Assessing the Cybersecurity of New or Existing IACS Systems (IC33)

///Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
Loading Events

Assessing the Cybersecurity of New or Existing IACS Systems (IC33)

September 15, 2021 - September 17, 2021

 

Length : 3 Days

CEU Credits : 2.1

Course Hours :

Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program

Your course registration includes your registration for the exam.

Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.

Description:

The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).

This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.

You Will Be Able to:

  • Identify and document the scope of the IACS under assessment
  • Specify, gather or generate the cybersecurity information required to perform the assessment
  • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
  • Organize and facilitate a cybersecurity risk assessment for an IACS
  • Identify and evaluate realistic threat scenarios
  • Identify gaps in existing policies, procedures and standards
  • Establish and document security zones and conduits
  • Prepare documentation of assessment results

You Will Cover:

  • Preparing for an Assessment
  • Cybersecurity Vulnerability Assessment
  • Conducting Vulnerability Assessments
  • Cyber Risk Assessments
  • Conducting Cyber Risk Assessments
  • Documentation and Reporting
  • And more…

Classroom/Laboratory Exercises:

  • Critiquing system architecture diagrams
  • Asset Inventory
  • Gap Assessment
  • Windows Vulnerability Assessment
  • Capturing Ethernet Traffic
  • Port Scanning
  • Using Vulnerability Scanning Tools
  • Perform a high-level risk assessment
  • Creating a zone & conduit diagram
  • Perform a detailed cyber risk assessment
  • Critiquing a cybersecurity requirements specification

Who Should Attend:

  • Control systems engineers and managers
  • System Integrators
  • IT engineers and managers industrial facilities
  • IT corporate/security professionals
  • Plant Safety and Risk Management

Recommended Pre-Requisite:

ISA Course IC32 or equivalent knowledge/experience.

Recommended Reading:

Cybersecurity Library

To Register : https://myisa.force.com/ISA/s/community-event?id=a1U1I00000CXP3nUAH#/Course%20Description

Register

Organizer

Glen Wood

Phone

N/A

Email

glnwd15@gmail.com

Venue

Burns McDonnell,1898 & Co.

1700 West Loop South,

Houston , - 77027

United States. + Google Map