This course will provide students with the information and skills needed to assess the cybersecurity of a new IACS or in existing IACSs and develop a specification of cybersecurity requirements that can be used to document the project’s cybersecurity requirements.
This training course contains a suitable number of practical laboratory-type exercises. For participants to take the professional certification exam in the SCANTRON network, they must complete all the exercises and attend 100% of the classes and/or sessions.
Current version of the course: 3.0
You Will Be Able to:
- Identify and document the scope of IACSs under evaluation and under consideration
- Specify, gather, or generate the cybersecurity information necessary to perform the assessment
- Identify or discover cybersecurity vulnerabilities inherent in the product or system under consideration
- Organize and facilitate a cybersecurity risk assessment for an integrated system
- Identify and evaluate realistic threat scenarios
- Identify gaps in existing company policies, procedures and standards
- Establish and document safety zones and conduits
- Prepare documentation of the results of the evaluation.
You Will Cover:
- Preparing for an Assessment
- Cybersecurity Vulnerability Assessment
- Conducting Vulnerability Assessments
- Cyber Risk Assessments
- Conducting Cyber Risk Assessments
- Documentation and Reporting
- And more…
- Critiquing system architecture diagrams
- Asset inventory
- Gap Assessment
- Windows Vulnerability Assessment
- Capturing Ethernet Traffic
- Port Scanning
- Using Vulnerability Scanning Tools
- Perform a high-level risk assessment
- Creating a zone & conduit diagram
- Perform a detailed cyber risk assessment
- Critiquing a cybersecurity requirements specification
Who Should Attend:
- Control systems engineers and managers
- System Integrators
- IT engineers and managers of industrial facilities
- IT corporate/security professionals
- Plant Safety and Risk Management
ISA Course IC32 or equivalent knowledge/experience.
The main objectives of ISA training is to make sure that the audience understands and interprets the requirements of the ISA/IEC-62443 series of standards correctly and what needs to be done.
While the exercises and products used in the lab helps to understand the concepts, it is not within the objectives of ISA to recommend any specific solution or to show how to comply with the multiple requirements.