The purpose of the EN61 course is to manage the development and incorporation of necessary and sufficient actions to mitigate all non-tolerable risks identified during the risk assessment, complying with the requirements of the ISA/IEC-62443 series of standards in a manner consistent with the other industrial risk disciplines. Additionally, comply with the requirements of popular regulations.
The proper implementation of compensatory protections, with minimal interference in plant activities, is essential for those systems that are in operation with the main objective of creating industrial infrastructures resilient to all types of threats, even the most persistent ones.
Develop industrial cybersecurity specifications (CSRS) and influence the design of industrial and plant systems to ensure that industrial plants will be operated with all cyber risks mitigated from the launch of the new system.
This course is developed focusing on the energy, oil and gas industries. It means complying with all the requirements of the ISA/IEC-62443 series of standards, harmonizing with the typical regulations of these sectors, which are NERC, C2M2, TSA, and other popular regulations.
At the end of the EN61 course, you will be able to:
- Understand and use the results of the Cyber Risk Assessment (ASSESSMENT).
- In existing systems, incorporate by design the recommendations obtained in the previous stage (ASSESSMENT).
- Define the optimal architecture, design the incorporation of necessary changes because of the detailed risk analysis.
- Visualize, monitor and manage the progress of cybersecurity for each area and conduit as the recommendations are incorporated.
- Visualize how the current security level (SLA) will approach the target security level (SLT).
- Preparation of industrial cybersecurity specifications (CSRS) for areas and ducts.
- Prioritize the implementation of security recommendations based on the greatest contribution to risk reduction, cost, effort, Security Level Capability, etc.
- Even if you operate the system below risk tolerance, you can create policies to monitor and supervise incidents of remaining risks.
- Define and configure the appropriate cybersecurity policies for each area and conduit, necessary for the next stage of monitoring and maintenance (MAINTENANCE)
You will cover the following topics in course EN61:
- Design of Zones and Ducts to comply with the safety recommendations of the previous phase, ensuring risk mitigation with efficiency and effectiveness.
- Incorporate the requirements of standards and regulations, such as:
- International regulations ISA/IEC-62443
- National Standards, Laws and Regulations (NIST, NERC, C2M2, etc.)
- Development of its own rules and regulations.
- Design and preparation of Industrial Cybersecurity Specifications (CSRS) in Zones and Ducts for systems in the engineering phase, complying with the FR, SR, and RE of the ISA/IEC-62443-3-3 standard.
- Implementation of security in Zones and Conduits, prioritizing countermeasures according to effectiveness and efficiency to mitigate residual cyber risk, maintaining consistency between:
- Procedural Countermeasures,
- Technological Countermeasures, and
- Physical Countermeasures.
- Manage the implementation of countermeasures for the effective, reliable, and credible mitigation of Industrial Cyber Risk until reaching the Risk Tolerable by the organization.
- Design specifications for detection, monitoring and alerting systems (ARMS) for the rationalization of alerts and event response plans, minimizing false positives. This specification is the entry to the MAINTAIN (Operation and Maintenance) phase.
- For industrial systems with unmitigated risk,
- For industrial systems with mitigated risk.
Who is it aimed at?
- Recommended for any professional dedicated to the design and/or implementation of industrial systems, industrial networks, monitoring systems, industrial cybersecurity, monitoring systems, detection, access control, segmentation, and all security aspects related to the systems industrial.
- The participation of IT security managers, system integrators, industrial control system providers, plant engineers, production and plant operation management, industrial security, specialists in security instrumented systems and maintenance personnel is recommended, whether they are high or middle management.
Requirements:
Have taken and passed the EN60 course.
Deliverables:
Participants will receive the material digitally through the educational platform, including the following materials.
- Access to the lessons of course 2161 online.
- Various documents, videos, and complementary material so that participants can delve deeper.
- Access to educational campus to download additional information and software.
Certificates:
A first certificate of knowledge is issued upon completion of course EN61
- Certificate: “Practitioner in Design and Implementation of Cybersecurity in Industrial Systems”
- CRE credits: 1.6
- The certification exam is taken in class at the end of the course. Available in Spanish, Portuguese, and English.
A second experience certificate is issued after practical implementation in real projects.
- Certificate: “Expert in Design and Implementation of Cybersecurity in Industrial Systems”
- CRE Credits: cumulative, depending on the duration of the activities carried out by the practitioner.
Recognitions:
All participants who meet the course requirements and successfully pass the final exam with a good grade will be awarded a Digital Badge. The Digital Badge certifies that the participant has attended the 2161 training course and has completed the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge.