8411 or to start your company on the path to well-trained employees.