Version of this course: 4.2
This course has been superseded by a newer version and is no longer available for new participants. Previous participants will still be able to access the training material for a limited period of time for studying purposes, and might still have access to ISA/IEC-62443 series of standards on the library.
You will be able to:
- Discuss the need for and importance of control system security.
- Learn about current principles and best practices.
- Understand the structure and content of the ISA/IEC-62443 series of documents
- Discuss the principles behind creating an effective long-term security program.
- Learn the basics of risk analysis, industrial networks, and network security.
- Understand the concepts of defense in depth and zones and conduits.
- Learn how to apply key risk mitigation techniques, such as antivirus, patch management, firewalls, and virtual private networks
- Learn how secure software development strategies can make systems inherently more secure
- Know what is being done to validate or verify the security of the systems.
You will cover:
- Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
- How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
- Creating A Security Program: Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
- Risk Analysis: Business Rationale | Risk Identification, Classification, and Assessment | The DNSAM Methodology
- Addressing Risk with Security Policy, Organization, and Awareness: CSMS Scope | Organizational Security | Staff Training and Security Awareness
- Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
- Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
- Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
The main objectives of ISA training is to make sure that the audience understands and interprets the requirements of the ISA/IEC-62443 series of standards correctly and what needs to be done.
While the exercises and products used in the lab helps to understand the concepts, it is not within the objectives of ISA to recommend any specific solution or to show how to comply with the multiple requirements.