2133 VEN – Vulnerability Analysis and Cyber Risk Assessment in New and Existing Industrial Systems (IC33 v3.0)

‎The first phase in the Industrial Systems Cybersecurity (IACS – defined in ‎‎ISA‎‎/IEC-62443-1-1) lifecycle consists of identifying and documenting industrial assets (IACS) and performing a cybersecurity vulnerability analysis and risk assessment to identify and understand high-risk vulnerabilities that require mitigation. For ‎‎ISA‎‎/IEC-62443-2-1 these assessments must be performed on both existing (Brownfield) and new (Greenfield) applications. Part of the assessment process involves developing a zone and conduit model of the systems under consideration, identifying security level objectives, and documenting cybersecurity requirements into a cybersecurity requirements specification (‎‎CSRS‎‎).‎
· December 2, 2022

‎This course will provide students with the information and skills needed to assess the cybersecurity of a new IACS or in existing IACSs and develop a specification of cybersecurity requirements that can be used to document the project’s cybersecurity requirements.‎

‎This training course contains a suitable number of practical laboratory-type exercises. For participants to take the professional certification exam in the SCANTRON network, they must complete all the exercises and attend 100% of the classes and/or sessions.‎

‎Current version of the course‎: 3.0

You Will Be Able to:

  • ‎Identify and document the scope of IACSs under evaluation and under consideration‎
  • ‎Specify, gather, or generate the cybersecurity information necessary to perform the assessment‎
  • ‎Identify or discover cybersecurity vulnerabilities inherent in the product or system under consideration‎
  • ‎Organize and facilitate a cybersecurity risk assessment for an integrated system‎
  • ‎Identify and evaluate realistic threat scenarios‎
  • ‎Identify gaps in existing company policies, procedures and standards‎
  • ‎Establish and document safety zones and conduits‎
  • ‎Prepare documentation of the results of the evaluation.‎

You Will Cover:

  • Preparing for an Assessment
  • Cybersecurity Vulnerability Assessment
  • Conducting Vulnerability Assessments
  • Cyber Risk Assessments
  • Conducting Cyber Risk Assessments
  • Documentation and Reporting
  • And more…

Classroom/Laboratory Demo:

  • Critiquing system architecture diagrams
  • Asset inventory
  • Gap Assessment
  • Windows Vulnerability Assessment
  • Capturing Ethernet Traffic
  • Port Scanning
  • Using Vulnerability Scanning Tools
  • Perform a high-level risk assessment
  • Creating a zone & conduit diagram
  • Perform a detailed cyber risk assessment
  • Critiquing a cybersecurity requirements specification

Who Should Attend:

  • Control systems engineers and managers
  • System Integrators
  • IT engineers and managers of industrial facilities
  • IT corporate/security professionals
  • Plant Safety and Risk Management

Recommended Pre-Requisite:

ISA Course IC32 or equivalent knowledge/experience.

The main objectives of ISA training is to make sure that the audience understands and interprets the requirements of the ISA/IEC-62443 series of standards correctly and what needs to be done.

While the exercises and products used in the lab helps to understand the concepts, it is not within the objectives of ISA to recommend any specific solution or to show how to comply with the multiple requirements.

+7 enrolled
Not Enrolled
This course is currently closed

Course Includes

  • 6 Lessons
  • 9 Quizzes
  • Course Certificate
Click to access the login or register cheese
You cannot copy content. You can download from download areas.