EN99 EN 3v20 – Good practices in the management of security events and alerts in industrial systems with ISA/IEC-62443

· September 2, 2024

Cybersecurity requires monitoring, detecting, monitoring, and alerting based on many cybersecurity events that occur in control systems. This activity, necessary to accompany the safe operation of the plant, requires a series of fundamental activities that must be correctly executed prior to its implementation.

The generation of security alerts is followed by assertive, immediate management of cyber incidents with no tolerance for delays. Alerts must be classified and categorized according to a realistic risk possibility and in context with the industrial process, without false positives. Responses must be specific and quick to ensure preventive, effective, and efficient avoidance of potential consequences.

The generation of cybersecurity alerts (cyber incidents) may or may not have a correlation with process disturbances and alarms and finally the occurrence of potential consequences. Developing the ability to anticipate physical facts about the plant requires specific knowledge that can only be achieved with specific knowledge of the plant.

It is crucial to design and implement surveillance, alert, and incident management systems – without false alerts – through a security alert rationalization process, based on specific knowledge and the result of the detailed cyber risk assessment.

Additionally, when monitoring, alerting, and responding to cybersecurity incidents, it is significantly different to do so on a system that has all its risks mitigated, than on a system that does not.

EN99 Course Objectives:

The objective of the course is to know the main activities and requirements of the Security Alert Management Life Cycle in accordance with ISA/IEC-62443 and ANSI/ISA-18.2-2016, for the development, design, installation, and administration of a Cybersecurity Alert System in industrial processes.

To meet this objective, the concepts, models and conceptualization for the handling and management of alerts will be presented, and the application of these criteria for the development of the alert philosophy, alert rationalization, basic alert design, advanced alert techniques, HMI design for alerts, monitoring evaluation, detection, and response actions.

Participants will learn the activities of the alert management lifecycle with reference to the ISA/IEC-62443 and ISA/18.2 standard and how to address common problems of security alert and process alarm management systems. Key benefits of attending this course include:

  • Learn best practices to improve alert system performance.
  • Learning methods to solve common alert management problems.
  • Learn about best practices for effective and successful implementation of the alert management system.
  • Avoid generating false security alerts that lead to no action or distractions.
  • You design responses to security alerts before they occur with fast and accurate responses.
  • Learn the metrics to measure success in alert management and continuous improvement.

At the end of the EN99 course, participants will be able to:

  • Develop an alert management philosophy.
  • Identify alerts.
  • Streamline alerts, including classification and prioritization.
  • Design basic alerts, their monitoring, detection, and notification.
  • Determine when advanced warning techniques should be used.
  • Document alerts for operations.
  • Design reports monitoring and evaluating the performance of the alert system.
  • Manage changes to alert systems.

To meet the proposed objectives, a scheduled time intensity of 16 hours is required.

Course Contents:

  • Introduction.
    • Vision over time of the Design of an Alert System.
    • History of Accidents referred to Alert Management.
    • Importance of Alert Management.
    • Principles, Guides, Standards and Best Good Practices.
    • Management of an Alert System based on ISA/IEC-62443 and ISA/18.2-2016.
  • Philosophy and Alert Identification.
  • Rationalization of alerts.
    • Preparation of alert rationalization.
    • Justification of the alerts.
    • Alert prioritization.
    • Alert classification.
  • Alarm design.
    • Alert status.
    • Types of alerts.
    • Configuration and Monitoring.
    • Alert times and messages.
  • Implementation of the alert system.
    • HMI design.
    • Alert display.
    • Existing solutions for alert management.
    • Success stories of alert systems.
  • Considerations for operation and maintenance of the alert system.

Modalities and schedules:

  • In person and/or virtual.
  • Duration: 16 total hours.

Who is it aimed at?

The course is aimed at the following groups of professionals:

  • Engineering personnel who perform specification, maintenance or updating of process alarm systems.
  • Industrial cybersecurity personnel who carry out specification, maintenance or updating of cybersecurity alert systems.
  • Process engineering, control and operation personnel of industrial process plants.
  • Corporate Cybersecurity and/or Industrial Information Security Personnel.

Deliverables:

  • Course Material.
  • Access to Educational Campus.
  • Complementary material in digital form is available on the educational campus.

Requirements:

It has no specific requirements. It is recommended that the professional have knowledge of some of the following: Industrial Process Alarm Management Standard, ISA/18.2, International Cybersecurity Standards by industrial consensus ISA/IEC-62443, Corporate Cybersecurity Standards or company security ISO-27000 information, Industrial risk management standards such as ISA/IEC-61511, functional safety, National regulations and/or standards such as NIST, NERC, and others; Experience in managing corporate projects and cultural change management, Other industrial risk management standards (worker safety, environmental safety, etc.).

Certificates:

A first certificate of knowledge is issued upon completion of the course

  • Certificate: “Practitioner in design, implementation, safe operation and maintenance of the security alert and incident response system”
  • CRE credits: 1.6
  • The certification exam is taken in class at the end of the course. Available in Spanish, Portuguese, and English.

A second experience certificate is issued after practical implementation in real projects.

  • Certificate: “Expert in design, implementation, safe operation and maintenance of the security alert and incident response system”
  • CRE Credits: cumulative, depending on the duration of the activities carried out by the practitioner.

Recognitions

All participants who meet the course requirements and successfully pass the final exam with a good grade will be awarded a Digital Badge. The Digital Badge certifies that the participant has attended the EN99 training course and has completed the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge.

Not Enrolled
This course is currently closed

Course Includes

  • 8 Lessons
  • 1 Quiz
  • Course Certificate

    Upcoming Events