IACS Cybersecurity Operations & Maintenance (IC37)

guy in control room

IACS Cybersecurity Operations & Maintenance (IC37) focuses on the activities associated with the ongoing operations and maintenance of IACS cybersecurity implemented in the Design & Implementation phase. This involves network diagnostics and troubleshooting, security monitoring and incident response, and maintenance of the implemented cybersecurity countermeasures. This phase also includes security management of change, backup and recovery procedures, and periodic cybersecurity audits. IC37 will provide students with the information and skills to detect and troubleshoot potential cybersecurity events as well as the skills to maintain the security level of an operating system throughout its lifecycle despite the challenges of an ever-changing threat environment.

ISA/IEC 62443 Cybersecurity Maintenance Specialist badge
IC37 is fourth and final course in the ISA/IEC 62443 Cybersecurity Certificate Program. The course registration includes the exam fee. Pass the exam to earn the ISA/IEC 62443 Cybersecurity Maintenance Specialist Certificate designation. 


Successful completion of Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) and passing the ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate exam are mandatory prerequisites for this course. 

Who Should Attend IC37?

  • Control systems engineers and managers
  • System integrators
  • IT engineers and managers in industrial facilities
  • Plant managers
  • Plant safety and risk management personnel

View Offerings by Format

Classroom (IC37)

Length: 3 days 
CEU Credits: 2.1 

View Classroom Offerings (IC37)

Virtual Classroom (IC37V)

Length: 3 days 
CEU Credits: 2.1 

View Virtual Classroom Offering (IC37V)

Self-Paced Modular Course (IC37M)

Length: Five Modules (Approximately five hours total);
CEU Credits: 0.5

View Self-Paced Module Offering (IC37M)

Learning Objectives

  • Perform basic network diagnostics and troubleshooting
  • Interpret the results of IACS device diagnostic alarms and event logs
  • Implement IACS backup and restoration procedures
  • Describe the IACS patch management lifecycle and procedure
  • Apply an antivirus management procedure
  • Define the basics of:
    • application control and whitelisting tools
    • network and host intrusion detection
    • security incident and event monitoring tools
  • Implement an:
    • incident response plan
    • IACS management of change procedure
  • Conduct a basic ISCS cybersecurity audit

Topics Covered

Introduction to the ICS Cybersecurity Lifecycle

  • Identification & Assessment phase
  • Design & Implementation phase
  • Operations & Maintenance phase

Network Diagnostics and Troubleshooting

  • Interpreting device alarms and event logs
  • Early indicators
  • Network intrusion detection systems
  • Network management tools

Security Monitoring & Detection

  • Interpreting OS and application alarms and event logs
  • Early indicators
  • Application management and whitelisting tools
  • Antivirus and endpoint protection tools
  • Security incident and event monitoring (SIEM) tools

Security Management & Maintenance

  • Develop and follow an IACS:
    • Management of change procedure
    • Backup procedure
    • Patch management procedure
    • Antivirus management procedure
    • Cybersecurity audit procedure
  • IACS configuration management tools
  • Patch management tools
    • Antivirus and whitelisting tools
    • Auditing tools

IACS incident response and recovery

  • Develop and follow an IACS incident response plan
  • Incident investigation
  • System recovery

Classroom/Laboratory Exercises

Classroom formats only

  • Build the Board
  • Allowlisting
  • Patch management
  • Snort intrusion detection system
  • Monitoring
  • Troubleshooting
  • Incident recovery
  • Security Information and Event Management (SIEM)

Modular formats only  

  • Network diagnostics and troubleshooting
  • Intrusion detection alarm
  • Event monitoring
  • Configuration management
  • Patch management
  • Anti-virus management
  • Whitelisting
  • Vulnerability scanning tools
  • Incident response
  • Backup and recovery

Resources Included



Industrial Automation and Control System Security Principles, Second Edition, by Ronald L. Krutz, PhD, PE (Note: this book is included with courses IC32M and IC32E formats only. It is recommended reading for courses IC32 and IC32V)

Recommended Reading

ISA Cybersecurity Library

Not sure this course is right for you?

Complete a knowledge check designed to evaluate your level of understanding of the course material and show you the types of questions you’ll be able to answer after completing the course.

Take the IC37 Knowledge Check

Custom Training Solutions

If your company is interested in bringing training on site to your team, please contact trainingsales@isa.org or call +1 919-549-8411.

ISA Member Discount

To get the member price on today’s purchase, log in as a member or complete the join process before you complete your purchase. To join and/or register by phone, call customer service at +1 919-549-8411.