IACS Cybersecurity Operations & Maintenance (IC37)
Length: 3 days
Part of the ISA/IEC 62443 Cybersecurity Certificate Program
The third phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) focuses on the activities associated with the ongoing operations and maintenance of IACS cybersecurity. This involves network diagnostics and troubleshooting, security monitoring and incident response, and maintenance of cybersecurity countermeasures implemented in the Design & Implementation phase. This phase also includes security management of change, backup and recovery procedures and periodic cybersecurity audits.
This course will provide students with the information and skills to detect and troubleshoot potential cybersecurity events as well as the skills to maintain the security level of an operating system throughout its lifecycle despite the challenges of an every changing threat environment.
You will be able to:
- Perform basic network diagnostics and troubleshooting
- Interpret the results of IACS device diagnostic alarms and event logs
- Implement IACS backup and restoration procedures
- Describe the IACS patch management life cycle and procedure
- Apply an antivirus management procedure
- Define the basics of application control and white listing tools
- Define the basics of network and host intrusion detection
- Define the basics of security incident and event monitoring tools
- Implement an incident response plan
- Implement an IACS management of change procedure
- Conduct a basic IACS cyber security audit
You will cover:
- Introduction to the ICS Cybersecurity Lifecycle
- Identification & Assessment phase
- Design & Implementation phase
- Operations & Maintenance phase
- Network Diagnostics and Troubleshooting
- Interpreting device alarms and event logs
- Early indicators
- Network intrusion detection systems
- Network management tools
- Application Diagnostics and Troubleshooting
- Interpreting OS and application alarms and event logs
- Early indicators
- Application management and whitelisting tools
- Antivirus and endpoint protection tools
- Security incident and event monitoring (SIEM) tools
- IACS Cybersecurity Operating Procedures & Tools
- Developing and following an IACS management of change procedure
- Developing and following an IACS backup procedure
- IACS configuration management tools
- Developing and following an IACS patch management procedure
- Patch management tools
- Developing and following an IACS antivirus management procedure
- Antivirus and whitelisting tools
- Developing and following an IACS cybersecurity audit procedure
- Auditing tools
- IACS incident response
- Developing and following an IACS incident response plan
- Incident investigation
- System recovery
- Asset Inventory
- ICS Device Hardening
- Disabling USB Storage Devices
- Restrict access to USB drives
- Application Control / Whitelisting
- Microsoft Windows Software Update Services (WSUS)
- PLC backup and configuration management
- Change Management (MOC form)
- Event Detection Tracking and Log Monitoring
- Vulnerability Scanning
- Network Packet Capture Analysis
- Troubleshooting and Forensics
Who Should Attend?
- Operations and maintenance personnel
- Control systems engineers and managers
- System Integrators
- IT engineers and managers industrial facilities
- Plant Safety and Risk Management
Length : 3 days
Cost for ISA members: Training = € 1.875,- , Exam = € 200,- (non-ISA members pay € 2.275,- ISA membership: € 125,-)
Exam ISA/IEC 62443 Cyber Security Operations & Maintenance Specialist;
Duration: 1 half day
Location; Prometric Testing Center visit www.prometric.com/ISA
The ISA/IEC 62443 CyberSecurity Certificate exam is closed book – no reference material will be allowed in the exam room. A calculator will be provided for you on the computer at the testing center. You will not be able to bring any personal items into the exam room. A secure location will be provided for you to store your belongings while you take the exam, but the space is limited. Report to the testing center 30 minutes prior to your exam time to sign-in and receive testing instructions. You must bring the Prometric confirmation and identification in order to sit for your exam.
The exam is only available electronically through a Prometric testing center. To view the locations that are available in the Prometric network for ISA/IEC 62443 CyberSecurity certificate exams, visit www.prometric.com/ISA.You may reschedule your exam only once with no penalty, but you must do so 2 days (48 hours) prior to the exam date in the US and Canada, or 5 days (120 hours) prior to the exam date in all other Prometric locations. A € 150,- reschedule fee will apply if you do not cancel your appointment in advance. You must complete all testing within the eligibility period, or you will have to complete the course again in order to pursue the certificate.
When successfully passing the exam, you will receive the ISA/IEC 62443 Cyber Security Fundamentals Specialist certificate. The certificate will be treated as actual for a period of 3 years. After this, you need to retake the exam to extend your certificate.
All courses taught entirely in English (incompany training can be taught in the Dutch, German, French or Spanish language).
Alle trainingen worden in het Engels gegeven (incompany training kan zowel in het Nederlands, Duits, Frans of Spaans verzorgd worden).
Tous les cours dispensés entièrement en Anglais (formation incompany peut être enseigné dans les Néerlandais, la langue Française, Allemande ou Espagnole).
Alle Kurse werden ausschließlich in Englisch unterrichtet (incompany Training kann entweder in Holländisch, Deutsch, Französisch oder Spanisch unterrichtet werden).
Todos los cursos impartidos íntegramente en Inglés (formación incompany se puede enseñar en el idioma holandés, alemán, francés o español).
If you wish to register offline, download the Training Registration Form here. If you wish to register online, click on the button below.