About this Training Course

The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).

This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.

Target Audience

• Control systems engineers and managers
• System Integrators
• IT engineers and managers industrial facilities
• IT corporate/security professionals
• Plant Safety and Risk Management

Key Learning Objectives

You will be able to:
• Identify and document the scope of the IACS under assessment
• Specify, gather or generate the cybersecurity information required to perform the assessment
• Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
• Organize and facilitate a cybersecurity risk assessment for an IACS
• Identify and evaluate realistic threat scenarios
• Identify gaps in existing policies, procedures and standards
• Establish and document security zones and conduits
• Prepare documentation of assessment results

Enquiry Form