Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
Length: 3 days
Part of the ISA/IEC 62443 Cybersecurity Certificate Program
The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).
This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.
You Will Be Able to:
- Identify and document the scope of the IACS under assessment
- Specify, gather or generate the cybersecurity information required to perform the assessment
- Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
- Organize and facilitate a cybersecurity risk assessment for an IACS
- Identify and evaluate realistic threat scenarios
- Identify gaps in existing policies, procedures and standards
- Establish and document security zones and conduits
- Prepare documentation of assessment results
- Critiquing system architecture diagrams
- Asset Inventory
- Gap Assessment
- Windows Vulnerability Assessment
- Capturing Ethernet Traffic
- Port Scanning
- Using Vulnerability Scanning Tools
- Perform a high-level risk assessment
- Creating a zone & conduit diagram
- Perform a detailed cyber risk assessment
- Critiquing a cybersecurity requirements specification
Who Should Attend:
- Control systems engineers and managers
- System Integrators
- IT engineers and managers industrial facilities
- IT corporate/security professionals
- Plant Safety and Risk Management
Length : 3 days
Cost for ISA members: Training = € 1.875,- , Exam = € 200,- (non-ISA members pay € 2.275,- ISA membership: € 125,-)
Exam ISA/IEC 62443 Cyber Security Fundamentals Specialist;
Duration: 1 half day
Location; Prometric Testing Center visit www.prometric.com/ISA
The ISA/IEC 62443 CyberSecurity Certificate exam is closed book – no reference material will be allowed in the exam room. A calculator will be provided for you on the computer at the testing center. You will not be able to bring any personal items into the exam room. A secure location will be provided for you to store your belongings while you take the exam, but the space is limited. Report to the testing center 30 minutes prior to your exam time to sign-in and receive testing instructions. You must bring the Prometric confirmation and identification in order to sit for your exam.
The exam is only available electronically through a Prometric testing center. To view the locations that are available in the Prometric network for ISA/IEC 62443 CyberSecurity certificate exams, visit www.prometric.com/ISA.You may reschedule your exam only once with no penalty, but you must do so 2 days (48 hours) prior to the exam date in the US and Canada, or 5 days (120 hours) prior to the exam date in all other Prometric locations. A € 150,- reschedule fee will apply if you do not cancel your appointment in advance. You must complete all testing within the eligibility period, or you will have to complete the course again in order to pursue the certificate.
When successfully passing the exam, you will receive the ISA/IEC 62443 Cyber Security Fundamentals Specialist certificate. The certificate will be treated as actual for a period of 3 years. After this, you need to retake the exam to extend your certificate.
All courses taught entirely in English (incompany training can be taught in the Dutch, German, French or Spanish language).
Alle trainingen worden in het Engels gegeven (incompany training kan zowel in het Nederlands, Duits, Frans of Spaans verzorgd worden).
Tous les cours dispensés entièrement en Anglais (formation incompany peut être enseigné dans les Néerlandais, la langue Française, Allemande ou Espagnole).
Alle Kurse werden ausschließlich in Englisch unterrichtet (incompany Training kann entweder in Holländisch, Deutsch, Französisch oder Spanisch unterrichtet werden).
Todos los cursos impartidos íntegramente en Inglés (formación incompany se puede enseñar en el idioma holandés, alemán, francés o español).
If you wish to register offline, download the Training Registration Form here. If you wish to register online, click on the button below.