Length : 3 Days
CEU Credits : 2.1
Course Hours :
Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program
Your course registration includes your registration for the exam.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.
Description:
The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).
This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.
You Will Be Able to:
- Identify and document the scope of the IACS under assessment
- Specify, gather or generate the cybersecurity information required to perform the assessment
- Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
- Organize and facilitate a cybersecurity risk assessment for an IACS
- Identify and evaluate realistic threat scenarios
- Identify gaps in existing policies, procedures and standards
- Establish and document security zones and conduits
- Prepare documentation of assessment results
You Will Cover:
- Preparing for an Assessment
- Cybersecurity Vulnerability Assessment
- Conducting Vulnerability Assessments
- Cyber Risk Assessments
- Conducting Cyber Risk Assessments
- Documentation and Reporting
- And more…
Classroom/Laboratory Exercises:
- Critiquing system architecture diagrams
- Asset Inventory
- Gap Assessment
- Windows Vulnerability Assessment
- Capturing Ethernet Traffic
- Port Scanning
- Using Vulnerability Scanning Tools
- Perform a high-level risk assessment
- Creating a zone & conduit diagram
- Perform a detailed cyber risk assessment
- Critiquing a cybersecurity requirements specification
Who Should Attend:
- Control systems engineers and managers
- System Integrators
- IT engineers and managers industrial facilities
- IT corporate/security professionals
- Plant Safety and Risk Management
Recommended Pre-Requisite:
ISA Course IC32 or equivalent knowledge/experience.
Recommended Reading:
To Register : https://myisa.force.com/ISA/s/community-event?id=a1U1I00000CXP3nUAH#/Course%20Description
Register