The use of open standards such as Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and production process control networks, has begun to expose these systems to the same cyberattacks that have wreaked so much havoc on corporate information systems. This course provides a detailed look at how ISA/IEC-62443 standards can be used to protect your critical control systems. This also explores the procedural and technical differences between traditional security for IT environments and those appropriate solutions for SCADA or plant floor environments. Obtain the Professional Certification of International Validity “Industrial Cybersecurity Fundamentals Specialist” of ISA99. This is the first stage in the ISA/IEC-62443 Series Professional Certification Program.
Main objective of the course, IC32 (2132)
ISA’s main objective is for participants to understand and interpret the multiple requirements of the ISA/IEC-62443 series of international standards in the correct way. The official ISA courses are agnostic and do not claim to recommend a specific tool to meet the requirements of the standards. In general terms, the standards indicate what must be done and do not specifically indicate how the requirements must be met. It is the user’s responsibility to make that selection. It all starts with a good understanding and interpretation of the requirements.
The purpose of the IC32 course is to introduce the audience to the concepts, definitions, and fundamentals of industrial cybersecurity. By itself, the IC32 course is insufficient. We recommend taking the IC32 course along with the IC33 or immediately for better value and return on investment.
Para la audiencia de habla hispana (y portuguesa) el material de estudio se dispone en idioma inglés. La evaluación de certificación profesional se encuentra disponible únicamente en idioma inglés, al igual que la serie de normas ISA/IEC-62443. La traducción de las normas no está aprobada ni autorizada por el Comité ISA99.
At the end of the 2132 course, you will be able to
- Discuss the principles behind a long-term Industrial Cybersecurity Program.
- Interpret the ISA/IEC-62443 Cybersecurity Guidelines and apply them in your operation.
- Define the fundamentals of risk and methodologies for vulnerability analysis.
- Describe the principles for the development of its Security Policies.
- Explain defense-in-depth concepts and zone/conduit models of security.
- Analyze current trends in industrial security incidents and use of hacker methods to attack a system.
- Define the principles behind key risk mitigation techniques, antivirus and update patches, firewalls and virtual private networks.
It will cover in the course the following topics
- Understanding the current industrial safety environment: What is electronic security for industrial control and automation systems?, What is different and in common about IT and industrial systems?
- How Do Cyber-Attacks Happen?: Understanding the attack vectors and the steps to a successful attack.
- Creating an Industrial Cybersecurity Program: critical success factors and a complete understanding of the ISA/IEC-62443-2-1 standard (ANSI/ISA.99.02.01-2009).
- Risk Analysis: business rationality, risk identification, classification, and security audit. DNSAM methodology.
- Study of the level of risk with its security, organization, and awareness policies: CSMS scope, organizational security, staff training and awareness.
- Study of the level of risk with the selected remediation measures: personnel security, physical and environmental security, network segmentation and access control.
- Reached the level of risk, with the implementation of measurements: risk management and implementation, system development and maintenance, documentation and information management.
- Monitoring and Improvement of the CSMS: compliance and review to improve and maintain the CSMS.
Practical exercises to be done in class
- Development of business cases for Industrial Cybersecurity.
- Examples and case studies demonstrated by the instructor.
- This course has no practical laboratory exercises.
Requirements
There is no specific requirement that you must meet or demonstrate to be accepted into the official ISA IC32 (2132) course. However, it is recommended that you have at least one of the following knowledge and experience:
- Knowledge and experience in the implementation of industrial control systems, SCADA system, security instrumented systems and others.
Knowledge and experience in the implementation of information security, information cybersecurity, or IT security.
Deliverables
Participants will receive in the class (face-to-face) at home (virtual) access to the following materials. Optional printed material may be provided at an additional cost.
- Printed course lessons.
- ISA/IEC-62443 standards used in the course.
- Educational campus to download complementary information and software.
- Eligibility to obtain the official certificate. (Requires 100% assistance)
Certificate N° 1: Specialist in Fundamentals of Industrial Cybersecurity
- CEU Credits: 1.4
- The exam to obtain the professional certification is taken separately, with a maximum period of up to 6 months of completion of the course. Currently, the exam is taken only in English Language.
- UPDATED: The professional certification exam is included in the price. You can add as many opportunities as you need within 6 months of completing the course, paying the additional fee of USD 150- for each new opportunity.
Recognitions
All participants who meet the course requirements and who successfully pass the final exam with a good grade will be awarded a Digital Badge. The Digital Badge certifies that the participant has attended the 2132 training course and has taken the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge reasonably. It is required that the participant completes all the requirements of the course to be qualified to take the professional certification exam described below.
Professional certificate of international recognition
All participants who have successfully completed 100% of the objectives of the IC32 course will be able to take the IC32 CyberSecurity Fundamentals Specialist international validity certification exam at the authorized offices of ISA. Students who have successfully completed the course will be able to take the exam as many times as they need during a maximum period of 6 months and thus obtain their professional certification. The professional certification exam is of the multiple choice type and is developed only in English. Therefore, participants are required to have good command of the written technical English language.
The main objectives of ISA training is to make sure that the audience understands and interprets the requirements of the ISA/IEC-62443 series of standards correctly and what needs to be done.
While the exercises and products used in the lab helps to understand the concepts, it is not within the objectives of ISA to recommend any specific solution or to show how to comply with the multiple requirements.