EN60 EN 3v20 – Cyber Risk Assessment in New and Existing Industrial Systems in Energy, Oil & Gas.

· October 20, 2023

The purpose of the EN60 course is to manage the development of the activities necessary to carry out the assessment of industrial cyber risks, meeting all the requirements of the ISA/IEC-62443 series of standards, easily, quickly and ensuring compliance.

The methodology for correctly evaluating cyber risks is essential to make the right decisions with the main objective of creating industrial infrastructures resilient to all types of threats, even the most persistent ones.

This course is developed focusing on the energy, oil and gas industries. It means complying with all the requirements of the ISA/IEC-62443 series of standards, harmonizing with the typical regulations of these sectors, which are NERC, C2M2, TSA, and other popular regulations.

At the end of the EN60 course, you will be able to:

  • Understand the requirements of the ISA/IEC-62443 series of standards for the Cyber ​​Risk Assessment (ASSESSMENT) phase.
  • Understand the requirements of popular regulations, such as, NERC/CIP, C2M2 and others.
  • Develop clarity about the deliverables to be produced at the end of each of the activities.
  • Develop all activities successfully, making optimal use of resources and time.
  • Correctly identify the system under consideration, whether these systems are existing or future.
  • Evaluate the organization’s capabilities, its good practices, and identify potential opportunities for improvement.
  • Identify all potential consequences to be avoided and mitigated during decision-making.
  • Develop reasonable and appropriate vulnerability studies for accurate risk assessment.
  • Participate in and/or lead a detailed cyber risk assessment based on realistic consequences.
  • Make good decisions consistently with other industrial risk disciplines.
  • Develop a clear and effective action plan for risk reduction according to the company’s risk matrix and risk tolerance.

Course Contents EN60:

  • Introduction to industrial risk assessment.
    • ISA/IEC-62443 standards
    • Popular regulations (NIST, NERC, C2M2,…)
  • Necessary objectives, concepts and definitions.
  • Activities to be developed to correctly evaluate risks.
    • Necessary inputs and outputs to be produced with each activity.
  • Identification and evaluation of the government layer (GOV).
    • Strengths and weaknesses,
    • Potential opportunities for improvement.
  • Identification and evaluation of the system under consideration (SUC).
    • Zones and Ducts,
    • Vulnerabilities,
  • Identification and evaluation of industrial processes (AUC).
    • Criticality or high-level risk assessment,
    • Identification of potential consequences.
  • Detailed risk assessment, results to be produced.
    • Operational (industrial) risk matrices,
    • Determination of objective security levels (SLT)
    • Preparation of risk scenarios,
    • Risk assessment and mitigation decision-making.
    • Evaluation of the effectiveness and efficiency of existing countermeasures.
    • Determination of compensatory countermeasures.
    • Optimal segmentation of the SUC.
  • Preparation of necessary reports and reports.


  • Course Material.
  • Access to Educational Campus.
  • Complementary material in digital form is available on the educational campus.


It is recommended to have taken and passed the EN50 course.


A first certificate of knowledge is issued upon completion of the course

  • Certificate: “Cyber ​​Risk Assessment Practitioner in New and Existing Industrial Systems”
  • CRE credits: 1.6
  • The certification exam is taken in class at the end of the course. Available in Spanish, Portuguese, and English.

A second experience certificate is issued after practical implementation in real projects.

  • Certificate: “Expert in Cyber ​​Risk Assessment in New and Existing Industrial Systems”
  • CRE Credits: cumulative, depending on the duration of the activities carried out by the practitioner.


All participants who meet the course requirements and successfully pass the final exam with a good grade will be awarded a Digital Badge. The digital Badge certifies that the participant has attended the EN60 training course and has completed the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge.

Not Enrolled
This course is currently closed

Course Includes

  • 5 Lessons
  • 1 Quiz
  • Course Certificate
Click to access the login or register cheese