2133 VEN – Vulnerability Analysis and Cyber Risk Assessment in New and Existing Industrial Systems (IC33 v2.0)

The first phase in the IACS Cybersecurity Lifecycle (defined in ISA/IEC 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA/IEC 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).
· March 7, 2023

‎Version of this course‎: 2.0

The version of this training course has been superseded by the new version 3.0. The material in this version is only available for previous students to study and review purposes only. The lab exercise and final evaluation has been intentionally removed.

You Will Be Able to:

  • ‎Identify and document the scope of IACSs under evaluation and under consideration‎
  • ‎Specify, gather, or generate the cybersecurity information necessary to perform the assessment‎
  • ‎Identify or discover cybersecurity vulnerabilities inherent in the product or system under consideration‎
  • ‎Organize and facilitate a cybersecurity risk assessment for an integrated system‎
  • ‎Identify and evaluate realistic threat scenarios‎
  • ‎Identify gaps in existing company policies, procedures and standards‎
  • ‎Establish and document safety zones and conduits‎
  • ‎Prepare documentation of the results of the evaluation.‎

You Will Cover:

  • Preparing for an Assessment
  • Cybersecurity Vulnerability Assessment
  • Conducting Vulnerability Assessments
  • Cyber Risk Assessments
  • Conducting Cyber Risk Assessments
  • Documentation and Reporting
  • And more…

Classroom/Laboratory Demo:

  • Critiquing system architecture diagrams
  • Asset inventory
  • Gap Assessment
  • Windows Vulnerability Assessment
  • Capturing Ethernet Traffic
  • Port Scanning
  • Using Vulnerability Scanning Tools
  • Perform a high-level risk assessment
  • Creating a zone & conduit diagram
  • Perform a detailed cyber risk assessment
  • Critiquing a cybersecurity requirements specification

Who Should Attend:

  • Control systems engineers and managers
  • System Integrators
  • IT engineers and managers of industrial facilities
  • IT corporate/security professionals
  • Plant Safety and Risk Management

Recommended Pre-Requisite:

ISA Course IC32 or equivalent knowledge/experience.

The main objectives of ISA training is to make sure that the audience understands and interprets the requirements of the ISA/IEC-62443 series of standards correctly and what needs to be done.

While the exercises and products used in the lab helps to understand the concepts, it is not within the objectives of ISA to recommend any specific solution or to show how to comply with the multiple requirements.

+33 enrolled
Not Enrolled
This course is currently closed

Course Includes

  • 4 Lessons
  • 1 Quiz
  • Course Certificate
Click to access the login or register cheese
You cannot copy content. You can download from download areas.