Assessing the Cybersecurity of New or Existing IACS Systems (IC33E) Online

Length: 7 weeks 
CEU Credits: 1.4
Course Hours: Online Course - Refer to Syllabus 
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.

Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program
Your course registration includes your registration for the exam.

  • ISA's online instructor-led training courses offer the benefit of a high quality ISA training course with the added advantage of studying at your own pace in the office, at home, or while traveling.
  • This online course utilizes online training modules, additional text materials, online evaluations, and e-mail discussions. Students will have access via email to an instructor and an opportunity to participate in live Q&A sessions with the instructor and other class participants.
  • This course runs for seven (7) weeks. You will have access to six online modules for the modular sessions. Each module is between 20 to 90 minutes. Your course syllabus will guide you through the course modules and provide assignments and the schedule for the live Q&A sessions.


Assessing the Cybersecurity of New or Existing IACS Systems (IC33E) is an online course which will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements of the project.  This course is a blended learning format which includes interactive, on-demand modules, weekly assignments and instructor call-in sessions.  Modules include instructional content, interactive reviews, video lab demonstrations conducted by an ISA Cybersecurity instructor and assessments.

You will be able to:

  • Identify and document the scope of the IACS under assessment
  • Specify, gather or generate the cybersecurity information required to perform the assessment
  • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
  • Organize and facilitate a cybersecurity risk assessment for an IACS
  • Identify and evaluate realistic threat scenarios
  • Identify gaps in existing policies, procedures and standards
  • Establish and document security zones and conduits
  • Prepare documentation of assessment results

You will cover:

  • Preparing for an Assessment: Security Life Cycle | Scope | System Architecture Diagrams | Network Diagrams | Asset Inventory | Cyber Criticality Assessment
  • Cybersecurity Vulnerability Assessment: Risk | Types of Cybersecurity Vulnerability Assessments | Gap Assessments | Passive and Active Assessments | Penetration Testing | Conducting Gap Assessments | Gap Assessment Tools | CSET
  • Conducting Vulnerability Assessments: Vulnerability Process | Pre-assessment | Standards | Research | Kick Off and Walk Thru | Passive Data Collection | Active Data Collection | Penetration Testing
  • Cyber Risk Assessments: Understanding Risk | ISA/IEC 62443-2-1 | SuC | Conduct High-level Risk Assessment | Consequence Scale | Establish Zones and Conduits | Zone and Conduit Drawings and Documentation | Document Cybersecurity Requirements
  • Conducting Cyber Risk Assessments: Detailed Cyber Risk Assessment Process | Threats | Vulnerabilities | Consequences | Likelihood | Calculate Risk | Security Levels | Countermeasures | Residual Risk | Documentation
  • Documentation and Reporting: Document to Maintain | Required Reports | Zone and Conduit Diagrams | Cybersecurity Requirements Specification (CRS)

Lab demonstrations: (Included in modules)

  • Critiquing System Architecture Diagrams
  • Asset Inventory
  • Gap Assessment
  • Windows Vulnerability Assessment
  • Capturing Ethernet Traffic
  • Port Scanning
  • Windows Vulnerability Scanning
  • Perform a High-Level Cybersecurity Risk Assessment
  • Creating a Zone & Conduit Diagram
  • Perform a Detailed Cyber Risk Assessment
  • Risk Assessment Report

Who should attend:

  • Control systems engineers and managers
  • System Integrators
  • IT engineers and managers industrial facilities
  • IT corporate/security professionals
  • Plant Safety and Risk Management

Recommended Prerequisite:

ISA Course IC32, IC32E or equivalent knowledge/experience.

Course Materials (Digital Format):

  • On-demand modules with video lab demonstrations included
    • Module 1: Preparing for an Assessment (Approx. 95 minutes)
    • Module 2: Cybersecurity Vulnerability Assessment (Approx. 35 minutes)
    • Module 3: Conducting Vulnerability Assessments (Approx. 102 minutes)
    • Module 4: Cyber Risk Assessments (Approx. 69 minutes)
    • Module 5: Conducting Cyber Risk Assessments (Approx. 80 minutes)
    • Module 6: Documentation (Approx. 15 minutes)
  • A viewable version of ISA standards for course reference
    • ISA/IEC 62443-1-1
    • ISA/IEC 62443-2-1
    • ISA/IEC 62443-3-3
    • ISA/IEC 62443-2 (draft version)
  • ISA’s Cybersecurity Assessment Challenge – a Jeopardy-style review game which can be used as a review for the certification exam (Free Add-On)
  • Exam registration for ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
  • Course Note Set and Syllabus

For more information:

Contact us at +1 919-549-8411 or to start your company on the path to well-trained employees